Policyholder Data Vault Contract Profile v0.1 draft. Profile of the AI Procurement Decision Card v0.3 vault-contract surface scoped to insurance-policyholder + insurance-claimant + insurance-applicant data categories. Names what tokenized / redacted / pseudonymized / cleartext access an AI insurance tool may have to which insurance-data category, under which
consent_basis, with what retention envelope, and aligned to ACORD + GLBA + state DOI vendor-due-diligence expectations.
Part of the Kinetic Gain Protocol Suite. Closes the InsurTech 6-pack.
Status: v0.1 draft. Profile at
profile.json, canonical example atexamples/coastguard-vendori-claimstriage-decision-card.json.
When an insurer onboards an AI vendor — a claims-triage system, a rating engine, an AVM-equivalent, a fraud-detection model — the Decision Card answers four questions that the state DOI examiner + GLBA privacy officer + procurement counsel all care about:
- Which insurance-data categories does this AI tool actually need?
- At what protection level — cleartext, tokenized, tokenized-with-band, pseudonymized, pseudonymized-with-EXIF-stripped, or tokenized-and-not-as-model-input-by-default?
- Under what consent basis — policy-application-signed, claim-submission-signed, GLBA privacy-notice-compliant, HIPAA-authorization (life + disability only), telematics-opt-in, smart-home-opt-in, or judicial order?
- With what retention envelope — max window, deletion trigger, right-to-be-forgotten pathway, regulator-record-retention floor?
This profile defines the InsurTech-specific shape of those answers. Sibling of phi-vault-contract-profile (HealthTech) + pii-student-vault-contract-profile (EdTech) + mls-data-access-vault-contract-profile (PropTech).
15 insurance-data categories with default protection levels, including:
- ACORD-family — identity, policy detail, claim detail, property detail, auto detail, loss run.
- External consumer data — credit-based insurance score (FCRA), telematics driving stream, smart-home sensor stream, medical-record summary (life + disability), wildfire / flood risk score, third-party marketing data.
- Media — aerial / satellite property imagery, claim photo / video (EXIF-stripped).
- Protected-class data — race, ethnicity, sex, national-origin, religion, disability, sexual orientation, gender identity (CO SB 21-169-named classes). Default: tokenized AND NOT a model input. State-specific overrides permitted only with explicit decision-card-level approval + actuarial-soundness defense.
policy-application-signed · claim-submission-signed · glba-financial-privacy-notice-compliant · hipaa-authorization-life-disability · telematics-opt-in-explicit · smart-home-opt-in-explicit · judicial-order-or-subpoena
| Level | Meaning |
|---|---|
cleartext |
Raw value reaches the AI tool as-is |
tokenized |
Stable token replaces raw value |
tokenized-with-band-cleartext |
Tokenized + coarse band (credit score 700–749) reaches model |
tokenized-with-summary-stats-cleartext |
Tokenized + summary stats (prior claim count, loss-amount band) reach model |
pseudonymized |
Synthetic identifiers |
pseudonymized-with-exif-stripped |
Pseudonymized + EXIF/geolocation/device-fingerprint stripped from images |
pseudonymized-with-aggregate-cleartext |
Pseudonymized + aggregate features (avg driving score) reach model |
tokenized-or-pseudonymized |
Insurer chooses, documented in Decision Card |
tokenized-and-not-as-model-input-by-default |
Stored tokenized; NOT a model input by default |
vendor-soc2-type2 · vendor-contract-with-audit-rights · vendor-bias-test-deliverable-cadence · vendor-data-residency-attestation · vendor-subprocessor-list-with-notice-window
examples/coastguard-vendori-claimstriage-decision-card.json — Coastguard Insurance's Decision Card for VendorI ClaimsTriage v3.x:
- 7 data categories mapped (identity tokenized, claim/property pseudonymized, loss-run tokenized-with-summary-stats, wildfire-flood score tokenized-with-band, claim photo EXIF-stripped, protected-class data tokenized-NOT-as-model-input).
- 3 consent bases (claim-submission-signed for ACORD + claim categories, GLBA-compliant for external risk score, policy-application-signed for protected-class data).
- Uniform retention envelope — P90D max, claim-closed+30d trigger, right-to-be-forgotten pathway URL, state DOI 7-year floor applies to Coastguard only (not vendor).
- 5 vendor due-diligence artifacts referenced.
- 3 ongoing conditions (quarterly bias-coverage bundle review, annual vendor due-diligence refresh, 30-day subprocessor change notification).
This is the Decision Card that the insurance-decision-record-audit-stream canonical example references via decision_card_ref, the insurance-applicant-bias-coverage-lab bundle reviews under the "quarterly-bias-coverage-bundle" condition, and the unfair-discrimination-incident-card-profile incident references via affected_decision_card_ref. The InsurTech 6-pack now closes the loop — every artifact references every other artifact via shared identifiers.
| Repo | Role |
|---|---|
decision-card-spec |
Base spec |
insurance-decision-record-audit-stream |
Audit events bound to this Decision Card |
insurance-applicant-bias-coverage-lab |
Bias-coverage bundle the Decision Card's quarterly-review condition references |
unfair-discrimination-incident-card-profile |
Incident Cards that reference this Decision Card |
naic-ai-bulletin-readiness-evidence-bundle |
Broader readiness bundle this Decision Card is filed under |
state-insurance-ai-disclosure-tracker |
Determines which state's obligation set applies on the issued_at date |
phi-vault-contract-profile |
Sibling HealthTech vault contract |
pii-student-vault-contract-profile |
Sibling EdTech vault contract |
mls-data-access-vault-contract-profile |
Sibling PropTech vault contract |
InsurTech-readiness scaffolding for AI Procurement Decision Card vault-contract evidence specific to insurance-policyholder + insurance-claimant + insurance-applicant data. Supports an insurer's program toward ACORD data handling readiness, GLBA Safeguards readiness, NAIC AI Model Bulletin §4 third-party AI oversight readiness, CO SB 21-169 protected-class-data handling readiness, NY DFS Circular Letter No. 7 ECDIS governance readiness, HIPAA Authorization handling (life + disability lines), and state DOI vendor due-diligence readiness. Does not by itself establish compliance with GLBA Safeguards, HIPAA, or any state DOI regulation. Per the standing public-language guardrail: readiness · evidence · posture · controls · scaffolding — never "GLBA-compliant" or "NAIC-attested" without an external attestation.
MIT — see LICENSE.