June 18, 2019

June 18, 2019

Subscribe to Latest Legal News and Analysis

June 17, 2019

Subscribe to Latest Legal News and Analysis

New York Department of Financial Services Releases Letter Regarding Third Party Data Sources

In a recent letter, the New York Department of Financial Services provided guidance for insurers who use third-party data to help with their underwriting decisions. The letter was drafted in response to reports that insurers are getting information about potential insureds from many “unconventional” data sources, including those that contain predictive models and algorithms. These sources are used to supplement medical underwriting, and include information that isn’t necessarily related to a person’s medical condition, but might impact an insurer’s decision. While these sources could improve the market, according to NYDFS (e.g., by simplifying and expediting life insurance sales and making pricing more accurate) the sources themselves are not uniformly reliable. NYDFS had two specific concerns about these sources: first, that the algorithms they use may have a negative impact on consumers; and second, that these sources are often used without the consumers’ knowledge.

To address the first issue, NYDFS listed two core principles for insurers to follow. First, that these resources should be used only if the insurer has “determined that the external tools or data sources do not collect or utilize prohibited content.” Importantly, NYDFS emphasized that the burden of proof remains with the insurer, relying on the third party’s promises was not enough. Second, insurers should use the tool only after making sure that the underwriting conclusions are not discriminatory in violation of the relevant provisions of the insurance law.  To address the second issue of transparency, NYDFS reminded insurers in its letter that current insurance law requires telling consumers why they have been declined. In particular, the “specific reason or reasons for a declination, limitation, rate differential, or other adverse underwriting decision.”

Putting it Into Practice: This letter is a reminder that regulators are paying attention to “big data,” and how companies are getting information about individuals from a wide variety of sources. The recommendations to the insurance industry can be helpful for others, in particular checking the reliability of the resources and being transparent about the use of such sources.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...