Bill Text

Bill Information


Bill PDF |Add To My Favorites | print page

SB-793 Insurance: privacy notices and personal information.(2023-2024)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 09/09/2023 04:00 AM
SB793:v95#DOCUMENT

Senate Bill No. 793
CHAPTER 184

An act to add Section 791.045 to the Insurance Code, relating to insurance.

[ Approved by Governor  September 08, 2023. Filed with Secretary of State  September 08, 2023. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 793, Glazer. Insurance: privacy notices and personal information.
Existing law, the Insurance Information and Privacy Protection Act, establishes privacy standards for the collection, use, and disclosure of information gathered in connection with insurance transactions by insurance institutions, agents, and insurance-support organizations. The act requires an insurance institution or agent to provide a notice of information to applicants and policyholders in connection with specified insurance transactions. Existing regulations require an insurance licensee to annually provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices.
This bill would codify the requirement to annually provide a clear and conspicuous privacy notice to customers. The bill would state that an insurance institution or agent is in compliance with this requirement if specified criteria are met, including informing the consumer of the right to submit a written request to access, correct, amend, or delete their personal information. The bill would authorize the notice to be combined with the notice provided in connection with specified insurance transactions.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 791.045 is added to the Insurance Code, to read:

791.045.
 (a) (1) In addition to the notice required by Section 791.04, an insurance institution or agent shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. For purposes of this section, “annually” means at least once in any period of 12 consecutive months during which that relationship exists. An insurance institution or agent may define the period of 12 consecutive months, but shall apply it to the customer on a consistent basis.
(2) A notice required pursuant to this section shall comply with Section 2689.7 of Title 10 of the California Code of Regulations.
(b) (1) The notices required pursuant to Section 791.04 and this section may be combined into a single notice or provided as separate notices, as long as the requirements of Section 791.04 and this section are met.
(2) If the insurance institution or agent uses a separate, standard privacy notice in addition to the notices required pursuant to Section 791.04 and this section, the notices required pursuant to Section 791.04 and this section shall clearly state that any rights a consumer, claimant, or beneficiary may have as described in these are not limited by the standard privacy notice that the insurance institution or agent also uses.
(c) An insurance institution or agent shall be deemed to be in compliance with this section if all of the following conditions are met:
(1) The insurance institution or agent does not provide medical record, personal, or privileged information to a nonaffiliated third party pursuant to subdivision (k) of Section 791.13.
(2) The insurance institution or agent additionally provides, as part of an abbreviated notice provided pursuant to subdivision (c) of Section 791.04, the internet website address of the insurance institution’s or agent’s complete privacy notice that complies with subdivision (a) and informs the consumer of each of the following rights in a clear and conspicuous manner:
(A) The right to submit a written request to access, correct, amend, or delete the consumer’s personal information and the manner in which the right may be exercised, including the contact information and the mailing address, internet website address, or both, where the consumer may submit a request.
(B) The right to receive a response within 30 business days of the consumer submitting a request to access, correct, amend, or delete their personal information.
(C) If the insurance institution refuses the consumer’s request, the right to file a statement regarding what the consumer believes to be accurate and fair information and why the consumer disagrees with the insurance institution’s refusal.
(3) The insurance institution’s or agent’s policies and practices about disclosing personal or privileged information have not changed from the previous notice provided pursuant to subdivision (a).
(d) An insurance institution or agent is not required to provide a notice pursuant to subdivision (a) to a former customer with whom it no longer has a continuing relationship.
(e) The terms used in this section have the same meaning as defined in Section 2689.4 of Title 10 of the California Code of Regulations.