Restrict Insurers' Use Of External Consumer Data
The act prohibits an insurer from:
- Unfairly discriminating based on an individual's race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression in any insurance practice; or
- Pursuant to rules adopted by the commissioner of insurance (commissioner), using any external consumer data and information source, algorithm, or predictive model (external data source) with regard to any insurance practice that unfairly discriminates against an individual based on an individual's race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression.
After a stakeholder process, the commissioner shall adopt rules for specific types of insurance, by insurance practice, which rules establish means by which an insurer may demonstrate that it has tested whether its use of an external data source unfairly discriminates based on an individual's race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression. Any such rules shall not become effective until January 1, 2023, at the earliest, for any type of insurance. The rules must require each insurer to:
- Provide information to the commissioner concerning the external data sources used by the insurer in the development and implementation of algorithms and predictive models for a particular type of insurance and insurance practice;
- Provide an explanation of the manner in which the insurer uses external data sources for the particular type of insurance and insurance practice;
- Establish and maintain a risk management framework that is reasonably designed to determine, to the extent practicable, whether the insurer's use of external data sources unfairly discriminates against individuals based on their race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression;
- Provide an assessment of the results of the risk management framework and actions taken to minimize the risk of unfair discrimination, including ongoing monitoring; and
- Provide an attestation by the insurer's chief risk officer that the insurer has implemented the risk management framework appropriately on a continuous basis.
The rules adopted by the commissioner must include provisions establishing:
- A reasonable period of time for insurers to remedy any unfairly discriminatory impact in an external data source; and
- The ability of insurers to use external data sources that have been previously assessed by the division of insurance (division) and found not to be unfairly discriminatory.
Documents, materials, and other information in the possession or control of the division that are obtained by, created by, or disclosed to the commissioner or any other person pursuant to the new requirements are recognized as proprietary and containing trade secrets. The commissioner may use the documents, materials, or other information in furtherance of any regulatory or legal action and make the data publicly available in an aggregated or de-identified format.
The commissioner may examine and investigate an insurer's use of an external data source in any insurance practice.
In the department of regulatory agencies' annual "State Measurement for Accountable, Responsive, and Transparent (SMART) Government Act" report to the legislative committees of reference, the division shall include:
- Information concerning any rules adopted pertaining to this act;
- Information concerning any changes in insurance rates that have resulted from the prohibitions described in the act; and
- A summary of the stakeholder process, including a description of data sources insurers may use to comply with this act.
The requirements described in the act do not apply to:
- Title insurance;
- Bonds executed by qualified surety companies; or
- Insurers of exempt commercial policyholders.
(Note: This summary applies to this bill as enacted.)