This week, H.R. 8152, the “American Data Privacy and Protection Act" (ADPPA) was passed out of the U.S. House of Representatives Committee on Energy and Commerce by a vote of 53-2. The legislation had previously been introduced by the Chairman of the House Committee on Energy and Commerce, Rep. Frank Pallone (D-New Jersey) and the committee's top Republican, Rep. Cathy McMorris Rodgers (R-Washington).

Before the bill was introduced, Reps. Pallone and McMorris Rodgers, as well as Sen. Roger Wicker (R-Mississippi), the top Republican on the U.S. Senate Committee on Commerce, Science, and Transportation, announced that they had reached a deal on data privacy legislation. Notably, Sen. Maria Cantwell (D-Washington), the chairwoman of the Committee on Commerce, Science, and Transportation, opposes the ADPPA and remains committed to her own legislation, S. 3195, the “Consumer Online Privacy Rights Act."

If enacted, the ADPPA would create a national standard on what kinds of data companies can gather from individuals and how they can use it. While the legislation includes a limited small business exemption from some provisions, it would still require small businesses to publicly display a lengthy privacy policy including a description of the companies' data security practices, the length of time data is retained, and the processing purposes of the data. Additionally, businesses must notify all customers if there is a change in the privacy policy or practices at the company.

Soon after a draft of the legislation was released, the Big “I" worked with the American Property Casualty Insurance Association (APCIA), the National Association of Mutual Insurance Companies (NAMIC) and the Council of Insurance Agents and Brokers (CIAB) to identify two of the most significant concerns with the legislation. Those concerns were then outlined in a letter addressed to leaders of the House Energy and Commerce Committee.

The first concern was related to the Gramm-Leach-Bliley Act (GLBA). The financial services industry, including the insurance industry, was the first sector of the economy to come under comprehensive nationwide privacy regulation when GLBA was enacted over 20 years ago. GLBA set forth a rigorous regulatory framework for protecting the privacy of nonpublic personal information of financial services consumers. The framework is enforced against insurers, agents and brokers by state insurance regulators.

While the ADPPA includes a GLBA provision, APCIA, NAMIC, CIAB and the Big “I" have concerns and are advocating for language that would clearly exempt insurers, agents and brokers from the scope of the ADPPA.

The second concern addressed in the letter is the legislation's inclusion of a broad private right of action, which would allow an individual or a group of individuals as part of a class action, to pursue litigation against a company that illegally shares their data or uses it in ways the law prohibits. A broad private right of action would likely mean an increase in claims costs for insurers, which in turn could lead to higher insurance rates for consumers. This is not in the interests of consumers.

The joint trade associations made clear that it would be much better for the government to enforce privacy laws which would mean consistent interpretation and implementation leading to a more stable privacy landscape for businesses and consumers.

As Congress continues to discuss ways to better protect consumer privacy, the Big “I" will continue to provide members with updates in the weekly News & Views e-newsletter.

Wyatt Stewart is Big “I" assistant vice president of federal government affairs.