Bill Text


Bill PDF |Add To My Favorites | print page

AB-2372 Insurance: privacy notices.(2021-2022)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 04/07/2022 09:00 PM
AB2372:v98#DOCUMENT

Amended  IN  Assembly  April 07, 2022

CALIFORNIA LEGISLATURE— 2021–2022 REGULAR SESSION

Assembly Bill
No. 2372


Introduced by Assembly Member Calderon

February 16, 2022


An act to add Section 791.045 to the Insurance Code, relating to insurance.


LEGISLATIVE COUNSEL'S DIGEST


AB 2372, as amended, Calderon. Insurance: privacy notices.
Existing law, the Insurance Information and Privacy Protection Act, establishes privacy standards for the collection, use, and disclosure of information gathered in connection with insurance transactions by insurance institutions, agents, and insurance-support organizations. The act requires an insurance institution or agent to provide a notice of information to applicants and policyholders in connection with specified insurance transactions. Existing regulations require an insurance licensee to annually provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices.
This bill would codify the requirement to annually provide a clear and conspicuous privacy notice to customers. The bill would exempt an insurance institution or agent from providing that required notice if specified criteria are met. The bill would authorize the notice to be combined with the notice provided in connection with specified insurance transactions.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 791.045 is added to the Insurance Code, to read:

791.045.
 (a) (1) In addition to the notice required by Section 791.04, an insurance institution or agent shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. For purposes of this section, “annually” means at least once in any period of 12 consecutive months during which that relationship exists. An insurance institution or agent may define the period of 12 consecutive months, but shall apply it to the customer on a consistent basis.
(2) Notices required under this section shall comply with Section 2689.7 of Title 10 of the California Code of Regulations.
(b) (1) The notices required pursuant to Section 791.04 and this section may be combined into a single notice or provided as separate notices, as long as the requirements of Section 791.04 and this section are met.
(2) If the insurance institution or agent uses a separate, standard privacy notice in addition to the notices required pursuant to Section 791.04 and this section, the notices required pursuant to Section 791.04 and this section shall clearly state that any rights a consumer, claimant, or beneficiary may have as described in these are not limited by the standard privacy notice that the insurance institution or agent also uses.
(c) An insurance institution or agent is not required to provide the notice pursuant to subdivision (a) if both of the following apply: shall be deemed to comply with the requirements of this section if all of the following conditions are met:

(1)The insurance institution or agent only provides personal or privileged information to a nonaffiliated third party as authorized by Section 791.13.

(1) The insurance institution or agent does not provide medical-record, personal, or privileged information to a nonaffiliated third party pursuant to subdivision (k) of Section 791.13.
(2) The insurance institution or agent additionally provides, as part of any abbreviated notice provided pursuant to subdivision (c) of Section 791.04, a description of the rights established under Sections 791.08 and 791.09 and the manner in which the rights may be exercised, and the internet address to the insurance institution’s or agent’s complete privacy notice that complies with subdivision (a).

(2)

(3) The insurance institution’s or agent’s policies and practices about disclosing personal or privileged information have not changed from the previous notice provided pursuant to subdivision (a).
(d) An insurance institution or agent is not required to provide a notice pursuant to subdivision (a) to a former customer with whom it no longer has a continuing relationship.
(e) Terms used in this section have the same meaning as defined in Section 2689.4 of Title 10 of the California Code of Regulations.