Washington State House of Representatives Office of Program Research | BILL ANALYSIS |
Business & Financial Services Committee |
SSB 5655
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
Brief Description: Concerning the delivery of insurance notices and documents by electronic means.
Sponsors: Senate Committee on Financial Institutions & Insurance (originally sponsored by Senators Angel and Mullet).
Brief Summary of Substitute Bill |
|
Hearing Date: 3/15/17
Staff: Peter Clodfelter (786-7127).
Background:
Electronic Delivery of Insurance-Related Notices or Documents.
A 2015 law established that any notice to a party or any other document required under applicable law in an insurance transaction or that is to serve as evidence of insurance coverage may be delivered, stored, and presented by electronic means so long as it meets the requirements of the Washington Electronic Authentication Act (Act). Pursuant to the 2015 law, and separate from any requirements under the Act, various requirements must be met before an insurer may deliver notices and documents electronically to a party, including through electronic mail (e-mail).
The party to receive electronic notices or documents must affirmatively consent to that method of delivery. Consent may later be withdrawn. Before giving consent, the party must be provided with a clear and conspicuous statement informing the party of the following:
the party's right to withdraw consent and of any conditions or consequences that may be imposed in the event consent is withdrawn;
the types of notices and documents to which the party's consent will apply;
the party's right to have a notice or document in paper form; and
the procedures a party must follow to withdraw consent to have a notice or document delivered by electronic means and to update the party's e-mail address.
Additionally, before giving consent, the party must be provided with a statement of the hardware and software needed to access and retain any electronic notices or documents. And the party must consent electronically, or confirm consent electronically, in a manner that reasonably demonstrates that the party can access information in the electronic form that will be used for notices or documents if consent is given. After consent is given, a change in hardware or software requirements necessary to access or retain an electronic notice or document may require an insurer to provide the party with information about the hardware or software changes, the party's right to withdraw consent, and other disclosures.
An insurer must deliver a notice or document by another delivery method permitted by law, other than electronically, if the insurer attempts to deliver the notice or document by electronic means and has a reasonable basis for believing that the notice or document has not been received by the party, or the insurer becomes aware that the e-mail address provided by the party is no longer valid.
Washington Electronic Authentication Act.
The Act, enacted in 1996, is separate from the Insurance Code. The Act allows the use of digital signature technology in electronic transactions and creates a process for the voluntary licensing of certification authorities. The Office of the Secretary of State is responsible for implementing and administering the Act. The focus of the Act is digital signatures, which are different than electronic signatures. Although not all electronic signatures are digital signatures, all digital signatures are electronic signatures. Digital signatures can give the recipient reason to believe the message was sent by the person who claims to have sent it, and that it was not altered after being sent.
The Act defines an electronic signature as a signature in electronic form attached to or logically associated with an electronic record, including but not limited to a digital signature. A digital signature is an electronic signature that is a transformation of a message using an algorithm that provides a secure key pair such that a person having the initial message and the signer's public key can accurately determine the following:
whether the transformation was created using the private key that corresponds to the signer's public key; and
whether the message has been altered since the transformation was made.
Under the Act, certification authorities may become licensed by the Secretary of State to issue certificates to subscribers. A subscriber is listed in a certificate, and holds a private key that corresponds with a public key. The subscriber can use the private key to affix a digital signature to a document, which another party can verify the validity of using the public key of the subscriber. The Act imposes duties on certification authorities as well as on subscribers of certification authorities.
Where a law requires a signature, or provides certain consequences in the absence of a signature, the Act establishes that the law is satisfied by a digital signature if the following conditions are met:
the digital signature must be verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
the digital signature must have been affixed by the signer with the intention of signing the message; and
the recipient has no knowledge or notice that the signer either breached a duty as a subscriber or does not rightfully hold the private key used to affix the digital signature.
However, the Act also provides that it does not preclude a mark from being valid as a signature under other applicable law.
Summary of Bill:
Electronic Delivery of Insurance-Related Notices or Documents.
In any notice to a party or any other document required under applicable law in an insurance transaction or that is to serve as evidence of insurance coverage that is delivered, stored, or presented by electronic means, an electronic signature is the equivalent of a digital signature for purposes of satisfying the requirements of the Washington Electronic Authentication Act.
Appropriation: None.
Fiscal Note: Not requested.
Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.