May 02, 2022

Big Data and AI: Connecticut Insurance Department's New Annual Compliance Certification

You've Reached Your
Free Article Limit This Month
Subscribe now to get unlimited access to all OnPractice content. Your subscription is free.
Subscribe Now

 The Connecticut Insurance Department (CID) updated and amended its April 2021 Notice with a new Notice dated April 20, 2022 (Notice), reminding insurers and other licensees of compliance obligations when using "Big Data." The new Notice adds a requirement for licensees using Big Data to complete an annual "Data Certification."

For the past several years, federal and state agencies have been investigating the use of data and artificial intelligence by financial services companies in a manner that may discriminate against certain consumers. The Notice is the most recent example of state insurance and other regulators taking an increasingly greater interest in how companies are using data sources for secondary purposes. As in other examples, the Notice focuses mainly on the application of existing laws and more regulation around such data (without discussing how the CID might facilitate compliant usage, for example, by expediting the review of new products or rates that comply with state law).

It is also important to remember that state insurance regulators are only one set of regulatory agencies that can regulate the use of data to profile and underwrite customers, and that other limitations and requirements could apply to insurers, data brokers and other stakeholders.



The Data Certification, which is vague in certain respects, essentially requires the licensee to affirm its use of Big Data complies with the Notice. The Notice reminds licensees (insurers in particular) that the CID "continues to expect such entities … to use technology and Big Data in full compliance with anti-discrimination laws and have completed the data certification, which shall be due on or before September 1, 2022, and annually thereafter." The Notice states these requirements apply to the use of "Big Data either internally or with vendors."

The Notice initially includes the CID's recognition of the importance of industry innovation, stating the CID "is supportive of the insurance industry's use of technological advances and opportunities to provide innovative products and services to consumers and to operate more effectively and efficiently." "Big Data refers to a complex volume of data and the set of technologies that analyze and manage it," and may include "algorithms, predictive models, and/or processes" the licensee develops on its own or purchases or jointly develops with third-party developers or vendors, as well as wide and varied sources of information including "consumer intelligence, social media, credit …, retail purchase history, geographic location tracking and telematics, mobile, satellite, behavioral monitoring, … sensors, wearable devices, RFID, etc." The CID "recognizes the potentially transformative and diverse nature of the utilization of Big Data" and that "Big Data is aiding insurers' underwriting, rating, marketing, claim settlement practices, [and] fraud [prevention], and every other facet of the insurance process life cycle."

More specifically, licensees must use Big Data "responsibly and transparently" and in "full compliance with Federal and State anti-discrimination laws." The CID also states it "has the authority to require that insurance carriers and third-party data vendors, model developers, and bureaus provide the [CID] with access to data used to build models or algorithms included in all rates, forms, and underwriting filings." Appendix A to the Notice provides examples of the types of information the CID may request during an examination specific to the usage of data brokers. The examples are categorized as: (i) information about the organization/data broker; (ii) the sources and nature of the data; (iii) data privacy and security; (iv) data curation—i.e., validation methods and standards—; and (v) data documentation and related processes including corrective action to prevent errors. The CID has been among the more active states in conducting such examinations over the past couple of years as insurers have expanded use of Big Data. Finally, the Notice reiterates the potential for regulatory concerns in internal data deployment, internal data governance, and risk management and compliance.


Colorado enacted legislation in 2021 that prohibits unfair discrimination in the use of external consumer data and information sources, including in algorithms/predictive models. The New York Department of Financial Services (NYDFS) issued Insurance Circular Letter No. 1 in 2019 addressing Big Data in underwriting life insurance. On March 2, 2022, the NYDFS sent written requests to insurers writing private passenger automobile, commercial automobile and homeowners' insurance in New York about their use of personal credit scores in underwriting and rating. These state activities complement ongoing discussions regarding the use of Big Data and related issues at the National Association of Insurance Commissioners (NAIC).

The NAIC has been active in Big Data as well, charging its Big Data and Artificial Intelligence Working Group with researching and monitoring the use of Big Data and artificial intelligence (including machine learning). The NAIC's model privacy and data security laws also apply to Big Data, both of which have been adopted in Connecticut.

Insurance-specific laws and guidance are supplemented by other federal and state laws and guidance. In the past year, Colorado, Utah and Virginia have joined California in enacting comprehensive consumer privacy laws, and dozens of state legislatures (including Connecticut's) have drafted bills modeled after these laws. In April 2022, Connecticut's state Senate unanimously voted to approve the "Act Concerning Personal Data Privacy and Online Monitoring," which focuses on ensuring individual data subjects are given notice of how a business will be using their personal data. While these state consumer privacy laws typically have broad exemptions that apply to the financial services industry (namely, institutions and data that are subject to the Gramm-Leach-Bliley Act), insurance companies and other industry stakeholders should still be aware of how these laws might impact the personal data they collect.


There remains a relative vacuum in terms of legal standards governing the use of Big Data. However, the above activity illustrates the evolving views of state insurance and other regulators, as well as legislatures, and provides examples of how states may seek to regulate innovation efforts in the insurance industry, including outside of the formal legislative and rulemaking processes. Insurers, data vendors, investors and other stakeholders looking to leverage Big Data should be mindful of these and other regulatory developments.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From McDermott Will & Emery

New York City's Wage Transparency Law to Take Effect November 1, 2022

By Christina S. Dumitrescu McDermott Will & Emery May 06 , 2022

On January 15, 2022, the New York City Council enacted Local Law 32 of 2022 (Wage Transparency Law or Law) to amend the New York City Human Rights Law (NYCHRL) to require that most employers include compensation data in their job advertisements. The Law was supposed to take effect on May 15, 2022, however, it faced criticism over a number of ambiguities, including undefined penalties. In response, on April 28, 2022, the New York City Council passed an amendment to the Wage Transparency Law. Among the biggest changes is that employers now have until November 1, 2022—more than six months—to ensure compliance with the Law’s requirements. If Mayor Eric Adams signs the Law, which he is expected to do, New York City will become the second jurisdiction in the country (the first being Colorado) to require employers to include minimum and maximum potential salary amounts for open positions in job postings.

NAIC Continues to Refine Multiyear Work Plan to Expand Scrutiny of Holding Company Act Filings

By Andrea T. Best McDermott Will & Emery May 05 , 2022

In our report published on April 26, 2022, we discussed the New York Department of Financial Services’ (NYDFS) Circular Letter No. 5 in which it reminded the industry that acquiring less than 10% of an insurer’s voting securities does not necessarily mean that the acquirer (1) is not a “controller” and (2) does not have to submit a Form A application to the insurer’s home state or domestic regulator seeking approval for the change of control. This topic is one of several related matters that various committees, task forces and working groups of the National Association of Insurance Commissioners (NAIC) are studying and will continue to study over a multiyear period (the Project).

European Union, United Kingdom Propose New Sanctions Against Russia, Including Ban on Certain Services

By Raminta Dereskeviciute McDermott Will & Emery May 04 , 2022

As Russia continues to escalate its military operations in Ukraine, the European Union (EU) and the United Kingdom (UK) unveiled details of new sanctions against Russia. This alert summarises the proposed restrictions.

More From Insurance

U.S. Treasury Releases 2022 Strategy for Combatting Terrorist and Other Illicit Financing

By Nikki A. Hatza Ballard Spahr May 18 , 2022

On May 13, 2022, the U.S. Treasury (“Treasury”) released its 2022 Strategy for Combatting Terrorist and Other Illicit Financing (“2022 Strategy”). The proposed 2022 Strategy, prepared pursuant to Sections 261 and 262 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), outlines four goals to address the key risks identified by the 2022 National Money Laundering, Terrorist Financing, and Proliferation Financing Risk Assessments:

Modernization of Manufacturers: Safety and Cybersecurity Issues

By Jason C. Gavejian Jackson Lewis P.C. May 11 , 2022

Like many other industries, manufacturing has been hit hard with labor shortages. As of April 2022, U.S. factory activity reportedly is at its slowest pace in more than 18 months. Consequently, many factories seek more agility from artificial intelligence and other automated processes to better manage disruptions and uncertainty. With these modernizations comes the threat of potential safety and health hazards and cyber threats.

The Friday Five: Five Current ERISA Litigation Highlights - May 2022

By Amy S. Kline Saul Ewing Arnstein & Lehr May 06 , 2022

This month’s Friday Five covers cases relating to a claimant’s second chance when a lawyer misses a court deadline, whether certain voluntary benefits fall within a broader ERISA plan, a court deciding that an insurer was “probably not wrong,” judicial reconsideration to mold the time period for benefits awarded, and an insurer’s duty to consider particular hazards of a claimant’s occupation.

Featured Stories