House Subcommittee Holds Hearing on Federal Data Privacy Bill

The House Financial Services Committee’s Subcommittee on Financial Institutions and Monetary Policy held a hearing today entitled, “Revamping and Revitalizing Banking in the 21st Century.” One of the bills discussed during the hearing, the Financial Data Privacy Act, seeks to revise existing federal standards for consumer data privacy by expanding the requirements associated with the handling of consumer data for “financial institutions,” including insurance agencies.

PIA appreciates the Committee’s attention to the protection of consumer data; however, we have had concerns about the draft legislation that was part of today’s subcommittee hearing. In advance of the hearing, PIA expressed these concerns to the committee and highlighted the challenges this bill would create for independent insurance agencies. While there have been improvements to the latest draft of the bill that address some of our concerns, PIA will continue to engage with the committee about the impact that this bill could have on insurance agencies.

This issue is complicated by the fact that insurance is properly regulated at the state level.  In fact, state insurance regulators have been overseeing the use of consumer data by insurance entities for years. The passage of the Gramm-Leach-Bliley Act (GLBA) in 1999 changed the way “financial institutions,” including insurance agencies, were required to handle consumer data. But, in a clear acknowledgement of the primacy of state regulation of insurance, the GLBA explicitly cites the McCarran-Ferguson Act, which returned regulatory oversight of insurance to the states. To facilitate the states’ compliance with their new GLBA regulatory obligations, in response, the National Association of Insurance Commissioners (NAIC) passed its Privacy of Consumer Financial and Health Information Regulation model (MDL-672). The NAIC’s GLBA model law is the current law in every state.

Recently, the NAIC’s Privacy Protections (H) Working Group announced its intent to replace its 1992 Insurance Information and Privacy Protection model and its GLBA model with one new model that will be known as the Insurance Consumer Privacy Protection Model Law. An initial draft was published in early 2023.

PIA will continue to work with the committee and policymakers on this important issue in the coming weeks.