[§431:2D-107]  Confidentiality requirements. 
(a)  Except as otherwise provided by law, market conduct surveillance personnel
shall have free and full access to all books and records, employees, officers,
and directors, as practicable, of the insurer during regular business hours. 
An insurer using a third-party model or product for any of the activities under
examination shall provide, upon the request of market conduct surveillance
personnel, the details of those models or products to those personnel.  All
documents, whether from a third party or an insurer, including but not limited
to working papers, third-party models or products, complaint logs, and copies
thereof, created, produced, or obtained by or disclosed to the commissioner or
any other person in the course of any market conduct actions made pursuant to
this article, or in the course of market analysis by the commissioner of the
market conditions of an insurer, or obtained by the National Association of
Insurance Commissioners as a result of any of the provisions of this article,
shall be confidential by law and privileged, shall not be subject to subpoena,
and shall not be subject to discovery or admissible in evidence in any private
civil action.



(b)  No waiver of any applicable privilege or claim
of confidentiality in the documents, materials, or information shall occur as a
result of disclosure to the commissioner under this section.



(c)  Market conduct surveillance personnel
shall be vested with the power to issue subpoenas and examine insurer personnel
under oath when such action is ordered by the commissioner.



(d)  Notwithstanding any other law to the
contrary, the commissioner may:



(1)  Share documents, materials, or other information,
including confidential and privileged documents, materials, or information
subject to subsection (a), with other state, federal, and international
regulatory agencies, law enforcement authorities, and the National Association
of Insurance Commissioners and its affiliates and subsidiaries; provided that
the recipient agrees to and has the legal authority to maintain the
confidentiality and privileged status of the documents, materials,
communications, or other information;



(2)  Receive documents, materials, communications, or
information, including otherwise confidential and privileged documents,
materials, or information, from the National Association of Insurance
Commissioners and its affiliates or subsidiaries, and from regulatory and law
enforcement officials of other foreign or domestic jurisdictions, and shall
maintain as confidential or privileged any document, material, or information
received with notice or the understanding that it is confidential or privileged
under the laws of the jurisdiction that is the source of the document,
material, or information; and



(3)  Enter into agreements governing the sharing and
use of information consistent with this subsection.



(e)  No insurer shall be compelled to disclose
an insurance compliance self-evaluative audit document or waive any statutory
or common law privilege, but may voluntarily disclose such document to the
commissioner in response to any market analysis, market conduct action, or
examination as provided in this article.



(f)  To encourage insurance companies and
persons conducting activities regulated under this code, both to conduct
voluntary internal audits of their compliance programs and management systems
and to access and improve compliance with state and federal statutes, rules,
and orders, an insurance compliance self-evaluative privilege is recognized to
protect the confidentiality of communication relating to voluntary internal
compliance with this State's insurance and other laws and that the public will
benefit from incentives to identify and remedy insurance and other compliance
problems.  It is further declared that limited expansion of the protection
against disclosure will encourage voluntary compliance and improve insurance
market conduct quality and that the voluntary provisions of this section will
not inhibit the exercise of the regulatory authority by those entrusted with
protecting insurance consumers.



  (g)(1)  Except as provided in subsections (h) and (i), an
insurance compliance self-evaluative audit is privileged information and is not
discoverable or admissible as evidence in any legal action in any civil,
criminal, or administrative proceeding. The privilege created herein is a
matter of substantive law of this State and is not merely a procedural matter
governing civil or criminal procedures in the courts of this State;



(2)  If any company, person, or entity performs or
directs the performance of an insurance compliance audit, an officer, employee
or agent involved with the insurance audit, or any consultant who is hired for
the purpose of performing the insurance compliance audit may not be examined in
any civil, criminal, or administrative proceeding as to the insurance
compliance audit or any insurance compliance self-evaluative audit document, as
defined in this section.  This subsection does not apply if the privilege set forth
in subsection (g)(1) of this section is determined under subsection (h) or (i)
not to apply;



(3)  A company may voluntarily submit, in connection
with examinations conducted under this article, an insurance compliance
self-evaluative audit document to the commissioner or the commissioner's
designee, as a confidential document under this section without waiving the
privilege set forth in this section to which the company would otherwise be
entitled; provided, however, that the provisions in this section permitting the
commissioner to make confidential documents public pursuant to this section and
access to the National Association of Insurance Commissioners shall not apply
to the insurance compliance self-evaluative audit document under other
provisions of applicable law, any such report furnished to the commissioner
shall not be provided to any other persons or [entities] and shall be accorded
the same confidentiality and other protections as provided above for
voluntarily submitted documents.  Any use of an insurance compliance
self-evaluative audit document furnished as a result of the inappropriate
treatment of customers has been remedied or that an appropriate plan for their
remedy is in place.



A company's insurance compliance
self-evaluative audit document submitted to the commissioner shall remain
subject to all applicable statutory or common law privileges including, but not
limited to, the work product doctrine, attorney-client privilege, or the
subsequent remedial measures exclusion.



Any compliance self-evaluative audit
document so submitted and in the possession of the commissioner shall remain
the property of the company and shall not be subject to any disclosure or
production under chapter 92;



(4)  Disclosure of an insurance compliance self-evaluative
audit document to a governmental agency, whether voluntary or pursuant to
compulsion of law, shall not constitute a waiver of the privilege set forth in
subsection (g)(1) with respect to any other persons or any other governmental
agencies;



  (h)(1)  The privilege set forth in subsection (g) does
not apply to the extent that it is expressly waived by the company that
prepared or caused to be prepared the insurance compliance self-evaluative
audit document;



(2)  In a civil or administrative proceeding, a court
of record, after an in camera review, may require disclosure of material for
which the privilege set forth in subsection (g) is asserted, if the court
determines one of the following:



(A)  The privilege is asserted for a fraudulent
purpose; or



(B)  The material is not subject to the
privilege;



(3)  In a criminal proceeding, a court of record,
after an in camera review, may require disclosure of material for which the
privilege described in subsection (g) is asserted, if the court determines one
of the following:



(A)  The privilege is asserted for a fraudulent
purpose;



(B)  The material is not subject to the
privilege; or



(C)  The material contains evidence relevant to
commission of a criminal offense under this code, and all three of the following
factors are present:



(i)  The commissioner or attorney general has a
compelling need for the information; and



(ii)  The information is not otherwise available;
and



(iii)  The commissioner or attorney general is
unable to obtain the substantial equivalent of the information by any other
means without incurring unreasonable cost and delay.



  (i)(1)  Within thirty days after the commissioner or
attorney general serves on an insurer a written request by certified mail for
disclosure of an insurance compliance self-evaluative audit document under this
subsection, the company that prepared or caused the document to be prepared may
file with the appropriate court a petition requesting an in camera hearing on
whether the insurance compliance self-evaluative audit document or portions of
the document are privileged or subject to disclosure.  Failure by the company
to file a petition waives the privilege for this request only;



(2)  A company asserting the insurance compliance
self-evaluative privilege in response to a request for disclosure under this
subsection shall include in its request for an in camera hearing all of the
information set forth in subsection (i)(5);



(3)  Upon the filing of a petition under this
subsection, the court shall issue an order scheduling, within forty-five days
after the filing of the petition, an in camera hearing to determine whether the
insurance compliance self-evaluative audit document or portions of the document
are privileged under this section or subject to disclosure;



(4)  The court, after an in camera review, may require
disclosure of material for which the privilege in subsection (g) is asserted if
the court determines, based upon its in camera review, that any one of the
conditions set forth in subsection (h)(2)(A) and (B) is applicable as to a
civil or administrative proceeding or that any one of the conditions set forth
in subsection (h)(3)(A) through (C) is applicable as to a criminal proceeding. 
Upon making such a determination, the court may only compel the disclosure of
those portions of an insurance compliance self-evaluative audit document
relevant to issues in dispute in the underlying proceeding.  Any compelled
disclosure will not be considered to be a public document or be deemed to be a
waiver of the privilege for any other civil, criminal, or administrative
proceeding.  A party unsuccessfully opposing disclosure may apply to the court
for an appropriate order protecting the document from further disclosure;



(5)  A company asserting the insurance compliance self-evaluative
privilege in response to a request for disclosure under this subsection shall
provide to the commissioner or attorney general, as the case may be, at the
time of filing any objection to the disclosure, all of the following
information:



(A)  The date of the insurance compliance
self-evaluative audit document;



(B)  The identity of the entity conducting the
audit;



(C)  The general nature of the activities
covered by the insurance compliance audit; or



(D)  An identification of the portions of the
insurance compliance self-evaluative audit document for which the privilege is
being asserted.



  (j)(1)  A company asserting the insurance compliance
self-evaluative privilege set forth in subsection (g) has the burden of
demonstrating the applicability of the privilege.  Once a company has
established the applicability of the privilege, the party seeking disclosure
under subsection (h)(2)(A) has the burden of proving that the privilege is
asserted for a fraudulent purpose. The commissioner or attorney general
seeking disclosure under subsection (h)(3) has the burden of proving the
elements set forth in subsection (h)(3);



(2)  The parties may at any time stipulate in
proceedings under subsection (h) or (i) to entry of an order directing that
specific information contained in an insurance compliance self-evaluative audit
document is or is not subject to the privilege provided under subsection (g). 
Any such stipulation may be limited to the instant proceeding and, absent
specific language to the contrary, shall not be applicable to any other
proceeding.



(k)  The privilege set forth in subsection (g)
shall not extend to any of the following:



(1)  Documents, communications, data, reports, or
other information expressly required to be collected, developed, maintained, or
reported to a regulatory agency pursuant to this code, or other federal or state
law;



(2)  Information obtained by observation or monitoring
by any regulatory agency; or



(3)  Information contained from a source independent
of the insurance compliance audit.



(l)  As used in this section:



"Insurance compliance audit" means a
voluntary, internal evaluation, review, assessment, audit, or investigation for
the purpose of identifying or preventing non-compliance with, or promoting
compliance with laws, regulations, orders, or industry or professional
standards, which is conducted by or on behalf of a company licensed or
regulated under this code, or which involves an activity regulated under this code.



"Insurance compliance self-evaluative
audit document" means documents prepared as a result of or in connection
with an insurance compliance audit.  An insurance compliance self-evaluative
audit document may include, but is not limited to, as applicable, field notes
and records of observations, findings, opinions, suggestions, conclusions,
drafts, memoranda, drawings, photographs, exhibits, computer-generated or
electronically recorded information, phone records, maps, charts, graphs, and
surveys, provided this supporting information is collected or developed for the
primary purpose and in the course of an insurance compliance audit.  An
insurance compliance self-evaluative audit document also includes, but is not
limited to, any of the following:



(1)  An insurance compliance audit report prepared by
an auditor, who may be an employee of the company or an independent contractor,
which may include the scope of the audit, the information gained in the audit,
and conclusions and recommendations, with exhibits and appendices;



(2)  Memoranda and documents analyzing portions or all
of the insurance compliance audit report and discussing potential
implementation issues;



(3)  An implementation plan that addresses correcting
past non-compliance, improving current compliance, and preventing future
non-compliance; or



(4)  Analytic data generated in the course of
conducting the insurance compliance audit.



(m)  The insurance compliance self-evaluative
privilege created by this legislation shall apply to all litigation or
administrative proceedings pending [on July 1, 2007].



(n)  Nothing in this section nor the release of
any self-evaluative audit document hereunder shall limit, waive, or abrogate
the scope or nature of any statutory or common law privilege including, but not
limited to, the work product doctrine, the attorney-client privilege, or the
subsequent remedial measures exclusion. [L 2007, c 227, pt of §1]



 



Revision Note



 



  "On July 1, 2007" substituted for "at the
effective date of this legislation".