77(R) SB 712 Engrossed version

HBA-NRS S.B. 712 77(R)    BILL ANALYSIS


Office of House Bill AnalysisS.B. 712
By: Sibley
Insurance
4/29/2001
Engrossed



BACKGROUND AND PURPOSE 

Congress enacted the Gramm-Leach-Bliley Act (GLBA) in part to require state
insurance authorities to adopt requirements on privacy and disclosure of
nonpublic personal financial information applicable to the insurance
industry. The National Association of Insurance Commissioners (NAIC)
developed a privacy model in an effort to aid states in adopting consistent
privacy requirements for insurers. Senate Bill 712 requires insurers and
other entities regulated by the Texas Department of Insurance to comply
with requirements of GLBA and requires the commissioner of insurance to
adopt rules consistent with GLBA based on the NAIC privacy model. 

RULEMAKING AUTHORITY

It is the opinion of the Office of House Bill Analysis that rulemaking
authority is expressly delegated to the commissioner of insurance in
Section 1 (Article 28A.51, Insurance Code) and SECTION 2 of this bill. 

ANALYSIS

Senate Bill 712 amends the Insurance Code to require a covered entity to
comply with federal provisions relating to obligations with respect to the
disclosure of personal information and the disclosure of a privacy policy
in the same manner as a financial institution. The bill requires an entity
that is a nonaffiliated third party in relation to a covered entity  to
comply with federal limits on the reuse of information obtained from a
financial institution. The disclosure of such information does not apply to
a covered entity to the extent that the entity is acting solely as an
insurance agent for another covered entity. The bill provides that
provisions relating to privacy do not affect the authority of the Texas
Department of Insurance (TDI) or another state agency to adopt stricter
rules governing the treatment of health information by a covered entity, if
another law gives TDI or an agency that authority, including any laws or
rules of this state related to the privacy of individually identifiable
health information under the federal Health Insurance Portability and
Accountability Act of 1996. 

The bill requires the commissioner of insurance (commissioner) to adopt
rules to implement the provisions and any other rules necessary to carry
out federal provisions relating to the disclosure of nonpublic personal
information to make this state eligible to override federal regulations not
later than 30 days after the effective date of this bill. The bill also
requires the commissioner to attempt to keep state privacy requirements
consistent with federal regulations. The bill authorizes the commissioner
to adopt these initial rules on a emergency basis.  

The bill requires TDI to implement standards for insurers and other
entities as they apply to federal institutions and requires TDI to enforce
provisions relating to the disclosure of nonpublic personal information.
The bill authorizes the attorney general to institute an action for
injunctive or declaratory relief to restrain a violation of the enforcement
of the disclosure of nonpublic personal information. The bill authorizes
the attorney general to institute an action for civil penalties against a
covered entity or a nonaffiliated third party for a violation of the
enforcement of the disclosure of nonpublic personal information. The bill
prohibits a civil penalty from exceeding $3,000 for each violation except
if a court finds that the violations have occurred with a frequency as to
constitute a pattern or practice, the court may  assess a civil penalty not
to exceed $250,000.  

EFFECTIVE DATE

On passage, or if the Act does not receive the necessary vote, the Act
takes effect September 1, 2001.