California Assembly Passes Web Privacy Bill

May 31, 2002 at 08:00 PM
Share & Print

NU Online News Service, May 31, 5:23 p.m. – The California Assembly moved an Internet privacy bill, A.B. 2297, out of the Assembly late Thursday, according to Nicole Mahrt, a representative with the American Insurance Association's Sacramento office.

The bill, which was introduced by Assemblyman Joe Simitian, D-Palo Alto, Calif., would require operators of Web sites to inform those who have used personal information on the sites of any breaches of privacy, such as attacks by hackers, Mahrt says.

Complying with the requirement would amount to giving trial lawyers a list of potential plaintiffs for a class-action suit, and it would make suing companies under California Business and Professional Code Section 17200, also known as the Unfair Business Practices Act, much easier, Mahrt adds.

Insurers must try to stop identity theft, but enacting A.B. 2297 is "the wrong way to fix the problem," Mahrt says.

Reports suggest that the issue may be addressed in an amended California Senate bill, Mahrt says.

Insurance groups and other interest groups are also reacting to the latest draft of a privacy regulation being developed by the California Insurance Department.

The draft, released May 23, seeks to establish a consumer privacy guideline that would meet the requirements of the federal Gramm-Leach-Bliley Financial Services Modernization Act of 1999.

Tena Friery, research director with the Privacy Rights Clearinghouse, San Diego, says the draft regulation should offer protections that are consistent with Gramm-Leach Bliley.

Consistency is also a high priority for the American Council of Life Insurers, Washington, says John Mangan, director of state relations. A chief concern, he says, is uniformity among states. "We are very much concerned that there not be separate notices."

Sam Sorich, senior vice president and general counsel with the National Association of Independent Insurers, Des Plaines, Ill., says the latest draft consists of revisions that are both good and bad.

Pluses that Sorich cites include a change in the definition of "customer" to make it clearer that the word refers to an ongoing relationship. Annual privacy notices would be sent to those customers with an ongoing relationship, he explains.

The time frame for allowing customers to opt out of sharing of personal information was changed to 30 days from 45 days and is now more consistent with a privacy model, the Privacy of Consumer Financial and Health Information model regulation, that was adopted by the National Association of Insurance Commissioners, Kansas City, Mo., Sorich says.

But Sorich still has problems with the draft. For example, the issue of providing an opt-out notice to customers if an agent or broker shops a policy for a better policy is not addressed, he says.

Sorich also says that an article in the draft addressing safeguarding of private information by carriers should be held until it is evident what action the NAIC is going to take. Currently, the NAIC is working on rules for protecting private information.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Resource Center