Is your insurance company spying on you?

In a plugged-in, digitized, 24/7 world, it’s tough to keep your personal information private. So, in this hyper-digital age, just how much does your insurance company really know about you?
“A lot more than most consumers realize,” says Amy Bach, executive director of United Policyholders, a consumer advocacy group that focuses on insurance issues.
Bach and other privacy experts worry that such data can be used improperly or may fall into the wrong hands. Should you be concerned?
Privacy safeguards
Angela Gleason, associate counsel for the American Insurance Association, a trade group, says it’s difficult to generalize which personal details are collected by insurance companies.
“For starters, it’s important to understand that not all insurance companies are alike,” she says. “Each company differs in what they require.”
Typically, Gleason says, insurers ask for the following information:
Date of birth.
Social Security number.
Driver’s license number for auto insurance).
Vehicle identification number for auto insurance).
Gleason says insurance companies work diligently to keep your personal information safe. Doing so is simply smart business, she says.
“Insurance companies take customer privacy very seriously and will go to great lengths to protect private information,” Gleason says.
Various federal and state laws also protect your right to privacy, she says.
For example, the 1999 federal Gramm-Leach-Bliley Act requires insurers and other companies to send annual privacy notices to you. These documents disclose the nature of the information collected about you, where it’s shared, how it’s used and how it’s protected.
The law also states that companies must give you the chance to opt out of having such information shared.
In response to such regulations, the National Association of Insurance Commissioners has developed something known as the Insurance Information and Privacy Protection Model Act. This sets standards for insurers to follow in collecting, using and disclosing information gathered during transactions.
Privacy concerns
Such measures do not alleviate Bach’s concerns about the vulnerability of your private information. She estimates about three-fourths of insurers use CLUE Comprehensive Loss Underwriting Exchange) reports when evaluating you as a potential customer. These reports contain your seven-year auto insurance claims history.
Most states also allow insurers to review and use your credit history, Bach says. California and Massachusetts ban the use of credit information to set rates for any type of insurance. Hawaii prohibits the use of credit information for establishing auto insurance rates, while Maryland outlaws it for setting home insurance rates.
All of this information is combined with other data – such as the number of miles you drive each year, the location where you do most of your driving and the type of car you drive – to create a risk profile.
“They use the risk profile to decide whether they want the applicant as a customer and how much they will charge them,” Bach says.
United Policyholders especially dislikes the fact that insurers can use your credit report when evaluating you, she says. Insurers defend it as an effective way to help predict someone’s likelihood of filing claims.
Furthermore, Bach says, credit and CLUE reports can’t always be trusted, as errors frequently pop up and can’t easily be fixed.
Consumers can order a free annual copy of their CLUE and credit reports. Gleason says federal and state laws let consumers dispute incorrect information found in these reports.
Gleason says the American Insurance Association encourages consumers to be informed and “pull their credit and CLUE reports to verify that information is correct should they have concerns,” she says.
But Bach says it takes “savvy, tenacity and time” to challenge and correct errors in these reports.
Little black boxes
Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, a nonprofit consumer education and advocacy group, shares Bach’s concerns about how private information is used by insurers. For example, he worries about the use of “pay as you drive” devices that people plug into their cars in hopes of scoring discounts on their auto insurance.
Such devices collect information about where you drive, how often and how hard you brake and other details about how you drive. Insurers that use these devices promise discounts if your driving behavior turns out to be safe.
But Stephens believes such devices pose the potential for “tremendous privacy violations.” He says he’d be reluctant to sign up for such a program.
“I would want to be quite certain of the nature of the info being collected by that black box,” he says.
He also envisions other risks.
“I’d say probably the riskiest one is your Social Security number, which they are probably going to have if they are doing a credit check,” he says.
If such information is compromised, “that’s the doorway to identity theft,” he says.
Privacy information can also be used in other ways. Stephens cites two possible examples of “black box” information being used.
Some auto insurance companies that offer mileage-based discount programs use GPS technology to keep track of where a customer drives. Stephens imagines someone suing for divorce and trying to tap this information to find out where his or her spouse has been hanging out.
“There’s really nothing to stop the attorney that’s suing for divorce to subpoena those records,” he says.
Or, imagine a situation where a black box calculates that someone has driven exactly seven miles to and from home.
“If you are in a rural area, there may only be one of two places that are that distance – a bar or maybe an abortion clinic,” Stephens says.
For the record, car insurance companies that install black boxes as part of mileage-based insurance programs generally have rules that protect a driver’s privacy. They also promise not to use black box info to penalize drivers or raise their rates.
Missy Dundov, a spokeswoman for State Farm, says her company’s Drive Safe & Save program does not use the information to punish drivers and does not sell it to third-party outfits.
She also reminds people that the program is voluntary.
“If customers) feel tracking their driving habits to receive the discount is a violation of their privacy, they do not need to sign up,” she says.
Where’s the worry?
However, Stephens believes most drivers don’t worry about the potential for privacy violations.
“From a consumer standpoint, we don’t seem to see a lot of interest in financial privacy concerns with respect to insurance companies,” he says.
Aside from health insurance companies, must insurers don’t deal in privacy information that is highly sensitive, Stephens says. The information that car insurance companies collect – such as the kind of car you have and the number of miles you drive – tends to be pretty vanilla. As a result, consumers are less likely to fret about such data collection, he says.
If you think your insurance privacy has been violated, the National Association of Insurance Commissioners urges you to contact your state insurance department.