Over the past few years, politicians have become increasingly involved in legislation to protect consumers and employees. As a result of the #MeToo movement, 7 states have enacted regulations requiring private companies to provide anti-harassment training to their employees, and this is in addition to stricter laws protecting individuals and employees. These regulations can apply to companies as small as 1 employee! Click here to see a list of states and their relevant anti-harassment laws.
Add to this, all the press around data breaches and most States have enacted a wide range of consumer protections. These include everything from how companies can use customer data to how they need to dispose of customer data. Click here to see a list of states and their relevant data security laws.
No data is safe.
There is a report of a recent SMS data leak affecting 10M+ TrueDialog clients and their customers. Have you implemented an SMS program to keep your Agents and policy holders informed of key activities? Do you use a TPA? If either of you used TrueDialog, your policy holder’s private information was exposed.
Do you have a process in place to stay abreast of new regulations?
How do you monitor if your insureds are following state mandates? Would you cover a claim if your insured wasn’t aware of the regulations or didn’t think they applied to them? Most EPLI policies would not cover a claim if the policy holder was not compliant with State or Federal requirements.
In New York, if a business didn’t train their employees and there was a complaint, the courts are expected to be less forgiving and provide for larger awards and penalties. Driving up litigation and loss exposure expenses, perhaps into the hundreds of thousands of dollars.
A new California Consumer Privacy Act comes into force January 2020. Companies will have to disclose to California customers what data of theirs has been collected, delete it and stop selling it if the customer requests. The fines could easily add up — $7,500 per violation if intentional, $2,500 for those lacking intent and $750 per affected user in civil damages. In addition, the law has specific requirements for IoT manufacturers.
What about your independent agents? Do you know if they comply with relevant state regulations? What if they violated any of the state regulations? How would you respond? How could this impact your reputation?
These are just a few questions that a carrier needs to think about in our ever-changing world. These changing regulations impact you, your suppliers, agents, and your policy holders.
Potential Steps you Could Take
Carriers should take the following steps to mitigate exposure for the carrier, agent, and insured:
- Determine what state laws apply to your organization and suppliers
- For instance, do you have any employees working in New York or New York City?
- Do you have any policy holders or suppliers in California?
- Review your policies, arbitration agreements, and NDA’s
- Update your existing harassment and data policies to meet the requirements of the relevant state and local laws.
- Review your current arbitration agreements and NDA’s with employees.
- Evaluate if you need to require your independent agents to be in compliance with relevant state and local laws.
- Decide on your role
- Do you want to take a proactive role with your agents and policy holders?
- If you do, how and what do you want to do?
- Should you consider amending the commercial policy holder application to ask questions about adherence to state laws?
Please reach out if you have any further questions about these laws and their potential impact on you, your suppliers, agents, and policy holders.
What do you think? Should a carrier be proactive with their agents and insureds?
Insurtech Advisors is dedicated to helping regional insurance carriers plan for the future today. We help you identify and partner with Insurtechs. This enables you to thrive and continue to meet the needs of your members, employees, and independent agents.