§431:2D-107 Confidentiality requirements. (a) Except as otherwise provided by law, market conduct surveillance personnel shall have free and full access to all books and records, employees, officers, and directors, as practicable, of the insurer during regular business hours. An insurer using a third-party model or product for any of the activities under examination shall provide, upon the request of market conduct surveillance personnel, the details of those models or products to those personnel. All documents, whether from a third party or an insurer, including but not limited to working papers, third-party models or products, complaint logs, and copies thereof, created, produced, or obtained by or disclosed to the commissioner or any other person in the course of any market conduct actions made pursuant to this article, or in the course of market analysis by the commissioner of the market conditions of an insurer, or obtained by the National Association of Insurance Commissioners as a result of any of the provisions of this article, shall be confidential by law and privileged, shall not be subject to subpoena, and shall not be subject to discovery or admissible in evidence in any private civil action.
(b) No waiver of any applicable privilege or claim of confidentiality in the documents, materials, or information shall occur as a result of disclosure to the commissioner under this section.
(c) Market conduct surveillance personnel shall be vested with the power to issue subpoenas and examine insurer personnel under oath when such action is ordered by the commissioner.
(d) Notwithstanding any other law to the contrary, the commissioner may:
(e) No insurer shall be compelled to disclose an insurance compliance self-evaluative audit document or waive any statutory or common law privilege, but may voluntarily disclose such document to the commissioner in response to any market analysis, market conduct action, or examination as provided in this article.
(f) To encourage insurance companies and persons conducting activities regulated under this code, both to conduct voluntary internal audits of their compliance programs and management systems and to access and improve compliance with state and federal statutes, rules, and orders, an insurance compliance self-evaluative privilege is recognized to protect the confidentiality of communication relating to voluntary internal compliance with this State's insurance and other laws and that the public will benefit from incentives to identify and remedy insurance and other compliance problems. It is further declared that limited expansion of the protection against disclosure will encourage voluntary compliance and improve insurance market conduct quality and that the voluntary provisions of this section will not inhibit the exercise of the regulatory authority by those entrusted with protecting insurance consumers.
(k) The privilege set forth in subsection (g) shall not extend to any of the following:
(l) As used in this section:
"Insurance compliance audit" means a voluntary, internal evaluation, review, assessment, audit, or investigation for the purpose of identifying or preventing non-compliance with, or promoting compliance with laws, regulations, orders, or industry or professional standards, which is conducted by or on behalf of a company licensed or regulated under this code, or which involves an activity regulated under this code.
"Insurance compliance self-evaluative audit document" means documents prepared as a result of or in connection with an insurance compliance audit. An insurance compliance self-evaluative audit document may include, but is not limited to, as applicable, field notes and records of observations, findings, opinions, suggestions, conclusions, drafts, memoranda, drawings, photographs, exhibits, computer-generated or electronically recorded information, phone records, maps, charts, graphs, and surveys, provided this supporting information is collected or developed for the primary purpose and in the course of an insurance compliance audit. An insurance compliance self-evaluative audit document also includes, but is not limited to, any of the following:
(m) The insurance compliance self-evaluative privilege created by this legislation shall apply to all litigation or administrative proceedings pending [on July 1, 2007].
(n) Nothing in this section nor the release of any self-evaluative audit document hereunder shall limit, waive, or abrogate the scope or nature of any statutory or common law privilege including, but not limited to, the work product doctrine, the attorney-client privilege, or the subsequent remedial measures exclusion. [L 2007, c 227, pt of §1; am L 2016, c 141, §2]