Insurance Consumer Privacy Protection Act of 2025.
- Establishes comprehensive privacy standards for insurance companies handling consumer personal data in California.
- Requires insurance companies to obtain explicit consumer consent before sharing data beyond basic insurance transactions.
- Mandates clear privacy notices and gives consumers rights to access, correct, and delete their personal information.
- Authorizes fines up to $1 million for violations and criminal penalties for obtaining consumer data under false pretenses.
Senator Limón's Insurance Consumer Privacy Protection Act establishes comprehensive standards governing how insurance companies and their vendors collect and handle Californians' personal information, addressing gaps in the state's decades-old insurance privacy laws.
The legislation requires insurance licensees to obtain explicit consumer consent before using personal data for purposes beyond basic insurance transactions. Companies must provide clear privacy notices explaining what information they collect, how they use it, and who they share it with. Consumers gain new rights to access, correct, and delete their personal information, along with protections against retaliation for exercising these rights.
The bill mandates data minimization practices, requiring insurers to collect and retain only information necessary for insurance purposes. Companies must develop written data retention policies and promptly destroy unnecessary personal information. Third-party vendors processing consumer data must meet strict contractual requirements around confidentiality, security measures, and limited data use.
The Insurance Commissioner gains expanded oversight authority, including the power to investigate violations, conduct hearings, and issue cease-and-desist orders. Knowing violations can trigger penalties ranging from $5,000 to $1 million. The bill also creates a private right of action allowing consumers to seek damages for privacy violations, while establishing criminal penalties for obtaining consumer information under false pretenses.
Insurance licensees have five years to implement the data retention requirements, though most provisions take effect immediately. The legislation builds upon California's existing privacy framework while establishing insurance-specific protections suited to the industry's data-intensive nature and complex vendor relationships.
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Tim GraysonD Senator | Committee Member | Not Contacted | |
 Monique LimonD Senator | Bill Author | Not Contacted | |
 Megan DahleR Senator | Committee Member | Not Contacted | |
 Kelly SeyartoR Senator | Committee Member | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 11 | 2 | 0 | 13 | PASS |
- Establishes comprehensive privacy standards for insurance companies handling consumer personal data in California.
- Requires insurance companies to obtain explicit consumer consent before sharing data beyond basic insurance transactions.
- Mandates clear privacy notices and gives consumers rights to access, correct, and delete their personal information.
- Authorizes fines up to $1 million for violations and criminal penalties for obtaining consumer data under false pretenses.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Senator Limón's Insurance Consumer Privacy Protection Act establishes comprehensive standards governing how insurance companies and their vendors collect and handle Californians' personal information, addressing gaps in the state's decades-old insurance privacy laws.
The legislation requires insurance licensees to obtain explicit consumer consent before using personal data for purposes beyond basic insurance transactions. Companies must provide clear privacy notices explaining what information they collect, how they use it, and who they share it with. Consumers gain new rights to access, correct, and delete their personal information, along with protections against retaliation for exercising these rights.
The bill mandates data minimization practices, requiring insurers to collect and retain only information necessary for insurance purposes. Companies must develop written data retention policies and promptly destroy unnecessary personal information. Third-party vendors processing consumer data must meet strict contractual requirements around confidentiality, security measures, and limited data use.
The Insurance Commissioner gains expanded oversight authority, including the power to investigate violations, conduct hearings, and issue cease-and-desist orders. Knowing violations can trigger penalties ranging from $5,000 to $1 million. The bill also creates a private right of action allowing consumers to seek damages for privacy violations, while establishing criminal penalties for obtaining consumer information under false pretenses.
Insurance licensees have five years to implement the data retention requirements, though most provisions take effect immediately. The legislation builds upon California's existing privacy framework while establishing insurance-specific protections suited to the industry's data-intensive nature and complex vendor relationships.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 11 | 2 | 0 | 13 | PASS |
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Tim GraysonD Senator | Committee Member | Not Contacted | |
Monique LimonD Senator | Bill Author | Not Contacted | |
Megan DahleR Senator | Committee Member | Not Contacted | |
Kelly SeyartoR Senator | Committee Member | Not Contacted |