The House Financial Services Committee passed the Data Privacy Act in a partisan vote of 26-21 on the evening of February 28 after lengthy debate. The bill would revise existing federal standards created by the 1999 Gramm-Leach-Bliley Act (GLBA) that protect consumer data by expanding the requirements imposed on “financial institutions,” including independent insurance agencies, that collect and retain consumer data as part of their normal business operations. One goal of the bill is to create a uniform national standard that would govern all financial institutions’ use of consumers’ nonpublic personal information (NPI).
All 50 states established insurance regulatory regimes in response to the passage of GLBA, and those regimes remain in place. For that reason, PIA opposes the development of a prescriptive federal legislative structure that would be duplicative of, and would improperly encroach on, state regulatory authority. Insurance is unique among financial services in that it already protects consumer data via state laws and regulations.
PIA continues to have concerns about this legislation and cannot support it in its current form, primarily because the bill would almost certainly force state insurance regulators to apply unworkable federal banking regulations to insurance agencies.
As passed out of committee yesterday, the legislation would impose unsuitable requirements on insurance agencies, which are already comprehensively regulated at the state level. Any regulations or rules issued for the purpose of implementing the bill’s requirements should be developed by each state’s insurance regulator in the state where an insurance agency is domiciled. Independent insurance agencies should not be regulated by federal banking regulators in Washington, D.C. Federal banking regulators’ expertise should be used to regulate national banks, not local independent insurance agencies.
PIA will continue to work with policymakers to ensure that consumer data is protected while also ensuring that any federal requirements are broad enough to permit state insurance regulators to interpret and implement them in a workable and realistic way for insurance agencies, just as the successful state insurance regulatory system has for over 150 years.