Assurant Employee Benefits

Site Map | Contact Us

Gramm Leach-Bliley (GLB) Privacy
Questions and Answers

 

What are the GLB privacy laws?

Gramm-Leach Bliley (GLB) is a federal privacy law that was enacted in November 1999. It addresses a financial institution's responsibilities with regard to its handling of a customer's financial information. In response to GLB, the National Association of Insurance Commissioners (NAIC) developed a model regulation entitled the Privacy of Consumer Financial and Health Information Regulation (NAIC Model Regulation) that is very similar to GLB and applies to all licensees. A licensee is any entity that is licensed by a state department of insurance.

Top of page

Who is required to comply with the GLB privacy laws?

GLB applies to all financial institutions, including insurance companies, insurance agents and insurance brokers. The NAIC Model Regulation applies to all "licensees" which includes all licensed insurers, producers, TPAs, HMOs and other persons licensed or required to be registered pursuant to the state insurance laws.

Top of page

What does the GLB law privacy require of Assurant Employee Benefits?

We must develop a privacy policy and provide our consumers and customers with a privacy notice by July 1, 2001, and annually thereafter, that explains our privacy policy. This notice needs to describe the types of nonpublic personal information we collect, the types of nonpublic personal information we disclose, the affiliated and nonaffiliated third parties we disclose to, and the types of security measures we employ to keep the information entrusted to us confidential. 

Top of page

Who is protected by the GLB privacy laws?

The privacy laws protect the dissemination of a customer's or consumer's nonpublic personal information. A "consumer" is someone who inquires about or applies for an insurance product or service that is intended for personal, family or household use, including group insurance. A "customer" is someone who enters into a continuing relationship with a licensee for an insurance product or service.

Top of page

What type of information is protected by the GLB privacy laws?

The privacy laws protect nonpublic personal information. Under GLB both financial and health information are treated similarly. The NAIC Model regulation addresses financial and health information differently. Health information is considered to be all information we have about a customer's or consumer's physical, mental or behavioral health. Financial information is all other information supplied to us or collected by us concerning the customer or consumer. "Nonpublic" means that the information is not known to the general public. For example, while a name may be considered public because you can get it from a phone book, if the name is part of a list of our insureds, it is then considered nonpublic information because it then associates the customer with us, a fact which is not public. Information about a commercial entity is not covered by the GLB.

Top of page

How is health information treated differently then financial information?

The NAIC Model Regulation requires that we offer our customers an opportunity to "opt out" of having their financial information disclosed to nonaffiliated third parties in certain circumstances. When they "opt out" they are communicating to us that they do not want their information shared for certain purposes. If we offered our customer that option, we would be required to include this information in the notice and provide a simple way for the customer to exercise this option. If the customer elects not to exercise this option, then it is presumed that we can disclose the information consistent with our notice.

Health information, on the other hand, requires an "opt in," more commonly referred to as an authorization. We are unable to share health information with certain entities, unless we obtain the customer's permission through a signed authorization.

Top of page

Is Assurant Employee Benefits offering an opt out and if not, why not?

Under the new privacy laws, there are numerous exceptions that allow us to disclose a customer's financial information to nonaffiliated third parties without offering an opt out. For example, we are allowed to disclose personal information to those entities that assist in the claims administration process, to effect transactions authorized by the customer, to protect against fraud, for risk control purposes and to resolve customer disputes. We are also allowed to disclose information without offering an opt out if the disclosure is to our accountants, attorneys, auditors and/or regulators. Because we have concluded that all our sharing of personal information is covered by one of the exceptions, we will not be offering an opt out to our customers.

Top of page

Are there restrictions on disclosing a group policyholder's information?

No. The new privacy laws only apply to an individual's information, not to information about commercial customers, such as employers and other group policyholders. However, we have always been and will continue to be very diligent in protecting our policyholders' information, recognizing these are our valued customers.

Top of page

 

Hasn't Assurant Employee Benefits always protected a customer's information?

Yes. We have always had practices and procedures in place to protect our customer's information. Now we are simply communicating this to our customers. We consider our customers to include policyholders, applicants, insureds, claimants, beneficiaries and anyone else who receives a service or product from us. Regardless of what the current privacy laws require, we have always been and will continue to be diligent in our efforts to protect all information entrusted to us, from whatever source.

Top of page

Who will receive the initial notice and when?

Under the NAIC Model Regulation, because we are a group insurer, we are only required to send one notice to each policyholder, rather than to each insured under the policy, if we do not disclose the covered individuals' information beyond what the law allows. Therefore, we intend to send an initial privacy notice to each Assurant Employee Benefits group disability, life and dental policyholder. Where a third-party administers the policy, we will be sending the initial notice to the third-party administrator, for delivery to the policyholder. All of our disability claimants receiving benefits will also receive an initial notice by mail. The initial notice mailing was complete by July 1, 2001.

Top of page

Will new customers receive a privacy notice?

All new Assurant Employee Benefits consumers will receive a short-form privacy notice as part of the proposal. Once a customer becomes a policyholder, they will receive a long-form notice along with their risk letter. All other new customers will receive a privacy notice as soon as the customer relationship is established.

Top of page

How often will a customer receive a notice?

Under the law we are required to send a notice once a year.

Top of page

Are lapsed policyholders and former claimants entitled to receive a notice?

Under the regulation a former policyholder is not entitled to receive a notice. Therefore, if the policy has completely lapsed, that group will likely not receive a notice. However, if the lapsed status is still questionable, the policyholder will likely receive a notice until its status can be confirmed. Former claimants may receive a notice for up to a year after their claim is closed. Rest assured that regardless of whether a policyholder or claimant is current or former, we treat both customers' information in the same manner and with the same level of protection and confidentiality.

Top of page

What if Assurant Employee Benefits does not have a correct or current mailing address?

We don't have to provide a notice to a customer for whom we no longer have the correct mailing address and have been unable to find the address after a reasonable search.

Top of page

Can a privacy notice be delivered electronically?

Yes, if the customer has agreed to conduct business with us electronically.

Top of page

Does the privacy notice apply to all Assurant Employee Benefits products and services?

We have created a joint privacy notice that applies to all of Assurant Employee Benefits' insured products. We are not required to provide notices for our Claims Service Only (CSO) business because that is not an insurance product. Nonetheless, when conducting our business we do not differentiate between fully insured and self-insured. All customer information is treated with the same level of care in an attempt to keep it safe and secure.

Top of page

Am I, as a broker or other producer, required to comply with GLB privacy laws?

If you are in a business that engages in the distribution of insurance or you are required to be licensed or registered by a state department of insurance, you likely are required to send out a notice separate from ours. However, because each situation is different, it is our suggestion that you seek legal advice concerning this issue. Our sales representatives are not required to send out a separate notice because they work strictly for us and are therefore considered covered under our notice.

Top of page

How will these new privacy laws affect the way we do business with Assurant Employee Benefits?

Because we have always operated in an environment that seeks to carefully protect and keep our customers' information secure, nothing will change. We will continue to provide the same superior service and products you have come to expect from us. As mentioned earlier, the privacy laws allow us to continue sharing information, both financial and health, with you if the sharing is done for certain allowable purposes and you do not share the information for any other purpose than for the purpose it was provided to you. The allowable purposes include claims administration, underwriting, reinsurance, auditing and replacement of group insurance. Also important, we are allowed to share information for marketing purposes if there is valid contractual arrangement between the parties. In order to accomplish this, you will be receiving, within the next year, further communication from us requesting your commitment to our privacy compliance policy as a valued business partner. Because we know you have always treated your clients' information with the utmost care, we are confident that your practices and internal procedures can work in conjunction with ours to provide our customers the security they need and deserve.

Top of page

What is in store for the future?

The opinion in the industry is that this first round of privacy laws is just the "tip of the iceberg". The United States' privacy laws are not nearly as strict as what is being enacted in Europe and Canada. We anticipate that there will be further restrictions on privacy, if for no other reason than the increased use of electronic communications. The Department of Health and Human Services is currently reviewing the recently proposed HIPAA privacy regulations and these regulations will ultimately impact our use of health information. HIPAA is also being amended to include security standards that will likely affect our business. In anticipation of these upcoming developments, we recently appointed a Privacy Officer, who is responsible for tracking the current laws and regulations, making sure we are in compliance with the law, and communicating to all as changes occur.

Top of page