Much attention has been focused on the Gramm-Leach-Bililey Act (“GLBA”) and its perceived impact on California broker-agents in connection with maintaining the privacy of consumer financial information.  Numerous insurance organizations have been holding special seminars, distributing privacy kits, organizing workshops, and the like under the mistaken belief that all California broker-agents are under a duty to take additional steps to comply with the privacy requirements of the GLBA.

 Specifically, it has been suggested that the provisions of the GLBA require insurance producers (all independent agents and brokers) to (i) develop a privacy policy for handling customer non-public personal information and (ii) to make "mass mailings" of the privacy policy along with a document providing their customer the opportunity to deny the insurance producer the right to share the customer's non-public personal information with non-affiliated third parties on or before July 1, 2001.  The practical effect of this conclusion would have tens of thousands, if not hundreds of thousands, of privacy policy notices generated by insurance producers throughout the State of California, not to mention the thousands of filing cabinets necessary to house evidence that mass mailings were actually conducted.

 In view of the considerable time, effort and expense necessary to develop a privacy policy and the incumbent expense of communicating the information to their insurance customers, it is important to re-examine the provisions of the legislation in order to clarify upon which entity the burden of disclosure has been placed.  A review of the GLBA makes it clear that the continuing and affirmative duty to develop a policy for dissemination and protection of non-public personal information between affiliates and non-affiliated third parties has been placed upon the financial institution, which by statute includes insurance companies.  Nowhere in the GLBA is it contemplated that the individual broker-agent producing and interfacing with the insurance consumer is under any obligation to develop a privacy policy.

 It is true that the federal legislation has imposed upon the California Insurance Commissioner the duty to promulgate privacy consumer protection regulations no less stringent than those contemplated by the GLBA.  The Insurance Commissioner has established a formal GLBA working group charged with reconciling any differences between the language of the GLBA and California’s own Insurance Information and Privacy Protection Act.  The Insurance Commissioner's Working Group's focus is upon the duty of an insurer to develop a privacy policy for handling customer non- public personal information and the manner in which it must disclose that information to its customers through duly licensed insurance broker-agents.

 The independent broker-agent generally gathers information for the sole purpose and use of an insurer.  The independent broker-agent’s only duty is to secure a copy of the privacy policy and opt-out disclosure of the insurer for whom the broker-agent contemplates will be underwriting the risk.  The burden upon the insurer is to develop the privacy policy, create safeguards for the non-public personal information and take all necessary steps to prevent unauthorized access to non-affiliated third parties.

 Nearly a decade ago (October 1981), California enacted the Insurance Information and Privacy Protection Act (the “California Act”) ( CIC '' 791 - 791.27) which established standards for the collection, use and disclosure of information gathered in connection with insurance transactions by insurers, agents, and insurance-support organizations.  The California Act’s purpose was to maintain a balance between the need for information by those transacting insurance and the public’s need for fairness in insurance information practices, including the need to minimize intrusiveness, to establish a regulatory mechanism to enable people to ascertain what information was being collected about them in connection with insurance transactions, to have access to such information for the purpose of verifying or disputing the accuracy of such information, to limit the disclosure of information collected in connection with insurance transactions, and finally to enable insurance applicants and policyholders to obtain the reasons for any adverse underwriting decision.

 The California Act has achieved its intended purpose over the years, and the California Department of Insurance has determined that compliance by California broker-agents with the existing privacy requirements of California Act constitute compliance with the privacy requirements of the GLBA.  Further, the California Department of Insurance is presently working on insurance regulations (which will likely appear at Title 10, CCR, Section 2689) which will attempt to clarify any ambiguities between the existing California Act and the GLBA and clearly set forth California broker-agent requirements in regard to consumer privacy.  In the interim, California broker-agents should review and continue to comply with the California Insurance Information and Privacy Protection Act, and review any regulations subsequently issued by the California Department of Insurance, which clarify any ambiguities, which may exist between the California Act and the GLBA.

 In short, the California agent-broker’s primarily responsibility is to communicate with the insurer regarding the insurer’s privacy policy on non-public personal information gathered in connection with the insurance transaction and to pass the privacy policy information along to the ultimate consumer.