Technology and Big Data Use Notice

State of Connecticut - Insurance Department
 

April 20, 2022

NOTICE TO ALL ENTITIES AND PERSONS LICENSED BY THE
CONNECTICUT INSURANCE DEPARTMENT
CONCERNING
THE USAGE OF BIG DATA AND AVOIDANCE OF DISCRIMINATORY PRACTICES

 

[NOTE: This Notice updates and amends the Department Notice issued on April 8, 2021, concerning the usage of big data and avoidance of discriminatory practices.]

PURPOSE: This Notice of the Connecticut Insurance Department (“Department”) is intended to remind all entities and persons licensed by the Department that the Department continues to expect such entities and persons to use technology and Big Data in full compliance with anti- discrimination laws and have completed the data certification, which shall be due on or before September 1, 2022, and annually thereafter. The data certification can be accessed here:

  • Download the Data Certification form
  • Fill, sign, and email it back to the Insurance Department using the “Submit” option provided on the form

The Department is supportive of the insurance industry’s use of technological advances and opportunities to provide innovative products and services to consumers and to operate more effectively and efficiently. In addition, the Department recognizes the potentially transformative and diverse nature of the utilization of Big Data. Big Data refers to a complex volume of data and the set of technologies that analyze and manage it. Big Data is aiding insurers’ underwriting, rating, marketing, claim settlement practices, fraud, and every other facet of the insurance process life cycle. With this notice, we wish to remind insurers of their continuing obligation to use technology and Big Data responsibly and transparently in full compliance with Federal and State anti-discrimination laws.

In doing so, the Department recognizes the transitory nature of three aspects of the usage of Big Data:

  1. Insurers continue to be responsible and accountable for ensuring that the utilization of Big Data either internally or with vendors, is in compliance with Federal and State anti- discrimination laws. The insurance industry’s use of Big Data may include, but not be limited to, data gathering, product design, marketing, distribution, management, rating, underwriting and claims activities regardless of whether parties are using their own algorithms, predictive models, and/or processes or have purchased or contracted for joint development of algorithms, models, or processes from third-party developers or vendors.
  2. The definition of the Big Data ecosystem is wide, varied, and rapidly evolving from a diversity of sources, such as consumer intelligence, social media, credit and alternative credit information, retail purchase history, geographic location tracking and telematics, mobile, satellite, behavioral monitoring, psychographic / biographic / demographic / firmographic data, sensors, wearable devices, RFID, etc.
  3. As part of its role in regulating the Connecticut insurance industry, the Department has the authority to require that insurance carriers and third-party data vendors, model developers, and bureaus provide the Department with access to data used to build models or algorithms included in all rate, form, and underwriting filings. (For reference, Appendix A provides examples of the types of questions that may be requested by the Department as part of an examination).

Having recognized the above, the Department would like to reiterate the potential for regulatory concerns with regards to the following general topics:

  1. Internal data deployment: Insurers should be sensitive to how Big Data utilized as a precursor to or as a part of algorithms, predictive models, and analytic processes, including but not limited to, the purposes outlined above in items #1 and #2.
  2. Internal data governance: How Big Data is governed throughout the precursor to its usage within the insurance industry, where such data resides and is used within the insurance industry, and how such data subsequently moves into industry archives, bureaus, data monetization mechanisms, or additional processes within or beyond the insurance ecosystem. The Department wishes to emphasize the importance of data accuracy, context, completeness, consistency, timeliness, relevancy, and other critical factors of responsible and secure data governance.
  3. Risk management and compliance: How Big Data algorithms, predictive models, and various processes are inventoried, risk assessed / ranked, risk managed, validated for technical quality, and governed throughout their life cycle to achieve the mandatory compliance mentioned above.

Any questions regarding this Notice may be directed to: cid.mc@ct.