Loading
The Oregon Administrative Rules contain OARs filed through August 15, 2014
 
QUESTIONS ABOUT THE CONTENT OR MEANING OF THIS AGENCY'S RULES?
CLICK HERE TO ACCESS RULES COORDINATOR CONTACT INFORMATION

 

DEPARTMENT OF CONSUMER AND BUSINESS SERVICES,
INSURANCE DIVISION

 

DIVISION 81

TRADE PRACTICES -- GENERAL PROVISIONS

836-081-0005

Statutory Authority; Purpose; Definitions

(1) OAR 836-081-0005 and 836-081-0010 are adopted by the Director of the Department of Consumer and Business Services pursuant to the general rulemaking authority in ORS 731.244.

(2) OAR 836-081-0005 and 836-081-0010 identify particular practices that make an unfair discrimination in the availability of insurance in violation of ORS 746.015. OAR 836-081-0005 and 836-081-0010 do not limit the director's authority to determine that other practices relating to insurance availability are unfairly discriminatory.

(3) OAR 836-081-0005 and 836-081-0010 do not concern the making and use of insurance rates. Under ORS 737.310, which applies to most lines of property and casualty insurance, the making and use of rates that are unfairly discriminatory is prohibited. Under ORS 746.015 unfair discrimination in the application of rates is prohibited.

(4) OAR 836-081-0005 and 836-081-0010 do not prohibit the use of other risk selection criteria that reasonably can be related to the rates and policy forms used by the insurer.

(5) For the purpose of OAR 836-081-0005 and 836-081-0010:

(a) "Availability of insurance" includes all terms, conditions, and types of coverage under insurance policies.

(b) "Insurer", when used in connection with several insurers in a group under common ownership or control, refers to the group of insurers collectively rather than individually.

Stat. Auth.: ORS 731.244 & 746.240
Stats. Implemented: ORS 746.015(1)
Hist.: IC 2-1978, f. 5-22-78, ef. 6-1-78; ID 19-2006, f. & cert. ef. 9-26-06; ID 12-2013, f. 12-31-13, cert. ef. 1-1-14

836-081-0010

Unfair Discrimination -- Insurance Other than Life or Health Insurance

(1) An insurer decision on the availability of insurance for an individual, other than life or health insurance, that is based on any of the following characteristics is considered to be unfair discrimination:

(a) Age of individuals;

(b) Sex;

(c) Marital status (i.e., single, married, separated, divorced);

(d) Race or color;

(e) Creed;

(f) National origin;

(g) Ancestry;

(h) Occupation, if lawful, unless the occupation significantly increase the degree of hazard. This paragraph does not apply in the case of an insurer that limits its market to one occupation or several related occupations;

(i) Change of occupation, unless the frequency of change is significant;

(j) Change of domicile, unless the frequency of change is significant or the change significantly increases the degree of hazard or the expense of administering policy benefits;

(k) Previous rejection, cancellation or nonrenewal of insurance by another insurer;

(l) Change of insurer;

(m) Lack of previous insurance, unless the lack is in violation of law.

(2) An insurer may use a combination of the characteristics described in paragraphs (h) to (j) of section (1) of this rule as a basis for a decision under section (1) of this rule only if the combination significantly increases the degree of hazard.

Stat. Auth.: ORS 731 & 746
Stats. Implemented: ORS 746.015(1)
Hist.: IC 2-1978, f. 5-22-78, ef. 6-1-78; ID 19-2006, f. & cert. ef. 9-26-06

Unfair Discrimination on the Basis of Blindness

or Partial Blindness

836-081-0020

Statutory Authority; Purpose; Applicability

(1) OAR 836-081-0020 and 836-081-0030 are adopted pursuant to the general rulemaking authority of the Director of the Department of Consumer and Business Services in ORS 731.244 as an aid in effectuation of 746.015(2).

(2) The purpose of OAR 836-081-0020 to 836-081-0030 is to protect blind or partially blind members of the insurance-buying public from unfair discrimination by insurers by identifying specific acts or practices that are prohibited by ORS 746.015(2) when an insurer engages in one or more of them solely on the basis of blindness or partial blindness.

(3) OAR 836-081-0020 to 836-081-0030 shall apply to all insurance transactions.

Stat. Auth.: ORS 731
Stats. Implemented: ORS 746.015(2)
Hist.: IC 1-1985, f. & ef. 2-1-85;ID 19-2006, f. & cert. ef. 9-26-06

836-081-0030

Unfair Discrimination Acts or Practices

(1) The following acts and practices constitute unfair discrimination between individuals of the same class when an insurer engages in one or more of them solely because of blindness or partial blindness of an individual:

(a) Refusing to insure, or refusing to continue to insure, the individual; or

(b) Limiting the amount, extent or kind of coverage available to the individual or

(c) Charging the individual a different rate for the same coverage.

(2) For purposes of section (1) of this rule:

(a) With respect to all other conditions, including the underlying cause of the blindness or partial blindness, persons who are blind or partially blind shall be subject to the same standards of sound actuarial principles or actual or reasonably anticipated experience as are sighted persons.

(b) Refusal to insure includes denial by an insurer of disability insurance coverage on the grounds that the policy defines "disability" as being presumed in the event that the insured loses eyesight.

(c) An insurer may exclude from coverage disabilities consisting solely of blindness or partial blindness when such condition existed at the time the policy was issued.

Stat. Auth.: ORS 731
Stats. Implemented: ORS 746.015(2)
Hist.: IC 1-1985, f. & ef. 2-1-85; ID 19-2006, f. & cert. ef. 9-26-06

Standards for Safeguarding Customer Information

836-081-0101

Purpose, Policy, Authority and Effective Date

(1) OAR 836-081-0101 to 836-081-0126 are adopted by the Director of the Department of Consumer and Business Services under the authority of ORS 731.244 for the purpose of implementing:

(a) ORS 746.240, relating to trade practices found by the Director to be an unfair or deceptive act or practice in the transaction of insurance that is injurious to the insurance-buying public; and

(b) ORS 746.670, relating to the Director's authority to examine and investigate into the affairs of an insurer, agent or insurance support organization in order to determine whether any of those entities is violating or has violated any provision of ORS 746.600 to 746.690, governing the use and disclosure of insurance information.

(2) OAR 836-081-0101 to 836-081-0126 establish standards for developing and implementing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of customer information, pursuant to Sections 501, 505(b), and 507 of the Gramm-Leach-Bliley Act, codified at 15 U.S.C. 6801, 6805(b) and 6807, as follows:

(a) Section 501(a) provides that it is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. Section 501(b) requires the state insurance regulatory authorities to establish appropriate standards relating to administrative, technical and physical safeguards:

(A) To ensure the security and confidentiality of customer records and information;

(B) To protect against any anticipated threats or hazards to the security or integrity of such records; and

(C) To protect against unauthorized access to or use of records or information that could result in substantial harm or inconvenience to a customer.

(b) Section 503(a)(3) requires each financial institution to develop policies for protecting the nonpublic personal information of consumers, and to make those policies available in written form.

(c) Section 505(b)(2) calls on state insurance regulatory authorities to implement the standards prescribed under Section 501(b) by regulation with respect to persons engaged in providing insurance.

(d) Section 507 provides, among other things, that a state regulation may afford persons greater privacy protections than those provided by subtitle A of Title V of the Gramm-Leach-Bliley Act. The safeguards established pursuant to OAR 836-081-0101 to 836-081-0126 apply to nonpublic personal information, including financial information and health information.

(3) Each licensee shall establish and implement an information security program, including appropriate policies and systems pursuant to OAR 836-081-0101 to 836-081-0126.

[Publications: Publications referenced are available from the agency.]

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240 & 746.670
Hist.: ID 2-2003, f. & cert. ef. 3-17-03; ID 8-2005, f. 5-18-05, cert. ef. 8-1-05

836-081-0106

Definitions

For purposes of OAR 836-081-0101 to 836-081-0126, the following definitions apply:

(1) "Customer" means a customer of the licensee as the term "customer" is defined in ORS 746.600(10).

(2) "Customer information" means personal information as defined in ORS 746.600 about a customer, whether in paper, electronic or other form, that is maintained by or on behalf of the licensee.

(3) "Customer information systems" means the electronic or physical methods used to access, collect, store, use, transmit, protect or dispose of customer information.

(4) "Licensee" means a licensee as that term is defined in ORS 746.600, except that "licensee" does not include a purchasing group or an unauthorized insurer in regard to surplus lines business conducted pursuant to 735.400 to 735.495.

(5) "Service provider" means a person that maintains, processes or otherwise is permitted access to customer information through its provision of services directly to the licensee.

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240, ORS 746.670
Hist.: ID 2-2003, f. & cert. ef. 3-17-03

836-081-0111

Information Security Program

(1) Each licensee shall implement a comprehensive written information security program that includes administrative, technical and physical safeguards for the protection of customer information. The administrative, technical and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities.

(2) If a licensee is domiciled in another jurisdiction or subject to the primary jurisdiction of a different functional regulator, and the statutes and rules administered by its domiciliary regulator or primary functional regulator establish standards for protecting the security of consumer information that are substantially similar to those established by OAR 836-081-0101 to 836-081-0126, then good faith compliance with those standards to the satisfaction of the licensee's primary regulator shall constitute compliance with OAR 836-081-0101 to 836-081-0126.

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240, ORS 746.670
Hist.: ID 2-2003, f. & cert. ef. 3-17-03

836-081-0116

Objectives of Information Security Program

A licensee's information security program shall be designed to:

(1) Ensure the security and confidentiality of customer information;

(2) Protect against any anticipated threats or hazards to the security or integrity of the information; and

(3) Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer.

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240, ORS 746.670
Hist.: ID 2-2003, f. & cert. ef. 3-17-03

836-081-0121

Examples of Methods of Development and Implementation

The actions and procedures described in this rule are examples of methods of implementation of the requirements of OAR 836-081-0111 and 836-081-0116. These examples are nonexclusive illustrations of actions and procedures that licensees may follow to implement 836-081-0111 and 836-081-0116. The examples are as follows:

(1) Assessing risk. The licensee:

(a) Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;

(b) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and

(c) Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.

(2) Managing and controlling risk. The licensee:

(a) Designs its information security program to control the identified risks, commensurate with the sensitivity of the information, as well as the complexity and scope of the licensee's activities;

(b) Trains staff, as appropriate, to implement the licensee's information security program; and

(c) Regularly tests or otherwise regularly monitors the key controls, systems and procedures of the information security program. The frequency and nature of these tests or other monitoring practices are determined by the licensee's risk assessment.

(3) Overseeing service provider arrangements. The licensee:

(a) Exercises appropriate due diligence in selecting its service providers; and

(b) Requires its service providers to implement appropriate measures designed to meet the objectives of this regulation, and, where indicated by the licensee's risk assessment, takes appropriate steps to confirm that its service providers have satisfied these obligations.

(4) Adjusting the program. The licensee monitors, evaluates and adjusts, as appropriate, the information security program in light of any relevant changes in technology, the sensitivity of its customer information, internal or external threats to information, and the licensee's own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements and changes to customer information systems.

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240, ORS 746.670
Hist.: ID 2-2003, f. & cert. ef. 3-17-03

836-081-0126

Unfair Insurance Trade Practice

Violation of any provision of OAR 836-081-0101 to 836-081-0126 is an unfair trade practice for purposes of ORS 746.240.

Stat. Auth.: ORS 731.244
Stats. Implemented: ORS 746.240
Hist.: ID 2-2003, f. & cert. ef. 3-17-03

The official copy of an Oregon Administrative Rule is contained in the Administrative Order filed at the Archives Division, 800 Summer St. NE, Salem, Oregon 97310. Any discrepancies with the published version are satisfied in favor of the Administrative Order. The Oregon Administrative Rules and the Oregon Bulletin are copyrighted by the Oregon Secretary of State. Terms and Conditions of Use

Oregon Secretary of State • 136 State Capitol • Salem, OR 97310-0722
Phone: (503) 986-1523 • Fax: (503) 986-1616 • oregon.sos@state.or.us

© 2013 State of Oregon All Rights Reserved​