Big Data for Insurers: Clarity about the New Connecticut Requirements

The Connecticut Insurance Department issued a revised Notice to All Entities and Persons Licensed by the Connecticut Insurance Department concerning the Usage of Big Data and Avoidance of Discriminatory Practices (available here).  The Notice, issued April 20, 2022, reminds “all entities and persons licensed by the Department that the Department continues to expect such entities and persons to use technology and Big Data in full compliance with anti-discrimination laws and have completed the [annual] data certification….”

Since the Notice was issued, many Department licensees have questioned the applicability of the annual certification requirement under the Notice, given its title and text emphasizing that it applies to “all entities and persons licensed by the Department.”  The Department has confirmed, however, that the Notice applies to all Connecticut licensed persons and entities, but the annual certification requirement applies only to Connecticut domestic insurance companies.  Therefore, while all Connecticut insurance licensees are required to comply with the Notice, only insurance companies domiciled in Connecticut must file the certification.

In reminding insurers of their “obligation to use technology and Big Data responsibly and transparently in full compliance with Federal and State anti-discrimination laws, the Notice includes the Department’s recognition of “the transitory nature of three aspects of the usage of Big Data:”

Insurer responsibility and accountability for ensuring that utilization of Big Data, internally or with vendors, complies with Federal and State anti-discrimination laws. The Notice includes a non-exclusive list of the insurance industry’s uses of Big Data.
The widely varied and rapidly evolving Big Data ecosystem, from a variety of sources including consumer intelligence, social media, credit and alternative credit information, retail purchase history, geographic location tracking and telematics, mobile, satellite, behavioral monitoring, wearables and others.
The Department’s authority to require insurance carriers, third-party data vendors, model developers, and bureaus to provide the Department with access to data used to build models or algorithms used in all rate, form, and underwriting filings. Appendix A to the Notice provides examples of the types of questions concerning Big Data that may be expected in an examination.

In view of these three aspects of Big Data usage, the Notice reiterates the following general topics for regulatory concerns:  (i) use of Big Data in connection with algorithms, predictive models and analytic processes; (ii) internal governance of Big Data; and (iii) risk management and compliance throughout the life cycle.

All Connecticut insurance licensees must attend to their collection and use of Big Data in the context of regulatory compliance requirements, and Connecticut domestic insurers will need to certify annually as to the insurer’s

Receipt of the provisions of the Notice;
Establishment of a process concerning the use of data received from third-party developers or vendors substantially consistent with the guidance of the Notice; and
Acknowledgement that upon the Department’s request it will make available any and all data used to build models or algorithms included in all rate, form and underwriting filings.

***

* With appreciation for the contributions of our summer associate Brianna L. McKenzie of The University of Connecticut School of Law Class of 2023.