New State and Federal Privacy Developments Add Complexity to Privacy Landscape

Faegre Drinker Biddle & Reath LLP

Faegre Drinker Biddle & Reath LLP

As insurance companies continue to examine their compliance with current privacy and cybersecurity regulations, new state laws and proposed federal bills add another level of complexity to the landscape.


The Information Transparency & Personal Data Control Act is Congress’ latest attempt to regulate private companies’ use of consumer data. The bill, introduced by Rep. Suzan DelBene (D-WA), requires companies to provide “plain language” consumer privacy policies, enables consumers to opt-in to the use of their sensitive private information and broadly preempts conflicting state laws. The stated purpose of the bill is to develop a national privacy framework to replace the current patchwork of states privacy laws, such as the CPRA.

The bill would give the Federal Trade Commission broad rulemaking authority in order to keep up with evolving privacy trends. The prospects of the bill’s passage remain unknown, and with close Democratic majorities in both the House and Senate, it remains to be seen if the Biden administration pushes privacy as one of its early priorities.


While Congress continues to debate privacy legislation, Virginia has become the latest state to adopt a sweeping privacy law. Governor Ralph Northam signed the Consumer Data Privacy Act (CDPA) into law on March 2, 2021. The CDPA creates a number of privacy obligations for businesses, such as undertaking a formal data protection assessment of their data collection and processing activities and posting a privacy notice, and gives Virginia consumers more control over their personal data. For example, Virginia consumers would now have the right to correct errors in their personal information, request the deletion of personal data, and opt out of the processing of their personal information for certain defined purposes like advertising.

The CDPA has several exemptions, including one for “financial institutions or data subject to Title V of the federal Gramm-Leach-Bliley Act.” How this exemption will fully impact the insurance industry is still being assessed, and several provisions still remain unclear. Insurers should closely monitor privacy developments in Virginia.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Faegre Drinker Biddle & Reath LLP | Attorney Advertising

Written by:

Faegre Drinker Biddle & Reath LLP

Faegre Drinker Biddle & Reath LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.