e-insurance: overcoming recent challenges and avoiding

#ACInsurance

ACI’s 8th National Forum on Insurance Regulation

E-Insurance: Overcoming Recent Challenges and Avoiding Common Pitfalls in Electronic Signature and

Delivery of Insurance Documentation

February 27-28, 2014

Tweeting about this conference?

February 28, 2014

Brian T. Casey, [email protected]

Jane L. Cline, [email protected]

Laurie LaPalme, [email protected]

Andrew Smith, [email protected]

#ACInsurance

Agenda

• ESIGN/UETA

• ESIGN consumer consent provisions

• State law preemption

• E-Commerce law in Canada

• Repudiation, authentication, audit tracking, tampering

• Legislation and new trends in electronic contracting

• Including the use of social media to sell and service insurance policies

• Anti spam regulation in Canada

• Best practices for electronic contracting

#ACInsurance

Electronic Signatures • ESIGN and UETA

• “a signature … relating to [a transaction in or affecting interstate commerce] may not be denied legal effect, validity, or enforceability solely because it is in electronic form.”

• Goals: promote electronic commerce by ensuring national uniformity and legal certainty for electronic signatures and records

• Electronic signature

• “electronic signature” = “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”

• “record” = “information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.”

#ACInsurance

Electronic Delivery of Consumer Disclosures

• ESIGN § 101(c):

• If a statute “requires that information relating to a transaction . . . be provided or made available to a consumer in writing,” the information can be provided to the consumer by means of an electronic record, but only if:

• the consumer specifically consents, “in a manner that reasonably demonstrates that the consumer can access information,” to receive the information in electronic format, and

• the consumer is notified of subsequent changes to the “hardware or software requirements needed to access or retain [the] electronic records.”

• May not provide verbal disclosures of information required to be given in writing

#ACInsurance

• UETA § 8(a)

• NCCUSL model law, adopted in 47 states

• “If parties have agreed to conduct a transaction by electronic means and a law requires a person to provide, send, or deliver information in writing to another person, the requirement is satisfied if the information is provided, sent, or delivered, as the case may be, in an electronic record capable of retention by the recipient at the time of receipt.”

• Some states may have incorporated the consumer consent provisions of section 101(c) of E-SIGN into their enacted versions of UETA. See, e.g., N.C. Gen. Stat. § 66-327.

Electronic Delivery of Consumer Disclosures

#ACInsurance

ESIGN Applies to Insurance

McCarran Ferguson Act, 15 U.S.C. § 1012 (1945)

• “The business of insurance, and every person engaged therein, shall be subject to the laws of the several States which relate to the regulation or taxation of such business”

• “No Act of Congress shall be construed to invalidate, impair, or supersede any law enacted by any State for the purpose of regulating the business of insurance, unless such Act specifically relates to the business of insurance”

• ESIGN § 101(i): “It is the specific intent of the Congress that this title … apply to the business of insurance.”

#ACInsurance

ESIGN Does Not Apply To:

• Wills, codicils, or testamentary trusts

• State laws governing adoption divorce or family law

• UCC provisions (other than sales of goods and leases of goods)

• Court orders or notices

• Utility cancellation notices

• Default, acceleration, foreclosure notices with respect to primary residence

• Cancellation notices for health or life insurance (excluding annuities)

• Product recall notices

#ACInsurance

Federal Preemption of State Law

• Under E-SIGN, “a signature … may not be denied legal effect, validity, or enforceability solely because it is in electronic form.”

• States, however, may “modify, limit, or supersede” this rule, but only if a state:

• adopts the official version of UETA as approved and recommended by NCCUSL

• any state-specific exceptions to UETA’s coverage are preempted, unless the exception is both consistent with E-SIGN and technology neutral.

• OR, specifies alternative requirements for the use or acceptance of electronic records and signatures, but only if the requirements are consistent with E-SIGN and are technology neutral.

#ACInsurance

Federal Preemption of State Law • Some states have enacted laws that specifically require “wet signatures” or otherwise prohibit electronic

contracting

• For example, California excludes more than sixty-five categories of documents from its electronic signature provisions, including

• transactions that occur under a “law that requires that specifically identifiable text or disclosures in a record or a portion of a record be separately signed, including initialed, from the record.” Cal. Civ. Code § 1633. 3( b)( 4).

• Cal. Ins. Code § 658 (written reasons for refusal of good driver insurance discount)

• Cal. Ins. Code §§ 662, 663, 664, 666, 667.5 (notices of cancellation/expiration of insurance policies)

• Cal. Ins. Code § 673 (written notice of exercise of right to cancel premium)

• Cal. Ins. Code §§ 677, 678, 678.1 (notices of cancellation/expiration of property insurance)

• Cal. Ins. Code § 786 (disability and life insurance sales to seniors)

• Cal. Ins. Code §§ 10083, 10086, 10087 (written offers and disclosures for earthquake insurance)

• Cal. Ins. Code § 10102 (California residential property insurance disclosure)

• Cal. Ins. Code §§ 10113.7, 10127.7, 10127.9, 10127.10 (life and disability insurance notices and disclosures)

• Cal. Ins. Code §§ 10199.44, 10199.46 (notices of cancellation and amendment relating to group medical and disability insurance policies)

• Cal. Ins. Code §§ 10235.16, 10235.40 (long-term care insurance notices, certificates)

• Cal. Ins. Code §§ 10509.4, 10509.7 (notices regarding replacement of a life insurance policy or annuity)

• Cal. Ins. Code §§ 11624.09, 11624.1 (assigned risk plans)

#ACInsurance

Oklahoma Insurance Department E-Records Notice

#ACInsurance

Patchwork of Laws

• The use of electronic documents and electronic signatures is governed by both federal and provincial legislation ie PIPEDA (federal) and Electronic Commerce Act (Ontario)

• Some insurance laws have been amended to include specific references to electronic documents.

Specific Insurance Legislation:

• Insurance Companies Act (Canada) and the Electronics Documents (Insurance and Insurance Holdings Companies) Regulations – as applicable to Federally Regulated Insurers

• BC and Alberta Insurance Acts expressly allow for electronic insurance transactions (permit e-delivery and e-signatures)

• Manitoba and Ontario steps to modernize.

E-Commerce in Canada

#ACInsurance

E-Commerce in Canada is Still Developing

#ACInsurance

• Uniform Law Conference of Canada’s Uniform Electronic Commerce Act

• Various electronic commerce statues currently in force in provinces and territories are based on UECA

• Personal Information Protection and Electronic Documents Act (Federal)

• Part II puts electronic and paper media on equal basis and describes the characteristics of “Secure Electronic Signatures”

General Consensus amongst Canadian electronic commerce statutes is that electronic contracts and electronic signatures are enforceable so long as they are in compliance with any specific requirements set out in the electronic commerce legislation in the province/territory. Note Quebec not as straight forward but permitted

E-Commerce in Canada

#ACInsurance

• “Electronic Signature” as defined under Electronic Commerce Act, 2000 (Ontario)

• Electronic information that a person creates or adopts in order to sign a document and that is in, attached to or associated with the document.

• Insurance Companies Act (Canada) imposes evidentiary requirements concerning electronic signatures used in documents.

• Technology or process used to create electronic signatures must be able to provide that the signature created using the technology or process:

• Is unique to the person signing the electronic document;

• Is incorporated into, attached to or associated with that electronic document; and

• Can identify the person using the technology or process to sign the document

E-Signature in Canada

#ACInsurance

• E-commerce legislation in Canada does not oblige anyone to use electronic means.

• Canadian laws provide that no one can be compelled to use, provide or accept information or a document in an electronic form – consent is required.

• Consent can be express (eg written or verbal statement) or implied from a person’s conduct.

• Consent must be for both entering into an electronic contract as well as ongoing delivery of information by electronic means.

• Canada’s Anti Span Legislation governs all commercial electronic messages by requiring consent of the recipient

Consents Required in Canada

#ACInsurance

• Electronic information is not provided to a person if it is merely made available for access by the person – something more is required.

• An electronic contract is formed in the sending of the acceptance.

• The contract can be formed by electronic means, including the touching or clicking on an icon or by speaking

• The contract is formed or the notice is sent when it enters an information system outside the sender’s control. And if they use the same system, when the electronic information becomes capable of being retrieved and processed by the recipient.

• Qualification: if the recipient has NOT designated a particular system for the purposes of receiving information, receipt is only presumed at the time that the recipient becomes aware of the information in its system, and once it can be retrieved and processed by the recipient.

• Electronic information is deemed to be sent from the sender’s place of business and received at the addressee’s place of business.

E-Delivery in Canada

#ACInsurance

• Insurance Companies are subject to many requirements that state that information must be set out “in writing”

• Canadian electronic commerce legislation (bolstered by amendments to some provincial insurance acts), information or a document in an electronic form can satisfy a legal requirement that it be “in writing” –

Provided that the electronic form is ACCESSIBLE for subsequent reference.

• IF there is a legal requirement to PROVIDE information or document to another person “in writing”, that requirement can be satisfied if the electronic information or document is capable of being retained and accessed by the recipient for subsequent reference.

“In Writing” Requirement Insurance in Canada

#ACInsurance

• In some circumstances, a legal requirement may be specific to an original document. E-commerce legislation in Canada permits an electronic copy to be retained or provided in place of an original paper document provided that:

• the electronic document is retained in the same format, or in a format that accurately represents the information contained in the original document

• There exists a reliable assurance as to the integrity (complete and unaltered) of the information contained in the electronic document from the time the document was first created; and

• The information in the electronic document will be accessible for subsequent reference (must not prevent or hinder printing or storing)

• Where an electronic document is set or received in lieu of an original paper document, information must be retained concerning the origin and destination, the date and time when it was sent and received.

“Original” Document Requirement in Canada

#ACInsurance

• The Canada Evidence Act and provincial evidence act that standards may be

considered in determining the admissibility of electronic records.

• Section 31.1 provides any person seeking to admit electronic document as

evidence has the burden of proving its authenticity by evidence capable of

supporting a finding that the electronic document is that which it is purported to

be.

• Notable Standard, the Canadian General Standards Board’s “Electronic Records as

Documentary Evidence” (CAN/CGSB-72.34-2005) standard is intended to provide a

means by which organizations can establish

• 1. authenticity of a record

• 2. integrity of the records management system that a record was recorded or

stored in and

• 3. that it is a record made the usual and ordinary course of business.

• Complying with this standard helps ensure that electronic information is

admissible in Court in Canada.

Electronic Evidence in Canada

#ACInsurance

• Section 31.2 (1) The best evidence rule in respect of electronic document is satisfied on (a) proof of the integrity of the electronic documents system by or in which the electronic document was recorded or stored; or (b) if an evidentiary presumption established under Section 31.4.

• PIPEDA defines in the Secure Electronic Signature Requirements the criteria to satisfy section 31.4 – encryption technology constitutes a secure electronic signature for PIPEDA.

• The regulation sets forth a series of steps that must be followed using public key encryption technology for the signature to be considered as a secure electronic signature.

• HOWEVER – no statutory or regulatory guidance on the types of electronic signatures that will be considered as acceptable form of an electronic signature in Ontario and the other provinces and territories.

Canada Evidence Act Presumptions (Federal)

#ACInsurance

Generally, electronic commerce legislation does not apply to:

• Wills and codicils

• Trusts created by wills or codicils

• Powers of attorney for financial affairs or personal care

• Documents that create or transfer interest in land or require registration to be effective against third parties

• Negotiable instruments

E-Commerce Does NOT Apply

#ACInsurance

• Insurance laws impose additional exclusions. Legislation in the provinces vary, but certain notices, declarations and instruments are NOT permitted to be effected by electronic means or electronic notices or documentation – notably

• A notice for cancellation of a contract of insurance

• Alterations to an insurance policy by the insurer (ie an alteration by an insurer following a loss payable to a person other than the insured)

• an appointment of a trustee for a beneficiary or an alteration or revocation of the appointment by a declaration; or

• Nomination of a third party as having the rights and interests of the insured on the death of the insured

• And in some provinces – designation of a beneficiary, BC permits – but case law appears to be evolving towards greater recognition of electronic signatures

E-Commerce Does NOT Apply

#ACInsurance

Repudiation, Authentication, Audit Tracking, Tampering

#ACInsurance

6 Point Risk Framework

• Developed over the last 10 years from risks identified in advising insurance industry clients

• Framework helps distinguish various risks attendant to e-signature and e-contracting process, to match the appropriate mitigation strategy with the right risk

#ACInsurance

6 Point Risk Framework

1. Authentication Risk

2. Repudiation Risk

3. Admissibility Risk

4. Compliance Risk

5. Adoption Risk

6. Relative Risk

#ACInsurance

Authentication Risk

Risk: “That’s not my signature”

Mitigant: Use “shared secrets” or other ways to affirm identity (notary is recognized form of authentication)

#ACInsurance

Repudiation Risk

Risk: “That’s not what I signed”

Mitigant: Hash each record and hash the process audit trail

#ACInsurance

Admissibility Risk

Risk: “Objection, your honor!”

Mitigant: Determine upfront who is able and willing to testify (read Markel)

#ACInsurance

Compliance Risk

Risk: “I never saw that”

Mitigant: Varies depending on nature of record and whether signature or only written delivery required

#ACInsurance

Adoption Risk

Risk: “Am I done yet?”

Mitigant: Test, adjust, test, and repeat

#ACInsurance

Relative Risk

Risk: “How does each category of risk for e-process compare to that risk in traditional process, and is there real risk increase in e-process?”

Mitigant: Apply the relative risk to each previous risk type:

Authentication

Repudiation

Admissibility

Compliance

Adoption

#ACInsurance

Case Selection Criteria

• Employment Law Cases

• Employees and consumers may be viewed alike by courts, especially in area of disclosures

• Insurance Product Customer Cases

• Electronic Mail Cases

#ACInsurance

General Dynamics Line of Cases

• Campbell v. General Dynamics (1st Cir. May 2005)

• Email communication for delivery of arbitration agreement amendment to employee policy failed to bind employee

• Court critical of e-mail's content and absence of employee response requirement

• Little discussion and analysis of e-signature law

#ACInsurance

General Dynamics Line of Cases • Kerr v. Dillard (D. Ct., KS 2009)

• Employee arbitration agreement electronically signed by SSN or employee ID number, employee created password and click “accept”

• Kerr missed work and told to access her work schedule on company intranet

• Supervisor show her how to use intranet on kiosk, reset her default password and demonstrated how to navigate intranet

• Kerr claimed that supervisor e-signed arbitration agreement during navigation demonstration

• Email confirming acceptance of arbitration agreement sent to Kerr’s email account and opened, but she denied opening email

• Court held that no evidence to attribute Kerr’s or supervisor’s e-signature to the arbitration agreement and employer didn’t have adequate security procedures for passwords, restricting authorized access to employee email and intranet accounts, determine who e-signed arbitration agreements or opened email sent to employee’s email account

• Employer failed to carry burden of proof that e-signature via Kerr’s account was attributable to her

#ACInsurance

Point of Sale Process

Labajo v. Best Buy Stores (D. Ct., NY, 2007)

• Process involved selling subscriptions by including not-so-conspicuous notices on printed receipts, when consumer used electronic signature pad to sign for purchases

• Class action case based on improper charges when plaintiff did not timely cancel “free” subscription

• Court held that the process was flawed because BB did not show the keypad made clear to the consumer the consequence of signing for a “free” subscription

• BB compounded problem by not responding to consumer complaints very well

• Case is noteworthy on the process of making the significance of certain actions very clear to consumer and the class action risk

#ACInsurance

Voice Signature

Shroyer v. New Cingular Wireless (Cir. Ct., 2007)

• Process involved printed terms and conditions in the box with the phone – to activate the phone, consumer dials a number and electronically accepts the printed terms in the box

• Court held that the process was just fine

• Agreement to terms in the box can of course be signed in this fashion

• Court refused to enforce terms of contract signed in this fashion; they were unconscionable

• Case is instructive because one can use an electronic signature (including saying “I agree”) to sign a paper provided document

#ACInsurance

Absent Cases

• We have yet to see a case where consumer claims he/she never signed the insurance application insurance – to do so admits no insurance coverage

#ACInsurance

Insurance Company Cases Life and Health Insurance

• Prudential v. Prusky (D. Ct. PA 2005)

• Day trader in variable life insurance policy

• Electronic signature acceptance is consensual under ESIGN Act; insurer cannot be forced to accept e-signatures

• Seagate v. CIGA and LINA (D. Ct. CA 2006)

• Group life insurance policies

• Plaintiff sent electronic change of beneficiary notice, which insurers rejected, arguing that policies required paper notice for such a change

• COB clause required “written notice”, but other clauses required “written notice or any other electronic/telephonic means authorized by” insurer

• Court held written notice on COB clause capable of being read to include electronic notice, so insurer’s motion to dismiss was not proper

#ACInsurance

• Prudential v. Dukoff (D. Ct. NY 2009)

• Group life insurance policy where online application with click-through process used to insure wife of group member of AICPA

• Insurer sought to void policy for medical fraud after wife died of cancer

• Facts not clear on who submitted insurance application and thus who was party to it, husband vs. wife

• Insurer produced printout of application with submission date when wife was in hospital

• Defendant argued application couldn’t be used to void policy because application was not written instrument signed by wife

• Court deferred to NY DOI OG Opinion requiring e-process capable of verifying person providing e-signature for it to be valid, but held insurer had triable issue of fact because of personal data in application may serve as authentication of signer and denied defendant’s summary judgment motion


#ACInsurance

Insurance Company Cases Auto Insurance

• GEICO v. Barwick (Sup. Ct. AR 2011)

• Online, e-signed purchase of auto insurance with online rejection of no-fault coverage by wife

• Husband later become additional named insured and suffered injuries in auto accident

• GEICO denied claim for medical expenses based on e-signed no-fault coverage rejection

• Wife testified she e-signed insurance application, did not choose medical benefits coverage but didn’t physically sign a rejection of medical benefits coverage

• Insured couldn’t argue insurance application’s esig wasn’t valid as there wouldn’t be any policy/coverage, so he argued specific no-fault coverage statute governed over UETA, a general statute

• Court held valid e-signature

#ACInsurance

• In the Matter of an Application by Newbridge Networks Corporation Relating to a Proposed Arrangement Involving Newbridge Corporation and its Securityholders (2000), 48 O.R. (3rd) 47 (Ont. S.C.)

• Farley J. commented on a proposed form of electronic voting procedure for holders of Newbridge Networks Corporation options. The planned procedures involved the use of an electronic signature by the option holder. Farley J. took the view that an electronic procedure was actually safer and more reliable than a manual system that relied on the mail and other delivery systems. He pointed out that individuals’ physical signatures can change over time and that they are not “guaranteed” to be genuine. His view was that the important consideration was whether the recipient was advised of the intention.

Canadian Case Law – E-Signatures

#ACInsurance

• Re Buckmeyer Estate, 2008, SKQB 141 • An executor applied for probate to determine the validity of an

existing will and to obtain an order as to whether a subsequent email validly altered a beneficiary designation. The court held that an email signature was an effective signature under the province’s electronic commerce legislation, and could qualify as a declaration as defined under s.133(c) of The Saskatchewan Insurance Act.

• That section does not specify an “in writing” requirement, and defines a “declaration” as an instrument signed by the insured: (1) with respect to which an endorsement is made on the policy; or (2) that identifies the contract; or (3) that describes the insurance or insurance fund or a part thereof, in which he designates, or alters or revokes the designation of, his personal representative or a beneficiary as one to whom or for whose benefit insurance money is to be payable.

Canadian Case Law – E-Signatures

#ACInsurance

Mock Trial 1: Life Insurance Policy Purchase Scenario

#ACInsurance

Mock Trial 2: Auto Insurance Policy Uninsured Motorist Coverage Declination Scenario

#ACInsurance

Case Law Takeaways

• There are a few cases involving bad e-signature processes

• Courts are not struggling to recognize that electronic signatures can be enforceable

• Courts continue confirming e-delivery and e-signatures in employee/consumer settings, as long as it is made clear to person the significance of the action accepting new terms

• Plan for evidentiary admissibility, more disputes expected in this area

#ACInsurance

Legislation and New Trends in Electronic Contracting

#ACInsurance

Electronic Proof of Coverage

#ACInsurance

• Eight States have adopted online verification, a real-time, web-based service to confirm in-force insurance. Those States include: Alabama, Idaho, Montana, Mississippi, Nevada, Oklahoma, West Virginia and Wyoming.

• Connecticut has legislation pending.

Online Verification

#ACInsurance

• Arizona – permit policy docs to be provided electronically

• Connecticut – DMV Real-time auto insurance verification system implementation

• Delaware – Electronic delivery of policies and documents

• Georgia – E-delivery of notices/policies possible in 2014; E-discovery legislation in 2014.

• Hawaii – Electronic notices and documents; Mobile electronic devices

2014 State Reports

#ACInsurance

• Idaho – Evidence of coverage can be sent by e-mail or to a mobile device, or via web site posting.

• Indiana – Automobile insurance verification

• Missouri – Automobile insurance verification

• North Carolina – WC Insurance cancellation/electronic notices for all but WC cancellation

• Oregon – Electronic Communications bill for P&C

2014 State Reports

#ACInsurance

• Pennsylvania – Electronic auto insurance ID cards

• South Carolina – E-deliver/E-posting legislation in 2014

• Tennessee – Auto insurance verification database

• Utah – Electronic notification

• Wisconsin – “E” insurance commerce authority

• Wyoming – Electronic Proof of Insurance

2014 State Reports

#ACInsurance

The National Association of Insurance Commissioners published a document in 2012 entitled

The Use of Social Media

in Insurance

#ACInsurance

“If insurance companies, producers and regulators are to meet the challenges of this evolving technology, it is important that insurance entities have confidence that their investments into the medium will not result in unintended regulatory liabilities. For their part, regulators must be confident that insurance consumers are protected from false or misleading information and that the well-established principles of market regulation, including record retention, are recognized and respected.”

Social Media

#ACInsurance

• Use social media to build consumer relationships, based on trust and the exchange of information

• The goal of developing these relationships is the creation of market presence and product branding, which, in turn, should generate new customers

• Customer-Service Tool

Social Media Insurance Companies

#ACInsurance

• Producers who excel at developing relationships will likely pursue licenses and sales opportunities outside traditional geographic areas

• Understanding the insurer-producer relationship is critical when determining the insurer’s responsibility for its appointed producers’ social media communications

• If an appointed producer’s social media communication can be attributed to a specific carrier, regulators will also attribute the communication to the carrier

• Companies are encouraged to develop and implement policies and procedures that recognize the agent/principal and independent relationships that exist in the various distribution models

Social Media Insurance Producers

#ACInsurance

Consumers use social media to share information about insurance companies and producers on internet sites that allow anyone with a Web browser to post notes for others to read

Social Media Insurance Consumers

#ACInsurance

• Several state insurance departments are actively addressing social media use and issues via market conduct examinations.

• An insurer’s policies, procedures and controls relative to social media communications must comport with existing regulations, which include, but are not limited to, statutes and rules related to advertising and marketing, record retention, consumer privacy and consumer complaints.

Issues Identified and Regulatory Guidance

#ACInsurance

• An insurer is responsible for the content of its appointed producers’ posts, if such content can be attributed to the appointing surer or the insurer’s products or services

• Static social media advertisements or solicitations must comply with state marketing and advertising regulations


#ACInsurance

• Financial Industry Regulatory Authority’s guidance on third-party posting to social media websites, an insurer and/or producer may be held responsible for third-party posts due to the “entanglement theory” and/or the “adoption theory”.

• Insurers and producers must maintain their books and records in a manner that permits an examining department of insurance to readily determine compliance with state insurance laws and rules.


#ACInsurance

Legislation is being introduced in 26 states to prevent employers from requesting access to usernames and passwords to employee social media accounts. Employers argue that access is needed to protect proprietary information or trade secrets, to comply with federal financial regulations, or to prevent the employer from being exposed to legal liabilities. Employees consider this access an invasion of employee privacy.

Employer Access to Social Media

#ACInsurance

California

Florida

Georgia

Hawaii

Illinois

Indiana

Iowa

Kansas

Maine

Maryland

Massachusetts

Minnesota

Mississippi

Missouri

Nebraska

New Hampshire

North Carolina

Ohio

Oklahoma

Pennsylvania

Rhode Island

Tennessee

West Virginia

Wyoming

Wisconsin

States with pending legislation regarding employer access include:

Employer Access to Social Media

#ACInsurance

46 States, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.

Security Breach Laws

#ACInsurance

New State Statutes for E-Delivery of Insurance Policies

• Primarily driven by Property Casualty Insurance Association of America over last 2 years

• Two flavors of statutes, which amend state insurance codes:

• Electronic mail and website posting forms of delivery

• Web site posting only form of delivery

• Generally apply to delivery of insurance policy and other notices required for insurance transaction

• A few also embed e-signature provisions

• Most of these new statutes apply only to property and casualty insurance, and some are limited to personal lines

#ACInsurance

• Interplay with UETA and ESIGN

• Some statutes do not reference UETA or ESIGN, e.g., AK 21.42.250 and 21.42.260 and AZ 20-398.01

• Some statutes reference only UETA, e.g., 18 DE Code 107

• Some statutes reference only ESIGN

• ID, MD and MN – statute may not be construed to modify, limit or supersede ESIGN

• TX – statute does modify, limit or supersede ESIGN as authorized by Section 102

• Most statutes require consumer’s consent, but see Alaska and Arizona statutes referenced above, which do not, and FL 627.421, which is e-mail opt-out model but website posting nevertheless allowed, and MI 500.2248

• Some statutes contain ESIGN Act’s consumer disclosure requirements, e.g. 18 DE Code 107 and KS HB 2107

New State Statutes for E-Delivery of Insurance Policies

#ACInsurance

Core Elements of Website Posting of Insurance Policies Statutes

• Delivery to insured of insurance policy by insurer’s posting specimen policy form on insurer’s website

• Insurer must provide copy of posted specimen policy to insured upon request at no cost

• Declarations page sent to insured in paper form must:

• Disclose that specimen policy is available on insurer’s website

• Identify specimen policy incorporated into insured’s policy

• Explain how insured can get paper copy of specimen policy at no cost from insurer

• Specimen policy must be “easily accessible” on insurer’s website in format readily capable of being printed or electronically saved using “widely available” free computer software

• Insurer must for 5 years after end of insured’s policy retain electronic specimen policy and make printed or electronic copy of specimen policy available to insured

#ACInsurance

Unique Elements of Website Posting of Insurance Policies Statutes

• Voice Recordings: if recorded oral communication can be reliably stored and reproduced by insurer, then it is a writing or signature

• Verification of Receipt: if insurance law requires insurer to obtain acknowledgment of insured’s receipt of delivered document, e-delivery permitted only if e-delivery method provides for insured’s acknowledgment of receipt

• Insured’s Consent: while many of these laws require insured’s consent for non-website posting e-delivery, they also state that failure to obtain insured’s consent is not basis for denying legal effectiveness of insurance policy

• E-Delivery satisfies first class mail, certified mail and similar mailing requirements

• Some states allow discount to insured for accepting e-delivery, e.g., 215 IL 5/143.33 and MO 379.011

#ACInsurance

Canadian Anti Spam Legislation

#ACInsurance

• Into Force Commencing July 1, 2014

• Designed as one of the most stringent anti-spam regimes in the world, CASL will have a significant impact on the electronic communication practices of companies in Canada as well as foreign companies sending commercial electronic messages (CEMs) to Canadians.

• An exemption exists for foreign companies that caused or permitted to be sent, by organizations located outside of Canada, or sent from a computer system located outside Canada, and accessed by recipients while visiting Canada, as long as the person sending the message did not know and could not reasonably be expected to know that the message would be accessed using a computer system located in Canada, and the CEM relates to a product, good, service or organization located or provided outside of Canada;

• Businesses which operate in the U.S. and send CEMs to Canadians must note that the CASL requirements will be in addition to those prescribed in the U.S. Can-Spam Act. As a result, it will be important for such entities to also adapt to, and comply with, these laws as well.


#ACInsurance

• Companies which commercialize their products and services across North America as a single market, and which use electronic communications such as newsletters, bulletins and issue alerts, now need to comply with both the new CASL, and with the United States' Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”)

• CAN-SPAM, similarly to CASL, applies to all commercial email messages. Unlike its Canadian counterpart, however, CAN-SPAM does not cover the installation of computer programs, and as such, it is significantly narrower in scope than the equivalent Canadian laws.


#ACInsurance

• OPT IN Consent System

• The anti-spam provisions of CASL prohibit, subject to limited exceptions, the sending of CEMs unless the recipient has consented to receiving the message and the message meets certain form and content requirements.

• Implied consent will exist only in narrower circumstances, primarily in the case of “existing business relationships” or “existing non-business relationships,” both of which are defined terms under the Act and are subject to statutory expiry timelines (for example, two years following a purchase, or six months following an inquiry or application).

• CAN SPAM is an OPT OUT consent system


#ACInsurance

• While there is significant overlap between the Canadian and US definitions of CEMs, the main difference lies in the PURPOSE of the message being sent. The definition of “commercial electronic message” in CASL includes any electronic message that “it would be reasonable to conclude has as its purpose, or ONE of its purposes, to encourage participation in a commercial activity”

• Accordingly, to the extent that a commercial electronic message has – even if not as its sole purpose – as at least one of its purposes the encouragement of participation in a “commercial activity”, CASL will apply.


#ACInsurance

• Under CAN-SPAM, a “commercial email message” is defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)”.

• CAN-SPAM builds on this requirement that the purpose of the message be “primarily” commercial, in order to explicitly permit the inclusion of links to websites of a commercial entity without necessarily deeming the communication to be commercial in nature. This would allow, for example, the sending of an electronic newsletter with advertisements, without falling into the category of commercial electronic messages.

• TO DO: Organizations which have adopted a single electronic messaging solution for both Canada and the United States, should seek the comply with the higher standard in Canada.


#ACInsurance

• Due to the organizational challenges in managing the expiry of consent on an individual basis, and as many organizations (in particular, manufacturers who would not typically directly sell their products to the ultimate consumer) may have difficulty establishing an “existing business relationship” with their target market, in many cases, express consent to send CEMs will need to be sought.

• Very broad (i.e. family relationship exemption only relates to individuals related through marriage, common law or parent-child – therefore CEMs between siblings must comply with CASL)

• Additional exemptions:

• Messaging platforms;

• limited access accounts;

• foreign recipients;

• charities and political parties


#ACInsurance

• Organizations can obtain consent on behalf of unknown third parties as long as in the CEMs sent by those third parties:

• 1. the CEM identifies the original person who obtained the consent; and

• 2. the CEM contains an unsubscribed mechanism that meets certain specified requirements

• 3. permits the person who provided the consent to withdraw it (both from the original person who obtained the consent and any other person who is authorized to use it)


#ACInsurance

ENFORCEMENT

• The private right of action, which provides persons who allege they have been affected by a contravention of the act to bring an action for damages, and a statutory penalty of $200, (not to exceed $1,000,000 for each day on which an offence occurred), has been postponed and will not come into force until July 1, 2017.

• The regulatory impact statement indicates that this three year postponement is intended to allow the development of better understanding of how CASL will be interpreted and enforced, given the potential for the private right of action to lead to class action lawsuits.

• Organizations should note that in the period between July 1, 2014, and the coming into force of the private right of action, CASL will be enforced by the CRTC, and the maximum available penalty for an offence by an organization will be $10,000,000.


#ACInsurance

Best Practices

#ACInsurance

Preliminary Comments About E-Signature/Contract Process

• Involve a multi-disciplinary team of information technology, legal/compliance, marketing, product distribution, new business and claims personnel

• A reasonably well designed process, supported by solid technology, can actually reduce risk, relative to traditional processes

• It’s more about process and workflow than it is about technology, but technology plays important role

• In designing where the records will be stored and which records will be kept, consider e-discovery implications

• Critically evaluate the question of build vs. buy the solution - the choice of vendors continues to improve

#ACInsurance

#ACInsurance

Sample Project 1 - Life Insurance Application E-Signed on PDA

• Scenario: “Turbo App” - Face-to-Face home life insurance solicitation; no consumer required device

• Document at Issue: Life insurance application and life insurance replacement notice and other consumer disclosures with delivery receipt

• Key Law in Play: Insurance code governing insurance application, replacement notice

• Process Design: Content provided in paper form but embedded in PDA; customer reads physical content, agent inputs answers in PDA with interactive pop-ups using stylus, customer signs on PDA and signed documents printed for customer on site or mailed

#ACInsurance

Sample Project 2- Preauthorized EFT E-Signed on Telephonic IVR System

• Process Design:

• Customer must be authenticated

• Query customer whether he/she desires to authorize insurer to effect premium payments via preauthorized EFT using IVR system or vice recording

• If customer consents, the IVR system must state the exact text of the preauthorized EFT content to be e-signed

• Customer is prompted to effect e-signature or discontinue process, and customer presses designated touchtone key(s) for authorization (e-signature) or speaks his/her authorization (e-signature)

• IVR system or voice recording must technologically “attach or logically associate” the touchtone sound or voice recording with EFT authorization content

• Insurer must send tangible “copy” of the e-signed EFT authorization

#ACInsurance

Copy of Electronically Signed Authorization of Electronic Funds Transfer from Bank Account or by Debit Card

Date Sample A Sample 123 Main Street Anytown, GA 12345

Re: [ABC Bank] One Million Dollar Accident Plan Membership/Certificate No. G12-1234567

Dear Sample A. Sample: The purpose of this letter is to provide you with a copy of your electronically signed authorization for preauthorized electronic funds transfers you gave to our representative by [IVR or by telephone - describe method of authorization] to withdraw future payments from your bank account or debit card account number ending with 1234 using our Easy Payment Plan for [describe purpose of payments (e.g., premiums, fees, etc.)]. Pursuant to your authorization, payments of $XX.XX will be directly withdrawn from your bank account [Mode = each month, quarter, etc] Thank you for choosing to use our Easy Payment Plan. You will no longer need to worry about writing checks or remembering due dates. Please keep this letter for your records as a copy of your authorization. If you have any questions, please call us toll-free at 1-800-XXX-XXXX Monday through Friday between 8:00 a.m. and 8:00 p.m. or Saturday between 8:00 a.m. and 12:00 p.m. Central Time and one of our representatives will be happy to assist you.

#ACInsurance

Sample Project 3 – e-Delivery Notices of GLBA Privacy Notices

• Project A: Website delivery of e-privacy notice by national personal lines property & casualty insurance agency

• Project B: Telephonic IVR system for written consent to disclosure of non-public personal financial information of personal lines property & casualty insurance customer

#ACInsurance

IVR Opt Out/Authorization Script Sample

Thank you for calling ABC at the referral of your XYZ Representative. This call may be monitored and audited for quality control and compliance purposes.

First, we need to know where you live. Are you a resident of [state identified by area code of phone number]?

Press 1 for “Yes” Press 2 for “No” {If “no” then}

“Please use your telephone key pad to provide the 3 digit area code for your phone in your state of residence.”

#ACInsurance

IVR Opt Out/Authorization Script Sample

{If caller IS a resident of MN:} In connection with the ABC-XYZ Company marketing referral program for insurance, ABC wishes to disclose to XYZ, your name, phone number and address. We wish to disclose this information immediately following this call and as the information changes over the next 12 months. For ABC to disclose this information, ABC must obtain your written authorization, which you may electronically sign through this interactive telephonic response system. Do you authorize and consent that ABC disclose this information and consent to sign this authorization electronically]? Press 1 for “Yes” {collect “signature,” date stamp and record authorization } The identification, contact, application process and coverage information will be disclosed to XYZ at the end of this call. To continue with this call, please Press #.

Press 2 for “No” {To continue with this call, please press #}

Press 3 to repeat list. {repeat from “your name, phone number and address. May we disclose this information?…”}

Thank you. Let’s begin – may we have your full name?

#ACInsurance

e-Delivery

• Yes – e-Delivery is permissible

• Requires clear consent from recipient

• Consider obtaining consumer’s consent for e-delivery for all permitted notices, such as:

• GLB annual notices

• FCRA opt-out notices

• Security breach notices

• Other notices that may be required by statute or contract

#ACInsurance

e-Delivery

• e-Delivery method can reduce risk:

• Proof of delivery of complete package

• Proof of when delivery occurred

• e-Delivery can also present a quandary: what happens if consumer does not retrieve package/notice?

• UETA has deemed receipt, and upfront consent should emphasize

• Better method appears to be:

• Email alert that something is ready

• Consumer logs into secure site to access materials

#ACInsurance

Thank you!

• Brian T. Casey

• Locke Lord LLP

• [email protected]

• Jane L. Cline

• Spilman Thomas & Battle, PLLC


• Laurie LaPalme

• Cassels Brock & Blackwell LLP


• Andrew Smith

• Morrison & Foerster LLP


#ACInsurance

Appendix:

Additional Case Law

#ACInsurance


• Verizon Communications v. Pizzirani (D. Ct., PA 2006)

• Defendant electronically accepted restricted stock awards agreements which contained a non-compete agreement after he initially refused to do

• After leaving Verizon and joining Comcast, Verizon sued him to enforce non-compete

• E-signature not challenged, but case shows e-signature process can work for employee restrictive covenants

• Bell v. Hollywood Entertainment Corp. (OH App. Ct., 2006)

• Employment application with arbitration agreement for employment disputes signed via kiosk

• Employee adequately informed of arbitration agreement requirement and received ESIGN Act and FCRA Act consumer disclosures during e-signed application process

#ACInsurance


• Cases are instructive in designing a process (for employees or consumers in new business process)

• e-Delivery can be effective, regardless of whether the person to be bound actually reads the substantive new terms

• Critical to the process is making the significance of the e-Delivered document very clear and requiring an affirmative act to signify acceptance, such as “clicking” I agree

#ACInsurance


• Bonck v. White and Progressive Ins. Co. (Ct. App. LA 2013)

• Online, e-signed purchase of auto insurance in agent’s office with coverage effective 2 days later

• Insured involved in auto accident months later and sued insurer as UIM coverage provider

• Insurer produced UIM form e-signed by insured waiving UIM coverage but dated 2 days after policy’s effective date of coverage and 4 days after application

• Court found material facts at issue because insurer didn’t rebut insured’s testimony she didn’t sign UIM coverage waiver, so reversal of insurer’s summary judgement motion grant

#ACInsurance


• DWP Pain Free v. Progressive Inc. Co. (D.Ct. NY 2006)

• Assignment of Benefits from injured insured to medical services provider, which assignee claimed was electronically signed by both it and its patient; and its signature was referenced as “on file”

• Insurer’s mailed paper verification letter stated physician’s original signature required, signature stamps and e-signatures not accepted

• Health care provider sued insurer arguing both ESIGN and NY e-sig law require insurer to recognize e-sigs

• Court relied upon NY DOI OGC opinion in same context finding that e-sig laws do not obligate insurer to accept e-sigs

• Same issue as in Prusky case

#ACInsurance


• Zulkiewski v. AGLIC (Ct. App. MI 2012)

• Life insurance policy bought by Dr. Zulkiewski on his life in 1999, naming his 1st wife as beneficiary

• 2006, after divorce, he changed beneficiary to mother as primary and father as secondary

• 2008, after his remarriage, someone used insurer’s online e-service to register as insured and change beneficiary to 2nd wife as primary and mother as secondary

• Insured later committed suicide and mother and 2nd wife each claimed life insurance proceeds; 2nd wife sued insurer, which sought to interplead proceeds, and mother claimed contract breach by insurer

• Trial court granted 2nd wife’s summary judgment motion finding evidence that insured made electronic beneficiary change and insurer’s summary judgment motion against mother

• On appeal, mother argued insurer had to prove adequate security of e-service for beneficiary change, allowing 2nd wife to forge insured’s signature

• Court held UETA doesn’t require insurer to prove efficacy of its system and only permits proof of security of system as means to show attribution of a person to e-signature and affirmed lower court’s decision

#ACInsurance


• Sun Life v. Wasko (D. Ct. IA 2013)

• Group life insurance enrollment employee

• Original beneficiaries of unmarried employee were children

• Employee married and attempted online to change beneficiary to new wife

• Employee then had telephone call with TPA about beneficiary change, and TPA

confirmed on call that change was processed, and TPA sent paper confirmation of

change to employee

• Employee later died, and children and wife claimed life insurance proceeds

• Policy stated that COB must be written, signed and filed with employer

• Children argued father’s COB was not written or signed by him

• Court held, applying substantial compliance doctrine to insurer’s policy for COB

changes (oral recording followed by paper confirmation, verbal recording capable

of being reduced to writing is functional equivalent of written COB, verification of

requesting party is functional equivalent of signature and paper confirmation is

functional equivalent of filing COB with employer