Insurance Consumer Privacy Protection Act of 2025.
- Establishes comprehensive privacy standards for insurance companies handling consumer personal data in California.
- Requires insurers to obtain consumer consent before sharing data and provide clear notices about data collection practices.
- Grants consumers rights to access, correct, and delete their personal information held by insurance companies.
- Authorizes fines up to $10 million for violations and empowers the Insurance Commissioner to enforce compliance.
Senator Limón's Insurance Consumer Privacy Protection Act establishes comprehensive standards for how insurance companies and their vendors handle Californians' personal information, marking the first major update to the state's insurance privacy laws in over two decades.
The legislation requires insurance licensees to provide clear privacy notices explaining what personal information they collect and share, obtain consumer consent before using data for non-insurance purposes, and honor requests to access, correct or delete personal information. Companies must implement data minimization practices, maintain written retention policies, and promptly notify regulators of any data breaches.
The bill grants consumers specific rights regarding their insurance data, including the ability to review what information companies hold, understand the reasons behind adverse coverage decisions, and prevent their data from being processed outside the United States without explicit permission. Insurance companies cannot retaliate against consumers who exercise these privacy rights.
To ensure compliance, the Insurance Commissioner gains authority to investigate potential violations, conduct hearings, and issue penalties ranging from $5,000 to $10 million per violation. The legislation also makes it a misdemeanor to obtain consumer information under false pretenses, punishable by up to $50,000 in fines and one year in jail.
Insurance licensees have five years to implement the law's records retention requirements, though other provisions take effect immediately upon enactment. The bill complements existing privacy laws while establishing insurance-specific protections, reflecting the industry's extensive collection and use of sensitive personal information.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Latest Voting History
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Roger NielloR Senator | Committee Member | Not Contacted | |
 Brian JonesR Senator | Committee Member | Not Contacted | |
 Monique LimonD Senator | Bill Author | Not Contacted | |
 Susan RubioD Senator | Committee Member | Not Contacted |
- Establishes comprehensive privacy standards for insurance companies handling consumer personal data in California.
- Requires insurers to obtain consumer consent before sharing data and provide clear notices about data collection practices.
- Grants consumers rights to access, correct, and delete their personal information held by insurance companies.
- Authorizes fines up to $10 million for violations and empowers the Insurance Commissioner to enforce compliance.
This bill was recently introduced. Email the authors to let them know what you think about it.
Introduced By
Senator Limón's Insurance Consumer Privacy Protection Act establishes comprehensive standards for how insurance companies and their vendors handle Californians' personal information, marking the first major update to the state's insurance privacy laws in over two decades.
The legislation requires insurance licensees to provide clear privacy notices explaining what personal information they collect and share, obtain consumer consent before using data for non-insurance purposes, and honor requests to access, correct or delete personal information. Companies must implement data minimization practices, maintain written retention policies, and promptly notify regulators of any data breaches.
The bill grants consumers specific rights regarding their insurance data, including the ability to review what information companies hold, understand the reasons behind adverse coverage decisions, and prevent their data from being processed outside the United States without explicit permission. Insurance companies cannot retaliate against consumers who exercise these privacy rights.
To ensure compliance, the Insurance Commissioner gains authority to investigate potential violations, conduct hearings, and issue penalties ranging from $5,000 to $10 million per violation. The legislation also makes it a misdemeanor to obtain consumer information under false pretenses, punishable by up to $50,000 in fines and one year in jail.
Insurance licensees have five years to implement the law's records retention requirements, though other provisions take effect immediately upon enactment. The bill complements existing privacy laws while establishing insurance-specific protections, reflecting the industry's extensive collection and use of sensitive personal information.
Latest Voting History
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Roger NielloR Senator | Committee Member | Not Contacted | |
Brian JonesR Senator | Committee Member | Not Contacted | |
Monique LimonD Senator | Bill Author | Not Contacted | |
Susan RubioD Senator | Committee Member | Not Contacted |