Data privacy and data governance: NAIC bulletin on AI use

Heather Gagnon, Trent Teister

In this session of our insurance webinar series, Crowe specialists discuss the importance of data governance and best practices for implementing data governance frameworks.

Presenters:

Heather Gagnon, Managing Director, Consulting
Trent Teister, Consulting

Webinar topics:

The National Association of Insurance Commissioners (NAIC) recently issued a bulletin that outlines best practices for insurers’ use of AI, including adhering to existing regulations, protecting data privacy and security, managing third-party vendors, and ensuring consumer transparency. Thirteen states have adopted the NAIC bulletin or similar guidance on AI use. Key states, such as California, Colorado, New York, and Texas, have also issued insurance regulations on AI. The NAIC bulletin covers existing regulatory standards that still apply with AI, such as the Unfair Trade Practices Act. Companies must adhere to these standards when developing AI models.
Companies are in the early stages of exploring AI, but risk factors are causing barriers. Most insurers are just starting their AI journey and are trying to balance keeping up technologically while managing risks. A systematic approach is needed, starting with analyzing current business assets, such as people, processes, facilities, and technology, to identify AI use cases. From there, companies can identify gaps and opportunities to apply AI based on their environment.
Data governance and quality are critical foundations to establish before adopting AI. Companies can set data governance, monitoring, and training best practices to build trust in data by building a data governance road map aligned to business priorities and value. For governance, the focus should be on ownership, accessibility, security, quality, and knowledge of data. Companies should build policies and procedures, monitor them regularly, and train staff accordingly. For data quality, companies should look at accuracy, consistency, completeness, and integrity. Once a road map is in place, companies should continually monitor and improve data quality.
Technology alone won't enable AI success. Companies need the right people, policies, and processes in place as well.
The unpredictability of, and unknowns with, AI can prompt excitement – and apprehension. AI should be viewed as a supplemental tool that requires human verification, and companies should use governance and quality controls to help manage risk.