Skip Ribbon Commands
Skip to main content



 ‭(Hidden)‬ Catalog-Item Reuse

Data Privacy Considered in Congress: What You Should Know

Two top House committees considered legislation that would impact how agents and brokers conform with national data privacy laws and standards.
Sponsored by
data privacy considered in congress: what you should know

This week, two top committees in the U.S. House of Representatives considered legislation that would impact how independent insurance agents and brokers conform with national data privacy laws and standards.

On Tuesday, the U.S. House Committee on Financial Services held a markup on several legislative bills, including H.R. 1165, the "Data Privacy Act of 2023." The legislation—which was introduced by Chairman Patrick McHenry (R-NC)—passed out of committee by a vote of 26-21.

The legislation would create a uniform national data privacy standard while updating the Gramm-Leach-Bliley Act (GLBA), which became law in 1999. GLBA required insurance agencies, insurers and other financial institutions to disclose their information-sharing policies and to inform consumers of their ability to prevent the sharing of nonpublic personal information with certain nonaffiliated third parties.

The Big “I" advocated on several key areas, which included the way any requirements should be implemented and enforced in the insurance market; the need to ensure that any new requirements are clear, objective and workable for our financial sector; and the importance of considering the impact of new obligations on small businesses.

As this legislation was considered, the Big “I" reminded committee members that the state regulatory system has worked well in this area for more than 20 years and there is no public policy rationale for abandoning it now. The committee agreed and the legislation keeps state insurance regulators in charge of implementing and enforcing federal privacy standards and adopting any necessary sector-specific guidance within the insurance industry.

Additionally, the Big “I" successfully advocated against the inclusion of a private right of action in the legislation, despite significant interest from some members of Congress. Including a private right of action would have allowed trial lawyers and judges to become de facto regulators and enforce the law through litigation.

On Wednesday, the U.S. House Energy and Commerce's Subcommittee on Innovation, Data, and Commerce held a hearing about enhancing national privacy and data security standards. The hearing focused on creating a national data privacy standard that will minimize the amount of personal information companies are allowed to collect, process and transfer.

Data privacy legislation, referred to as the "American Data Privacy and Protection Act" (ADPPA), passed out of the House Energy and Commerce Committee during the 117th Congress by an overwhelming 53-2 vote. Members of the committee spoke in favor of the ADPPA but acknowledged that more work needs to be done to address stakeholder concerns.

During the previous Congress, the Big “I" successfully advocated for a small business exemption and will continue to do so for any privacy legislation coming out of the House Energy and Commerce Committee.

Contrary to the "Data Privacy Act of 2023," the House Energy and Commerce has expressed a willingness to include a private right of action that would allow an individual or a group of individuals as part of a class action, to pursue litigation against a company that illegally shares data or uses it in ways the law prohibits. A broad private right of action would likely mean an increase in claims costs for insurers, which in turn could lead to higher insurance rates for consumers.

As Congress continues to push for data privacy legislation, the Big “I" will continue to advocate for independent insurance agents and provide updates through the News & Views e-newsletter.

Raaed Haddad is Big “I" director of federal government affairs.