Insurance

(also posted in Mobile Tracking)

As a followup to last month’s newsletter.

More states are considering legislation about black boxes. In an AP article, James Warden cites an official with the National Conference of State Legislatures, who says that North Dakota, Connecticut, Massachusetts, Montana, New Jersey, New York, Virginia and West Virginia may join California with black box laws on the books.

Warden also notes that State Farm insurance requires its customers to assist in crash investigations. If you are a State Farm customer, this means that you have already given up your right to withhold black box data from them in the event of a crash. Forewarned is forearmed.

This has happened a couple of times now, so it seems worth mentioning. As we’ve been hearing about data breaches in the past two months, we’ve been focused on computer weaknesses: hacking, social engineering for database access or plain old theft of laptops.

Well, there’s another technology being implicated in poor data control: the fax machine.

A hospital in New Zealand accidentally sent confidential medical files to a brewery instead of the patient’s doctor. Seems that someone dialed most of the number correctly but got the area code/prefix wrong. The brewery says the same mistake has been made on several other occasions. Hospital authorities are very sorry.

In a similar vein, the Canadian Imperial Bank of Commerce is fighting a $9 million lawsuit filed last month for mistakenly faxing sensitive financial data on its customers to a West Virginia scrap yard over the past three years. The bank is sorry, too.

In a review of 72 insurance websites, the Consumer Respect Group found that more than half shared personal data with third parties and affiliates without customer permission. While technically, this isn't illegal given the terms of the GLB (which only requires that you be allowed to opt out), the Customer Respect Group suggests that it doesn't suggest respect for customers.

What's more, it appears that information sharing is growing. In their Winter 2004 survey, 35% of the carriers reviewed by the Group shared information without an explicit opt-in. In Summer 2004, the number had grown to 52%. 5 of the 72 offered no online privacy policy at all.

Let's be very clear: companies aren't doing anything illegal here. But unless you ask them not to, most insurance websites will take the info you give them and pass it along to someone who is going to try to sell you something.

In case you're wondering if there were any bright spots in the survey: yes. Progressive Insurance, which is pioneering ways to track you more closely to offer your more appropriate rates (see the earlier post on this), is also paying the most attention to privacy concerns on its website.

So goes the slogan from Progressive's new auto insurance program called TripSense(SM).

Here's how the program, currently in pilot test in Minnesota, works: drivers are asked to plug a small device into their car that records when they drive, how far and how fast. At the end of six months, they can upload the data that's been collected to Progressive and see if they qualify for a usage discount on their next premium. Likely discounts range from 5 - 25%. If drivers don't want to, they don't have to upload anything.

The company has been trying for years to figure out a way to predict risk (and therefore calculate rates) better. From 1998 to 2001, Progressive tried to make a GPS based monitoring system work, but as cell networks meeting E-911 requirements are learning now, implementing a solution with comprehensive coverage isn't easy.

There is a lot of potential good news in what Progressive has going this time. First, the where, when and how fast data is logistical information directly relevant to risk. Unlike zip code profiling (adjusting your rates based on the number of claims from other drivers in your area - and potentially unfair to low risk drivers in high risk neighborhoods), this data takes individual driving needs into account. Second, drivers can see all the data that is collected AND control whether or not the company sees it. If a driver doesn't want the monitoring or doesn't think the results do him any good, he doesn't have to submit data. Of course, if a driver really doesn't want monitoring, he can go to another carrier. Progressive realizes that and sensitivity to the feeling of intrusion has been obviously taken into account.

One note of caution in this otherwise rosy consumer-infotech tale:
according to their press release, "TripSensor also collects information about rapid acceleration and braking that is not currently used to calculate the discount." In other words, Progressive wants to know if there is a correlation between how often you hit the gas or brake and the likelihood you'll be in an accident. Profiling driving behavior like this may get a bit dicey and, as with all information collection that offers a benefit, we would do well to watch to make sure that the fine risk/reward balance struck by Progressive today stays in place tomorrow.

The FTC has made it official. Effective December 1, 2004, nationwide specialty consumer reporting agencies – agencies that maintain specific files on consumers about employment history, tenant history, medical records, and insurance claims – must have a toll-free telephone number that you can call to request a free copy of anything they report on you. You are entitled to a free report once every 12 months.

This includes the C.L.U.E., ISO and MIB reports.

(shameless plug: if you don't know what the alphabet soup is referring to, check out my book)