Prohibits the use of external consumer data and information sources being used when determining insurance rates; provides that no insurer shall unfairly discriminate based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression; or use any external consumer data and information sources, as well as any algorithms or predictive models that use external consumer data and information sources, in a way that unfairly discriminates based on race, color, national or ethnic origin, religion, sex, sexual orientation, disability, gender identity, or gender expression; makes related provisions; defines terms.
STATE OF NEW YORK
________________________________________________________________________
4427
2025-2026 Regular Sessions
IN ASSEMBLY
February 4, 2025
___________
Introduced by M. of A. CUNNINGHAM -- read once and referred to the
Committee on Insurance
AN ACT to amend the insurance law, in relation to the use of external
consumer data and information sources being used when determining
insurance rates
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The insurance law is amended by adding a new section 2403-a
2 to read as follows:
3 § 2403-a. Insurers' use of external consumer data and information
4 sources; prohibited. (a) No insurer shall:
5 (1) Unfairly discriminate based on race, color, national or ethnic
6 origin, religion, sex, sexual orientation, disability, gender identity,
7 or gender expression; or
8 (2) Pursuant to rules adopted by the superintendent, use any external
9 consumer data and information sources, as well as any algorithms or
10 predictive models that use external consumer data and information sourc-
11 es, in a way that unfairly discriminates based on race, color, national
12 or ethnic origin, religion, sex, sexual orientation, disability, gender
13 identity, or gender expression.
14 (b) (1) The superintendent shall adopt any rules or regulations neces-
15 sary for the implementation of this section.
16 (2) The superintendent shall engage in a stakeholder process prior to
17 the adoption of rules or regulations for any type of insurance that
18 includes carriers, producers, consumer representatives, and other inter-
19 ested parties. The superintendent shall hold stakeholder meetings for
20 stakeholders of different types of insurance to ensure sufficient oppor-
21 tunity to consider factors and processes relevant to each type of insur-
22 ance. The superintendent shall provide notice of stakeholder meetings on
23 the department's website, and such stakeholder meetings shall be open to
24 the public.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD06571-01-5
A. 4427 2
1 (c) (1) After the stakeholder process described in subsection (b) of
2 this section, the superintendent shall adopt rules or regulations for
3 specific types of insurance, by insurance practice, which rules estab-
4 lish means by which an insurer may demonstrate, to the extent practica-
5 ble, that it has tested whether its use of external consumer data and
6 information sources, as well as algorithms or predictive models using
7 external consumer data and information sources, unfairly discriminates
8 based on race, color, national or ethnic origin, religion, sex, sexual
9 orientation, disability, gender identity, or gender expression.
10 (2) Rules and regulations adopted pursuant to this section shall
11 require each insurer to:
12 (i) provide information to the superintendent concerning the external
13 consumer data and information sources used by the insurer in the devel-
14 opment and implementation of algorithms and predictive models for a
15 particular type of insurance and insurance practice;
16 (ii) provide an explanation of the manner in which the insurer uses
17 external consumer data and information sources, as well as algorithms
18 and predictive models using external consumer data and information
19 sources, for the particular type of insurance and insurance practice;
20 (iii) establish and maintain a risk management framework or similar
21 processes or procedures that are reasonably designed to determine, to
22 the extent practicable, whether the insurer's use of external consumer
23 data and information sources, as well as algorithms and predictive
24 models using external consumer data and information sources, unfairly
25 discriminates based on race, color, national or ethnic origin, religion,
26 sex, sexual orientation, disability, gender identity, or gender
27 expression;
28 (iv) provide an assessment of the results of the risk management
29 framework or similar processes or procedures and actions taken to mini-
30 mize the risk of unfair discrimination, including ongoing monitoring;
31 and
32 (v) provide an attestation by one or more officers that the insurer
33 has implemented the risk management framework or similar processes or
34 procedures appropriately on a continuous basis.
35 (3) The rules and regulations adopted by the superintendent pursuant
36 to this section shall include provisions establishing:
37 (i) a reasonable period of time for insurers to remedy any unfairly
38 discriminatory impact in an algorithm or predictive model; and
39 (ii) the ability of insurers to use external consumer data and infor-
40 mation sources, as well as algorithms or predictive models using
41 external consumer data and information sources, that have been previous-
42 ly assessed by the department and found not to be unfairly discriminato-
43 ry.
44 (d) Documents, materials, and other information in the possession or
45 control of the department that are obtained by, created by, or disclosed
46 to the superintendent or any other person pursuant to this section or
47 any rules or regulations adopted pursuant to this section are recognized
48 as proprietary and containing trade secrets. All such documents, materi-
49 als, and other information are confidential and privileged; are not
50 subject to disclosure under article six of the public officers law, or
51 other open records, freedom of information, sunshine, or similar law of
52 this state; are not subject to subpoena; and are not subject to discov-
53 ery or admissible in evidence in any private civil action. However, the
54 superintendent may use the documents, materials, or other information in
55 the furtherance of any regulatory or legal action brought as part of the
56 superintendent's official duties. The superintendent shall not otherwise
A. 4427 3
1 make the documents, materials, or other information public without the
2 prior written consent of the insurer from which the documents, materi-
3 als, or other information was obtained. The superintendent may make data
4 publicly available in an aggregated or de-identified format in a manner
5 deemed appropriate.
6 (e) The superintendent may examine and investigate an insurer's use of
7 an external consumer data and information source, algorithm, or predic-
8 tive model in any insurance practice. Insurers shall cooperate with the
9 superintendent and department in any examination or investigation under
10 this section.
11 (f) The superintendent shall annually submit a report to the governor,
12 the temporary president of the senate, the speaker of the assembly, the
13 minority leader of the senate and the minority leader of the assembly
14 and the insurance chairs of the senate and assembly committees. Such
15 report shall include, but not be limited to:
16 (1) Information concerning any changes in insurance rates that have
17 resulted from the prohibitions described in subsection (a) of this
18 section;
19 (2) A summary of the stakeholder engagement process described in para-
20 graph two of subsection (b) of this section; and
21 (3) A description of data sources, if any, discussed during the stake-
22 holder engagement process, which data sources insurers may use to comply
23 with this section.
24 (g) Notwithstanding any provision of this section to the contrary,
25 this section does not apply to:
26 (1) Title insurance, pursuant to article sixty-four of this chapter;
27 (2) Bonds executed by qualified surety; or
28 (3) Insurers issuing commercial insurance policies; except that this
29 section shall apply to insurers that issue business owners' policies or
30 commercial general liability policies, which business owners' policies
31 or commercial general liability policies have annual premiums of ten
32 thousand dollars or less.
33 (h) Nothing in this section:
34 (1) Requires an insurer to collect from an applicant or policyholder
35 the race, color, national or ethnic origin, religion, sex, sexual orien-
36 tation, disability, gender identity, or gender expression of an individ-
37 ual; or
38 (2) May be construed to:
39 (i) prohibit the use of, or require life, annuity, long-term care, or
40 disability insurers to test medical, family history, occupational, disa-
41 bility, or behavioral information related to a specific individual,
42 which information, based on actuarially sound principles, has a direct
43 relationship to mortality, morbidity, or longevity risk unless such
44 information is otherwise included in the testing of an algorithm or
45 predictive model that also uses external consumer data and information
46 sources;
47 (ii) prohibit the use of, or require life, annuity, long-term care, or
48 disability insurers to test traditional underwriting factors being used
49 for the exclusive purpose of determining insurable interest or eligibil-
50 ity for coverage unless such factors are otherwise included in the test-
51 ing of an algorithm or predictive model that also uses external consumer
52 data and information sources; or
53 (iii) prohibit the use of or require the testing of longstanding and
54 well-established common industry practices in settling claims or tradi-
55 tional underwriting practices unless such practices or factors are
A. 4427 4
1 otherwise included in the testing of an algorithm or predictive model
2 that also uses external consumer data and information sources.
3 (i) As used in this section, unless the context otherwise requires:
4 (1) "Algorithm" means a computational or machine learning process that
5 informs human decision making in insurance practices.
6 (2) (i) "External consumer data and information source" means a data
7 or an information source that is used by an insurer to supplement tradi-
8 tional underwriting or other insurance practices or to establish life-
9 style indicators that are used in insurance practices. "External consum-
10 er data and information source" includes credit scores, social media
11 habits, locations, purchasing habits, home ownership, educational
12 attainment, occupation, licensures, civil judgments, and court records.
13 (ii) The superintendent may promulgate rules and regulations to
14 further define "external consumer data and information source" for
15 particular lines of insurance and insurance practices.
16 (3) "Insurance practice" means marketing, underwriting, pricing,
17 utilization management, reimbursement methodologies, and claims manage-
18 ment in the transaction of insurance.
19 (4) "Predictive model" means a process of using mathematical and
20 computational methods that examine current and historical data sets for
21 underlying patterns and calculate the probability of an outcome.
22 (5) "Unfairly discriminate" and "unfair discrimination" include the
23 use of one or more external consumer data and information sources, as
24 well as algorithms or predictive models using external consumer data and
25 information sources, that have a correlation to race, color, national or
26 ethnic origin, religion, sex, sexual orientation, disability, gender
27 identity, or gender expression, and that use results in a disproportion-
28 ately negative outcome for such classification or classifications, which
29 negative outcome exceeds the reasonable correlation to the underlying
30 insurance practice, including losses and costs for underwriting.
31 § 2. This act shall take effect on the one hundred eightieth day after
32 it shall have become a law. Effective immediately, the addition, amend-
33 ment and/or repeal of any rule or regulation necessary for the implemen-
34 tation of this act on its effective date are authorized to be made and
35 completed on or before such effective date.
