New House Data Privacy Bill Could Limit State Insurance Regulators' Authority

McHenry is the only sponsor of H.R. 1165, but he emphasized at the hearing that most of the other bills being marked up have Democratic sponsors or co-sponsors as well as Republican sponsors, and that he wants his committee to operate in a bipartisan way.

“These are not messaging bills,” McHenry said. “We are a legislating committee. Our product is legislation… I renew my call to every member of this committee to bring you ideas to me. My door is open to both sides of the aisle.”

McHenry described H.R. 1165 as a modernization of Gramm-Leach-Bliley, rather than as an overhaul of financial data privacy laws.

The bill is the product of three years of work be House Financial Services Committee Republicans, and drafters sought input from a wide range of parties, he said.

The House Financial Services Committee considered the H.R. 1165 privacy bill at a bill markup meeting.

Insurance Industry Reactions

A group that includes the American Council of Life Insurers, the American Property Casualty Insurance Association, the Council of Insurance Agents and Brokers, the Independent Insurance Agents and Brokers of America, the Insured Retirement Institute, the National Association of Insurance and Financial Advisors and the National Association of Mutual Insurance Companies has submitted a joint comment letter welcoming McHenry’s efforts but asking for changes, according to a draft of the letter provided by the ACLI.

The industry group is asking McHenry to:

Add exceptions to the rules for insurance administration purposes, such as reinsurance and collection of statistical data.
Limit the need to provide privacy notices to consumers who simply want to see coverage price quotes or make other simple inquiries.
Eliminate the need to send annual privacy notices to holders of products, such as single-premium annuity products, where there might not be any transactions for a long period of time.
Ease the rules for how affected entities, such as small insurance agencies, must provide consumers with access to their information.
Give companies at least two years to comply with any new rules, once the new rules are completed.

The National Association of Insurance Commissioners, a group for state insurance regulators, said that it’s aware of the bill and is engaging with McHenry’s staff.

“We are also watching today’s committee markup and monitoring the bill’s progress,” the NAIC said.

EPIC’s View

The Electronic Privacy Information Center, a privacy rights organization, says the Gramm-Leach-Bliley approach to privacy protection is flawed because consumers lack much ability to use the disclosure and opt-out provisions.

“Even if consumers had the time to read every privacy policy and statement, they would in most cases come away with woefully incomplete information,” EPIC told McHenry. “In reality, very few consumers read these notices or exercise their opt-out option.”

Another problem with H.R. 1165 is that adding consumer data brokers could give the data brokers more protection, by shielding them from state regulation, rather than giving consumers more protection against data brokers, EPIC said.

“Data brokers have sold data on military personnel to foreign adversaries and facilitated elder scams,” EPIC said. “Foreign governments seeking personal data on Americans can simply purchase it from a data broker — no cyberattack needed.”

Lawmakers should not put data brokers under the Gramm-Leach-Bliley data privacy framework unless the privacy protections in H.R. 1165 are imposed and set a higher standard than existing state laws, EPIC argued.

Pictured: House Financial Services Committee Chair Patrick McHenry, R-N.C. (Photo: House)