Two recent developments at the state level are taking the advisement of the NAIC on AI issued last fall to the next step, as covered in this article by Carlton Fields on JD Supra. The Connecticut Insurance Department issued a memo in the same vein as the FTC's covered above, re-emphasizing that existing law covers Big Data and AI technology use. Delving deeper, the agency provided guidance specifically on data governance, including use of third-party data, as well as how algorithms are “inventoried, risk assessed/ranked, risk managed, validated for technical quality, and governed throughout their life cycle.” Companies doing business in the state should be prepared to "show their work."
The action in Colorado comes in the form of new draft legislation SB 21-169 that focuses on insurer's use of third-party "external" data and models, that broadly falls in line with the new spate of state laws focused on data privacy. However, the requirement that companies effectively assure all of their vendors' systems around their use of data and models is new and challenging, since very little established practice or reporting currently exists in this gray area. Enforceability is very much a matter of interpretation at this point in time.