Privacy Rights Clearinghouse
Comments submitted to the California Department of Insurance by:
Privacy Rights Clearinghouse
Daniel M. Goodell, Senior Staff Counsel
California Department of Insurance
45 Fremont Street 21st Floor
San Francisco, California 94105
e-mail: PubComments.firstname.lastname@example.org 
RE: Pay-Drive Usage-Based Auto Insurance
File No. REG-2008-00020, Second Proposed Amended Regulation Text 
Dear Mr. Goodell:
The Privacy Rights Clearinghouse1 and PrivacyActivism2 appreciate the opportunity to comment on the California Department of Insurance (DOI or Department) latest amendments to the pay-drive insurance regulations. Both groups are California-based nonprofit organizations.
PRC and PrivacyActivism have commented before on the DOI’s pay-drive regulations.3 We agree that a pay-drive plan that offers financial incentives for those who drive infrequently or who may choose to carpool or take public transportation has enormous potential for reducing traffic and protecting the environment. There is no dispute about the intended goals and possible benefits to be gained through offering California drivers a pay-drive option.
We respectfully disagree with the Commissioner’s statements in his August 3, 2009, press release that the regulations protect the privacy of California drivers. Also, regrettably, neither the Department’s press release nor the amended regulations explain how the privacy of California drivers is protected.
We believe it is not. Instead the regulations still fall short on privacy protections in several respects. For example:
1. Consumers have no choice but to accept onboard technology. The regulations allow a driver to choose between a policy based on actual, verified mileage or one that is based on estimated mileage. However, a driver who wants to lower premiums through a pay-drive scheme must agree to the insurer’s terms about how mileage is verified.
This is so, even though the regulations allow for other, easily authenticated, methods for verifying mileage such as repair bills and records of official smog stations. In the end, it is the insurer, not the driver, who chooses to have mileage verified through an onboard device.
This ends up forcing drivers to either choose a privacy-invasive pay-drive scheme, or to forego any of the benefits that might be gained from a pay-drive scheme in order to protect their privacy. It’s not a reasonable choice for the consumer. Further, if a voluntary pay-drive system were to morph into a mandatory scheme, the ”choice” becomes even more unreasonable: use the system or don’t drive if you want to protect your privacy
2. Consumers receive no notice, under the regulations, about the kinds of data an onboard device might collect, how or for how long that data is to be stored, or the potential uses of the data, either by the insurer, or another party. The regulation now says that “An insurer shall only use a technological device to collect information for determining actual miles driven…”. As we have said in previous comments, even this restriction on use by insurers does not shield collected data from a subpoena or other legal process.
In addition, it is significant that the regulation places restrictions only on the “use” of data collected by a device. The clear implication here is that technological devices may collect all manner of data so long as the insurer only uses the data to determine actual miles. It is beyond the realm of reason to assume that manufacturers will make and insurers will provide drivers with a technological device that records only actual mileage. Indeed creation of such a device is superfluous since it already exists in the form of an odometer installed on all vehicles.
The best way to protect a consumer’s locational privacy is to not collect the data in the first place. And as we stated above, an odometer reading is all that is really necessary. But because insurers may collect all manner of data, all of that data will be stored along with the actual miles data. Data retention issues arise because now not only are we looking at the storage of actual miles data, but of all other data that happens to be collected. There is no requirement that the data should be deleted after a certain point in time, so the data may be available for a long time to come.
3. Consumers’ data collected through onboard technology may be used for purposes other than verifying miles. In previous versions of the proposed regulation, DOI specified that data could only be used to calculate insurance rates. To delete this restriction suggests that data collected may someday be used to calculate rates based on collected data such as time and driving habits. For example, it is not a stretch to foresee a time when a nurse who works the night shift pays a higher pay-drive premium than her co-worker with the same good driving record, who drives the same distance, but works the day shift. As we have frequently said, once consumers are comfortable with an onboard device, small changes can essentially eat into privacy protections without the driver even realizing it or objecting to incrementally more privacy-intrusive measures.
Because the system is so opaque, not only may our nurse not realize what incremental changes are being made, but she may not know how a decision was made about her premiums, or what to dispute.
As the Electronic Frontier Foundation stated in its paper on locational privacy:
Preserving locational privacy is about maintaining dignity and confidence as you move through the world. Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts.”
Suppose that an insurance company manages to obtain a record of Alice's movements over the past year, and decides that there is some aspect of that record which is grounds for raising her premiums or denying her coverage. The problem with that decision is not just that it is unfair, but that Alice may have no ability to dispute it. If the insurance company's reasoning is misinformed, will Alice have a practical way of knowing that and disputing it?4
Public acceptance of a pay-drive option depends on drivers being assured that adequate privacy protections are in place. To accomplish this, DOI should revise the current regulations as follows:
- Actual mileage should not be measured by onboard technological devices since numerous alternatives exist for verifying mileage. The regulations incorporate other perfectly adequate methods to verify mileage. Mileage verified through odometer readings by an employee of the insurer, an automotive repair dealer or licensed smog check station is just as reliable as an onboard device. An onboard device that an insurer has the option to require serves no useful purpose but instead raises significant privacy concerns.
- If onboard devices are allowed at all, drivers should have the choice about the method used to verify actual mileage.
- If technological devices are allowed, DOI should specifically prohibit the collection of any data except actual mileage.
- If data other than actual mileage is collected by onboard devices, drivers should receive specific notice of the kinds of data being collected as well as the potential uses of that data. Further, drivers should be able to turn off any extra features.
DOI may well choose to adopt the pay-drive regulations as proposed. If so, the DOI should, as a minimum, issue a declaratory statement explaining why each of the amendments was made and how those amendments protect the privacy of California drivers.
While we agree with the potential benefits of a pay-drive plan as outlined in the August 3, 2009, press release, neither the release itself nor the amendments offer any insight into DOI’s rationale for making these changes. Until DOI explains these changes, the public rulemaking record is not complete.
For the reasons stated above, we continue to believe that the pay-drive regulations raise significant privacy concerns for California drivers.
The PRC and PrivacyActivism, again, appreciate the opportunity to comment on the DOI’s proposed pay-drive regulations.
Beth Givens, Director
Tena Friery, Research Director
Privacy Rights Clearinghouse
3100 5th Ave.
San Diego, CA 92103
Web: www.privacyrights.org 
4026 18th Street SF, CA 94114
Web: www.privacyactivism.org 
1 The Privacy Rights Clearinghouse is a nonprofit consumer education and advocacy organization based in San Diego, CA, and established in 1992. The PRC advises consumers on a variety of informational privacy issues, including financial privacy, medical privacy and identity theft, through a series of fact sheets as well as individual counseling available via telephone and e-mail. It represents consumers’ interests in legislative and regulatory proceedings on the state and federal levels. www.privacyrights.org 
2Privacy Activism is a nonprofit organization whose goal is to enable people to make well-informed decisions about the importance of privacy on both a personal and a societal level. www.privacyactivism.org 
3 See previous comments dated July 9, 2009, www.privacyrights.org/ar/PayasYouDriveCommentsJuly09.htm , and June 18, 2008 www.privacyrights.org/ar/PAYD-Insur-Comments080618.htm