Westmont Wire

On August 2, 2019, New Hampshire passed Senate Bill 194 implementing insurance data security requirements by adding RSA 420-P:1 et seq. to the New Hampshire Code. The bill requires licensees to implement procedures to meet certain standards of data security, investigate a cybersecurity event, and notify the Commissioner.

Under SB 194, each licensee shall perform a risk assessment to identify foreseeable threats that could lead to a cybersecurity event. Following that assessment, licensees must create an information security program, tailoring it to its risk assessment while also considering its size and complexity, nature and scope of its activities (including the use of third-party services), and the sensitivity of the nonpublic information in the licensee’s possession. If a company is in compliance with the NYDFS Cybersecurity Regulations, NH will deem that company compliant with its requirements.

New Hampshire’s data privacy initiative comes on the heels of Connecticut and Delaware passing similar legislation on July 26 and July 30, respectively. Delaware’s compliance deadline comes first on July 31, 2020, followed by Connecticut on October 1, 2020. Lastly, New Hampshire’s compliance deadline is on January 1, 2021. Both NH and DE have adopted variants of the NAIC Model law whereas CT has chosen to follow the NYDFS Cybersecurity Regulations. What this means for those insurers writing across state lines is that they will need to ensure that their cybersecurity plans comply with each states separate requirements.

For any questions about NH Senate Bill 194, or any other states data security requirements, please contact Westmont Associates, Inc.

On August 16, the California Supreme Court denied an appeal by Mercury and thus upheld a $27.5 million fine issued by the Department of Insurance against Mercury Insurance Company.  The California Court of Appeals previously denied the appeal on May 8, as reported in a May 10 Westmont Wire.

The Department of Insurance found Mercury to be in violation of Proposition 103 due to its charging unapproved agents fees of $50 to $150 in addition to Mercury’s approved rates to over 180,000 automobile insurance customers. Mercury collected these charges from September 1999 to August 2004 and attempted to justify them by incorrectly claiming that their agents were actually brokers. The Department found that merely labeling these agents as brokers did not change their status under Prop 103. They concluded that the scheme violated consumer interests by incentivizing agents to place business through Mercury instead of competitors.

For any questions about the California Insurance Department’s decision, or for inquiries regarding compliant agency and broker strategies, licensing and contracting please contact Westmont Associates.