California Insurance Commissioner Dave Jones

SACRAMENTO, Calif. – California Insurance Commissioner Dave Jones sent a letter to U.S. House of Representatives Ranking Member Maxine Waters and other California members of the Committee of Financial Services, including Representatives Ed Royce, Brad Sherman, and Juan Vargas to express his objections to the “Consumer Information Notification Requirement Act” (HR 6743) and urge committee members to oppose the legislation in its current form, which will undermine California’s stronger data security protections and California’s ability to protect insurance consumers in this state. In part, the letter reads:

“HR 6743 would frustrate California’s authority on several levels. HR 6743 would not only preempt the existing privacy notification regulatory framework developed over years of experience at the state level, it would also significantly weaken the duties currently imposed on entities transacting insurance in California to protect or safeguard information and to investigate and mitigate following a breach.

For example, HR 6743 would substantially limit the circumstances for consumer notification of an information breach so that notification is required only when the breach is ‘reasonably likely to result in identity theft, fraud, or economic loss.’ California law, by contrast, always requires notification to consumers when personal information is reasonably believed to have been acquired by an unauthorized person, irrespective of any subjective judgment as to whether such acquisition is “reasonably likely” to result in theft, fraud or financial harm that may befall the consumer. Additionally, irrespective of whether an insurer is domestic or non-domestic, California law requires insurers and other businesses to notify the Attorney General whenever a breach affects more than 500 California residents. HR 6743 would preempt this requirement and hinder California’s ability to monitor information breaches affecting Californians.

When they entrust their sensitive personal financial and health information to insurers, consumers have a right to expect that their information is secure and that they will be properly notified in the event that information is compromised. I urge you to oppose this legislation that will significantly limit my tools and authority to protect our insurance policyholders in California. Preemptive federal standards in this space will not only weaken existing consumer protections, but may inhibit future enhancements to data security practices and innovation necessary for regulators and companies to adapt to evolving threats.”