The internet and electronic mail have significantly changed the way insurance companies and agents transact business. In an effort to be more efficient, reduce expenses, and for environmental reasons, many insurance companies would like to go paperless to the extent they are permitted and in accordance with appropriate risk management considerations.
Many carriers are considering and even implementing procedures for electronic transactions with their agents, customers, and insureds. One area of interest relates to the obligation of a carrier to deliver its insurance policy to the insured and the propriety of doing so by an electronic transaction. This article will review Florida's law on this subject and some of the issues that need to be considered and addressed for electronic policy delivery.
I. Contract Delivery Requirement
The Florida Insurance Code (the "Code") requires that "every policy shall be mailed or delivered to the insured."1 However, the Code does not specifically address the propriety of electronic transmission of a policy in satisfaction of this delivery requirement. Further, Florida case law does not offer specific guidance on this issue. This is, in part, because electronic transactions as we know them today would not have been contemplated when the delivery statute was drafted in 1959.2 However, in 2000, a significant piece of Florida legislation governing the electronic delivery of information that is required to be in writing was enacted.
II. The Electronic Signatures in Global and National Commerce Act and Florida's Uniform Electronic Transaction Act
To address the enforceability of electronic documents and signatures and encourage electronic commerce, Congress enacted the federal Electronic Signatures in Global and National Commerce Act ("ESIGN").3 Among other standards, ESIGN provides that with respect to transactions in or affecting interstate or foreign commerce, a signature, contract, or other record relating to the transaction may not be denied legal effect solely because it is in electronic form.4 ESIGN's scope specifically includes the business of insurance.5
ESIGN provides that state laws and regulations may modify, limit, or supersede its provisions when state laws are promulgated pursuant to ESIGN's requirements.6 State laws that constitute an enactment or adoption of the Uniform Electronic Transactions Act ("UETA"), developed by the National Conference of Commissioners on Uniform State Laws, meet this criteria, with limited exception.7 ESIGN governs transactions involving interstate or foreign commerce in the absence of an applicable state law.
Florida enacted the UETA in 2000 with minor variations from the original model and, as a result, that law is the governing Florida authority concerning electronic records relating to a transaction and supersedes the provisions of ESIGN.8 Under the UETA, a "transaction" is defined as "an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, insurance, or governmental affairs."9
A transaction may be conducted electronically when each party to the transaction agrees.10 Whether the parties have agreed to conduct an electronic transaction is determined from "the context and surrounding circumstances, including the parties' conduct."11 In essence, the parties must voluntarily agree to conduct a transaction electronically. "Agreement" is defined as "the bargain of the parties in fact, as found in their language or inferred from other circumstances and from rules, regulations, and procedures given the effect of agreements under laws otherwise applicable to a particular transaction."12
If the parties have agreed to conduct a transaction electronically, required written communications and documents may be provided, sent, or delivered in an electronic record capable of retention by the recipient.13 In this statutory context, the issue is whether "delivery" of a policy under the Code may be effectuated in accordance with the UETA and how to prove that delivery was made.
III. Delivery Under Florida's Uniform Electronic Transaction Act
The UETA provides, in pertinent part,
If parties have agreed to conduct a transaction by electronic means and a provision of law requires a person to provide, send, or deliver information in writing to another person, the requirement is satisfied if the information is provided, sent, or delivered, as the case may be, in an electronic record capable of retention by the recipient at the time of receipt.14
With respect to sending electronic documents, the UETA provides that, unless otherwise agreed between the sender and the recipient, an electronic record is sent when the record:
1. Is addressed properly or otherwise directed properly to an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record.
2. Is in a form capable of being processed by that system.
3. Enters an information processing system outside the control of the sender or of a person that sent the electronic record on behalf of the sender or enters a region of the information processing system designated or used by the recipient which is under the control of the recipient.15
An electronic record is received when:
1. The record enters an information processing system that the recipient designated for the purpose of receiving electronic records or information;
2. The recipient is able to retrieve the electronic record; and,
3. The electronic record is in a form capable of being processed by that system.16
One of the unique features of the UETA is its use of broad language in order to encompass different types of technology. For example, information may be sent/received by using e-mail or by using some type of secure internet portal, or any other type of system that complies with the statute.
The UETA further provides that an electronic record is received even if the recipient is not aware of its receipt.17 Thus, in the context of delivery of an insurance policy, the UETA seems to impose a slightly different standard since the delivery statute under the Code does not address the issue of whether the recipient's knowledge of receipt is relevant. In the context of litigation, a court could potentially rely upon this distinction when interpreting the parallel statutory requirements under the Code and the UETA. The insurer would have the burden of proving the policy was delivered under the Code. If the insured provides evidence that he or she was never aware of the electronic delivery of the policy and a valid rationale, it could seriously hamper or derail the insurer's claim of policy delivery, if for no reason other than from a burden of persuasion point of view.18
In any event, an insured may be able to successfully argue that the policy was not delivered because one or more of the UETA criteria has not been proven by the insurer.19 If electronic delivery of the policy is to be utilized by the insurer or agent, an information technology feature needs to be implemented to ensure that the policy enters a processing system designated by the insured and the insured can retrieve and process the policy. The insurer would need to be able to establish these elements not only at the time of policy initiation, but also in later years during renewals and modifications.
The issue of electronic delivery recently arose in New York. The following question was presented to the New York Insurance Department: "May an insurance policy that has been issued and executed on the Internet be considered a properly delivered and valid insurance contract if the insured prints the policy from the Internet on the insured's personal computer?"
The New York Office of General Counsel ("NYOGC") issued an opinion on behalf of the Insurance Department on January 6, 2009. The opinion concluded as follows:
Yes. Nothing in the Insurance Law or regulations promulgated thereunder prohibits an insurance company from issuing and delivering an insurance policy to an insured via the Internet if the insured has consented to receiving electronic documents. The electronic documents must conform to applicable substantive and formatting requirements of the Insurance Law and any other applicable laws.20
The NYOGC arrived at its conclusion by analyzing ESIGN's general purpose that an electronic record will not be denied legal effect, validity, or enforceability solely because it is in electronic form. In a previous opinion, the NYOGC defined the term "electronic record," as referenced in the New York Electronic Signatures and Records Act21 to include insurance policy forms and certificates. As such, in New York, an insurer can notify its insured by e-mail that certain electronic insurance documents are available to view on the internet.22
The issue presented was based on the insured printing the policy. Along with a general consumer-oriented interpretation of the Code, this factor could be used as a defining distinction in supporting a conclusion that the Code's requirement of delivery involves proof of actual delivery and knowledge of receipt that is not necessary under the UETA. However, previous opinions issued by the NYOGC did not address the necessity of the insured printing the electronic document, but rather seem to have given more importance to securing the insured's consent to the electronic transaction.23 The NYOGC opinions offer some insight as to the application of the UETA and ESIGN, although they are not binding in Florida and there is no guarantee their holdings would be applied in Florida.
IV. Further Issues With Proof of Delivery
In another context regarding notices of policy cancellation and nonrenewal, the Code provides that an insurer must give the insured written notice of cancellation, nonrenewal, and renewal premium within a certain amount of time.24 In order to provide an insurer with a method of proving that notice was sent to the insured, the Florida Department of Financial Services promulgated Rule 69O-167.010, Fla. Admin. Code, which enables an insurer to establish a procedure for proving that the information was sent. The rule provides that when an insurer is required to provide written notice to an insured regarding the cancellation or nonrenewal of a property or casualty insurance policy and the insurer does so through the mail, proof of mailing may be evidenced by certified or registered mail service of the United States Postal Service or by using a proof of mailing form.25 The insurer may alternatively establish another system provided that the system clearly indicates the method of notification, the name of the insured, the policy number, and the date mailed.26
No comparable proof of delivery statute or regulation exists with regard to insurance policies or electronic transmissions. Notwithstanding, it would be useful for insurers to develop a procedure under Florida's policy delivery statute, so they can prove delivery to the policyholder. One way to prove delivery in the context of an electronic transmission is to require the insured to confirm that he or she has received the policy. There are certain specific technical logistics and legal and regulatory issues that should be considered prior to implementing an electronic policy delivery procedure, including the gathering and retention of confirmations of delivery through an appropriate electronic mechanism, receipts of actual delivery, and consideration of appropriate alternatives in the event of failure of electronic delivery.
V. Privacy Policies and the Disclosure of Nonpublic Information
In accordance with the Gramm-Leach-Bliley Act,27 insurers are required to provide the consumer with the company's privacy policy the first time the insurer and the consumer transact business together and on an annual basis.28 In addition, insurers are not permitted to share nonpublic information with a nonaffiliated third party unless certain exceptions are met.29 One exception permits the insurer to share nonpublic information with a nonaffiliated third party "as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer."30
Depending on the type of procedure the insurance company implements, providing an insured's policy via an internet site or sending the policy to an insured's e-mail may involve disclosure of nonpublic information to a nonaffiliated third party. Also, procedures to ensure data security need to be addressed and implemented.
An insurance company's privacy policy should be reviewed and may have to be amended in order to permit electronic transactions. Further, the insurer may have to enter into an agreement with any unaffiliated third parties involved in the electronic transactions. The agreement would have to provide, among other aspects, that the third parties have to maintain the confidentiality of the nonpublic information.31
VI. Conclusion
Electronic commerce has become imbedded as a standard and reliable method of operation in the business and insurance community. That said, many of Florida's laws, such as the Code, have not been updated to address the many issues unique to electronic transactions.
The Code does not specifically prohibit, nor does it specifically provide for, the use of electronic means to deliver an insurance policy. In general terms, it appears an insurer may deliver insurance policies by electronic means under section 627.421, Fla. Stat.; however, insurance companies and agents should implement procedures that will ensure proper, verifiable delivery of the policy under applicable law and adherence to data security and privacy concerns related to this method of delivery.
* The authors would like to acknowledge the valuable efforts of Elizabeth M. Fohl in the preparation of this article.