Less than half of the states are likely to have their own privacy rules in place by the July 1 deadline imposed by the Gramm-Leach-Bliley Act (GLBA), a survey conducted by the National Association of Mutual Insurance Companies (NAMIC) shows.
The survey found that as of May 21, only Alaska, Arizona, Montana, Tennessee and Virginia have enacted laws either amending existing privacy laws or incorporating GLBA into state statutes, said NAMIC Market Regulation Manager, David Reddick. Hawaii and Nebraska also have incorporated privacy rules into their statutes, but are still awaiting gubernatorial signatures.
| 12 Stateshave completed their rule-making process and have privacy rules in place:
Colorado, Idaho, Illinois, Iowa, Kentucky, Louisiana, Mississippi, New Hampshire, New York, Oregon, Washington and Wisconsin. 15 States are in the process of completing their privacy rules: Alabama, Arkansas, Connecticut, Florida, Indiana, Kansas, Missouri, New Mexico, North Dakota, Pennsylvania, South Carolina, South Dakota, Utah, West Virginia and Wyoming. 13 States have privacy legislation still pending: California, Delaware, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, North Carolina, Oklahoma, Rhode Island, Texas and Vermont. |
“The problem is whether these states can finish their rule-making processes before July 1, in time for companies to be guided by those provisions,” Reddick said. “If the rules are not in place, companies will default to the privacy language in GLBA.
“In some states, such as Minnesota and Oklahoma, the legislatures are due to adjourn this week, and there is an outside chance that the privacy legislation will not be passed,” he continued. “Many of these states have authorization bills, which means that even if the laws are enacted, it will take an additional few months for insurance departments to finish promulgating their privacy rules.”
Reddick said privacy legislation was not passed in Georgia this year, and so far, no privacy bill has been introduced in New Jersey. Ohio is believed to be drafting a rule to amend its current medical privacy law, but no proposal has been put forward yet.
“When you combine all the possible scenarios that can occur between now and July 1, the end result is not one that bodes well for state insurance regulators and their ability to show Congress how well they can implement a federal mandate,” Reddick said. “While clearly there has been a lot of activity in the states, the lasting perception is likely to be that most states did not meet the deadline.”
The privacy channel of NAMIC’s website, NAMIC Online, contains status reports on how each state is implementing its privacy
regulation.
Source: NAMIC.
Topics Trends Legislation
Was this article valuable?
Here are more articles you may enjoy.
‘Great Resignation’ Enters Third Year as Workers Embrace AI, Upskilling, PwC Says 
Allstate, Nationwide Post Dramatic Q12024 Homeowners Loss Ratio Drops: S&P 
Microsoft Tells Texas Agencies They Were Exposed in Russian Hack 
Ryan Specialty Announces Succession Plan: Pat Ryan to Exec Chair, Turner to Be CEO From This Issue
