All Bets Off On Calif. Privacy Standards

A second possibility is Assembly Bill 1775, sponsored by Assemblyman Joe Nation, D-San Rafael, and heard by the Judiciary Committee on May 7. Ellen Corbett, D-San Leandro, who chairs the Assembly Judiciary Committee, noted that due to insufficient votes to move the bill out, it is being held in committee.

Bills can be considered through the end of the session, but for practical purposes, policy committees of origin had to pass them to the full Assembly by May 17 if they hoped to be considered using typical procedures. The final two weeks in May are earmarked for budget matters. AB 1775 could be heard after that only if a rule waiver is granted.

The draft has been opposed by financial services firms and consumer advocates for diametrically opposite reasons. Companies say it is too tough, while consumer organizations say it needs to be tougher. Insurers oppose the bill for several reasons, but say they are willing to work on a new version.

The current draft has an opt-in requirement for non-affiliates, said Sam Sorich, senior vice president and general counsel with the National Association of Independent Insurers in Des Plaines, Ill.

There is also an opt-out requirement for the sharing of nonpublic personal information with affiliates, a provision Mr. Sorich noted is not in GLB.

He also pointed out that California has existing privacy protections based on the National Association of Insurance Commissioners Insurance Information and Privacy Protection model act, also known as the 1982 model act. Currently, there is no language in the Nation bill to bridge its requirements to existing mandates, Mr. Sorich added.

John Mangan, director of state relations with the American Council of Life Insurers in Washington, pointed out some of the technical changes AB 1775 has undergone. For instance, the definition of "sensitive information" was altered so that it does not include information, such as gender, that is already in the public domain, he said.

There was also an attempt to clarify a section on notice provisions that would have required separate notices to be sent out in California, he stated. However, Mr. Mangan said it is unclear at this point whether the new wording achieves that goal. The bill also would hold insurers responsible for both their own compliance and the actions of third parties with whom they work in marketing financial services, he said.

Among the consumer advocates voicing their views at the May 7 Judiciary Committee hearing was Consumers Union. The San Francisco-based group outlined concerns that include the need to amend the bill so that it generally covers the sharing of information. The organization also maintains that instead of the "sensitive information" definition, GLB's nonpublic personal information definition should be used. Consumers Union also advocates a $500,000 damages cap on suits alleging negligent violations, and no cap on those involving "knowing and willful violations."

Another option that could be revisited is Senate Bill 773, sponsored by State Senator Jackie Speier, D-Hillsborough, which is languishing on the Assembly floor. The bill can be acted upon until the end of the session on Aug. 31.

Insurers view this bill as too restrictive. "That is definitely worse," said Rey Becker, vice president, property-casualty, with the Alliance of American Insurers in Downers Grove, Ill. He said that the privacy issue should be addressed one step at a time. Therefore, lawmakers should try to establish standards to bring the state into conformity with GLB before "throwing out the system and starting with something new."

Mr. Becker said that if legislation is not enacted, there remains the insurance department's anticipated regulation, as well as the possibility that the legislature could take the issue up again in the next session. Another possibility is that the legislature will conduct a study on privacy, he suggested.

"What [AB 1775's status] means in the long haul, we just don't know," admitted Bill Gausewitz, assistant vice president in the American Insurance Association's Western office in Sacramento. He noted two major legislative distractions that could delay action on a comprehensive privacy bill–a projected state budget deficit of over $20 billion, and a potential state cash-flow shortage next month.

However, two other privacy-related bills that are narrower in focus–AB 1856, also sponsored by Mr. Nation, and AB 2297, sponsored by Assemblyman Joe Simitian, D-Palo Alto–are ready to be taken up by the full Assembly.

AB 2297 would require Internet sites to post a privacy policy, adhere to it, and notify a party of violations of that policy, he added.

The bill is tied to California's Business and Professional Code 17200, which, by allowing consumers to sue, would be "an open invitation to class action suits," he warned. As an example, Mr. Gausewitz said that if a hacker got into an insurers system, the company could be held responsible for any ensuing privacy breach.

The AIA is going to ask that the bill's language be amended to include state's activities under its purview along with commercial enterprises, says Mahrt.

Another privacy bill, AB 1856, also sponsored by Mr. Nation, failed to advance out of the Assembly. The bill would have given consumers the right to stop receiving direct mail, similar to e-mail and phone-mail-stop provisions. This would have been a costly procedure when a consumer can simply throw away the material, Mr. Gausewitz observed.

Jim Connolly is a senior editor with NU's Life and Health/Financial Services edition.

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, May 27 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.