A Senate bill that would reportedly create the country’s most restrictive privacy standards passed the full Senate and is pending in the Assembly, where it was heard June 17 in the Assembly Banking and Finance Committee.
Senate Bill 1 would require financial institutions to offer an “opt-out” option to consumers prior to sharing their personal information with affiliate companies, and an “opt-in” option before disclosing such information to nonaffiliated third parties, according to the Association of California Insurance Companies (ACIC), which is opposing the measure.
“ACIC believes that existing California law adequately protects consumers who provide private personal information to insurers operating in this state,” said Jeff Fuller, ACIC executive vice president and general counsel, in a letter to the California Assembly Banking and Finance Committee chair.
“Both state and federal law recognize that insurers routinely must gather and utilize private information about policyholders, claimants and others involved in the insurance system, but also provide comprehensive regulations on insurers’ collection, use, and disclosure of private information. In addition, the Department of Insurance states that it has not received any consumer complaints on policyholders’ personal information being mishandled by insurers.”
The central features of the current privacy issue before the legislature are identity theft and the selling of personal information to third parties for their own use, Fuller said. Any legislation enacted in this area should focus on strengthening efforts to enforce current laws penalizing identity theft and preventing the unrestricted sale and disclosure of non-public, personal information by businesses to nonaffiliated third parties, he added.
“Insurers do not engage in the selling of private information by businesses to other businesses and would enthusiastically support enhanced law enforcement against identity theft,” Fuller said. “Clearly, insurance companies are not part of the privacy problem in California.”
Insurers must comply with the California Insurance Information and Privacy Protection Act, adopted in 1980, and the federal Gramm-Leach-Bliley Act, enacted in 1999. Both laws enable insurers who transact business in multiple jurisdictions to rely on standardized insurance information practices among the states. The laws stipulate that insurers must provide to policyholders their privacy practices and circumstances under which specific types of personal information will be disclosed; the opportunity for a policyholder to correct, amend or delete portions of an insurer’s recorded personal information; and the opportunity for a policyholder to prevent the disclosure of information for marketing purposes. The laws also provide specified fines and penalties—including revocation of an insurer’s license— for violations. Also, the Department of Insurance recently adopted detailed regulations on insurer privacy practices, effective on March 24, which specify the content and frequency of privacy notices and to whom the notices must be sent.
“For insurers that operate nationally, uniformity of privacy regulation throughout the country is extremely important to both minimize costs of compliance and optimize benefit to consumers,” Fuller wrote. “Indeed, for any business that operates nationally, enactment of a ‘California-only’ privacy regulatory scheme will only further blemish the attractiveness of California’s business climate. Given the state of the economy, this is no time to be imposing additional cost burdens on California businesses that would impair their competitive positions countrywide.”
Editor’s note: SB1 was heard June 17 in the Assembly Banking and Finance Comittee. The bill failed in the committee with a 3-7 vote and 2 non-votes. “We think it’s encouraging; it’s a great result for us,” Heather Ryndak, of the NAII, said. Ryndak added, “In all likelihood, it might be granted reconsideration [in the next session].”
Was this article valuable?
Here are more articles you may enjoy.