New House Data Privacy Bill Could Limit State Insurance Regulators’ Authority

The insurance group wanted a change. Electronic privacy groups resent reliance on disclosure.

The new House of Representatives bill may change the forms and procedures you and your financial service providers use to protect the privacy of your clients.

Members of the House Financial Services Committee have raised a bill, HR 1165, the Data Privacy Act of 2023, along with other financial services bills.

The bill would update the data privacy provisions in the Gramm-Leach-Bliley Act of 1999. The bill would apply the same privacy rules to all channels of communication; expanding the terms of the privacy notice; making it easier for consumers to opt out of data sharing; and let federal data privacy standards precede state privacy standards.

One provision, section 5, may prevent state insurance regulators from imposing stricter insurance privacy restrictions than the privacy regulations applicable to other types of financial services organizations, such as banks.

Insurance industry groups called for many of the changes, and consumer groups criticized the bill’s reliance on privacy notices and opt-out provisions.

What does it mean

If HR 1165, or similar, becomes law, you may have to change the privacy notice you provided and update your website.

If you use an outside data provider in your marketing, the information provided by the service may change.


McHenry focused on disclosure and consumer choice when he drafted the bill.

Requirements for companies that collect consumer data to tell consumers what information to collect, how the information will be used, who has access to the information, and how data retention policies will work.

Companies should provide consumers with the opportunity to opt out of sharing any data that is not necessary to provide a product or service.

Consumers have the right to stop data collection and request data deletion at any time.

Provisions that predate state data privacy rules will “reduce compliance burdens and provide certainty for consumers and entities that handle their financial data,” according to McHenry.


McHenry put his bill on the agenda today for the House Financial Services Committee bill markup, or bill revision session.

This is the first House markup held during the current session of Congress. Other bills marked up relate to things like banking, national security, and efforts to combat public health emergencies.

McHenry was the sole sponsor of HR 1165, but he emphasized at the hearing that most of the other bills raised had Democratic or co-sponsoring as well as Republican sponsors, and that he wanted his committee to operate in a bipartisan fashion.

“This is not a messaging charge,” said McHenry. “We are the legislative committee. Our product is law… I am renewing my call to every member of this committee to share ideas with you. My door is open to both sides of the passage.”

McHenry describes HR 1165 as a modernization of Gramm-Leach-Bliley, not as an overhaul of financial data privacy laws.

The bill is the result of three years of work as House Financial Services Committee Republicans, and the drafters are seeking input from various parties, he said.

The House Financial Services Committee considers privacy bill HR 1165 at the bill’s markup meeting.

Insurance Industry Reaction

The group which includes the American Council of Life Insurers, American Property Casualty Insurance Association, Council of Insurance Agents and Brokers, Independent Insurance Agents and Brokers of America, Insured Retirement Institute, National Association of Insurance and Financial Advisors, and National Association of Mutual Insurance Companies has filed a letter of joint comment welcoming McHenry’s efforts but calling for changes, according to a draft letter provided by ACLI.

Industry groups asked McHenry to:

  • Add exceptions to the rules for insurance administration purposes, such as reinsurance and statistical data collection.
  • Limit the need to provide privacy notices to consumers who only wish to view coverage quotes or ask other simple questions.
  • Eliminate the need to send annual privacy notifications to product holders, such as single premium annuity products, where there may be no transactions for an extended period of time.
  • Ease of rules about how affected entities, such as small insurance agencies, should provide consumers with access to their information.
  • Give the company at least two years to comply with the new rules, after the new rules are finalized.

The National Association of Insurance Commissioners, a group of state insurance regulators, said they were aware of the bill and were involved with McHenry’s staff.

“We are also observing the committee’s markup today and monitoring progress on the bill,” NAIC said.

EPIC view

The Electronic Privacy Information Center, a privacy rights organization, says Gramm-Leach-Bliley’s approach to privacy protection is flawed because consumers don’t have much ability to use disclosure and opt-out provisions.

“Even if consumers had the time to read each privacy policy and statement, in many cases they would end up with very incomplete information,” EPIC told McHenry. “In reality, very few consumers read this notice or exercise their opt-out options.”

Another issue with HR 1165 is that adding consumer data brokers can give data brokers more protection, by protecting them from state regulations, than giving consumers data brokers more protection, says EPIC.

“Data traffickers have been selling data on military personnel to foreign adversaries and facilitating parental fraud,” said EPIC. “Foreign governments looking for private data on Americans can easily buy it from data brokers — no cyberattacks required.”

Lawmakers should not place data brokers under the Gramm-Leach-Bliley data privacy framework unless the privacy protections in HR 1165 are enforced and set a higher bar than existing state laws, EPIC said.

Photo: Chairman of the House Financial Services Committee Patrick McHenry, RN.C. (Photo: Home)

Check Also

Indian Railways Offer Travel Insurance Options Upto ₹10 Lakh, Here’s How To Avail It

In India, the Indian Railways Tourism and Catering Corporation (IRCTC) offers optional travel insurance for …

Leave a Reply

Your email address will not be published. Required fields are marked *