Insights & Events
Filter your search:
Filter your search:
Updates
March 31, 2021

New State and Federal Privacy Developments Add Complexity to Privacy Landscape

Download
Authors: Doriann H. Cain

As insurance companies continue to examine their compliance with current privacy and cybersecurity regulations, new state laws and proposed federal bills add another level of complexity to the landscape.

Federal

The Information Transparency & Personal Data Control Act is Congress’ latest attempt to regulate private companies’ use of consumer data. The bill, introduced by Rep. Suzan DelBene (D-WA), requires companies to provide “plain language” consumer privacy policies, enables consumers to opt-in to the use of their sensitive private information and broadly preempts conflicting state laws. The stated purpose of the bill is to develop a national privacy framework to replace the current patchwork of states privacy laws, such as the CPRA.

The bill would give the Federal Trade Commission broad rulemaking authority in order to keep up with evolving privacy trends. The prospects of the bill’s passage remain unknown, and with close Democratic majorities in both the House and Senate, it remains to be seen if the Biden administration pushes privacy as one of its early priorities.

State

While Congress continues to debate privacy legislation, Virginia has become the latest state to adopt a sweeping privacy law. Governor Ralph Northam signed the Consumer Data Privacy Act (CDPA) into law on March 2, 2021. The CDPA creates a number of privacy obligations for businesses, such as undertaking a formal data protection assessment of their data collection and processing activities and posting a privacy notice, and gives Virginia consumers more control over their personal data. For example, Virginia consumers would now have the right to correct errors in their personal information, request the deletion of personal data, and opt out of the processing of their personal information for certain defined purposes like advertising.

The CDPA has several exemptions, including one for “financial institutions or data subject to Title V of the federal Gramm-Leach-Bliley Act.” How this exemption will fully impact the insurance industry is still being assessed, and several provisions still remain unclear. Insurers should closely monitor privacy developments in Virginia.

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Meet the Authors

Photo of Doriann Cain
Doriann H. Cain

Partner

+1 317 569 4837
Indianapolis

Related Legal Services

Insurance Services Insurance Regulatory & Compliance

Related Industries

Insurance
The Faegre Drinker Biddle & Reath LLP website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Drinker Biddle & Reath LLP's cookies information for more details.