77(R) SB 712 Enrolled version

SRC-CTC S.B. 712 77(R)BILL ANALYSIS


Senate Research CenterS.B. 712
By: Sibley
Business & Commerce
6/5/2001
Enrolled


DIGEST AND PURPOSE 

In 1999, Congress enacted the Gramm-Leach-Bliley Act (GLBA), in part to
require state insurance authorities to adopt requirements on privacy and
disclosure of nonpublic personal financial information applicable to the
insurance industry.  Since states have to adopt privacy requirements for
insurance companies, the National Association of Insurance Commissioners
(NAIC) developed and adopted a model privacy regulation in an effort to aid
states in adopting consistent privacy requirements for insurance companies.
S.B. 712 requires insurers and other entities regulated by the Texas
Department of Insurance to comply with requirements of GLBA and requires
the commissioner of insurance to adopt rules consistent with the federal
requirements, based on the NAIC privacy model for GLBA. 

RULEMAKING AUTHORITY

Rulemaking authority is expressly granted to the commissioner of insurance
in SECTION 1 (Article 28A.51) of this bill. 

SECTION BY SECTION ANALYSIS

SECTION 1.  Amends Title 1, Insurance Code, by adding Chapter 28A, as
follows: 

CHAPTER 28A.  PRIVACY
SUBCHAPTER A.  GENERAL PROVISIONS

Art. 28A.01.  DEFINITIONS.  Defines "affiliate," "authorization," "covered
entity," and "nonaffiliated third party." 

Art. 28A.02.  COMPLIANCE WITH FEDERAL LAW REQUIRED.  Requires a covered
entity to comply with 15 U.S.C. Sections 6802 and 6803, as amended, in the
same manner as a financial institution under those sections.  Requires an
entity that is a nonaffiliated third party in relation to a covered entity
to comply with 15 U.S.C. Section 6802(c), as amended. 

Art. 28A.03.  EXCEPTION.  Provides that Article 28A.02(a) of this code does
not apply to a covered entity to the extent that the entity is acting
solely as an insurance agent, employee, or other authorized representative
for another covered entity. 

Art. 28A.04.  HEALTH INFORMATION.  Provides that this chapter does not
affect the authority of the Texas Department of Insurance (department) or
another state agency to adopt stricter rules governing the treatment of
health information by a covered entity, if another law gives the department
or agency that authority, including any laws or rules of this state related
to the privacy of individually identifiable health information under the
federal Health Insurance Portability and Accountability Act of 1996 (42
U.S.C. Section 1320d et seq.), as amended. 

 [Reserves Articles 28A.05-28A.50 for expansion.]

SUBCHAPTER B.  DEPARTMENT POWERS AND DUTIES
 
Art. 28A.51.  RULE-MAKING AUTHORITY.  Requires the commissioner of
insurance (commissioner) to adopt rules to implement this chapter.
Requires the commissioner to adopt any other rules necessary to carry out
15 U.S.C. Chapter 94I (15 U.S.C. Section 6801 et seq.), as amended to make
this state eligible to override federal regulations, as described by 15
U.S.C. Section 6805(c), as amended.  Requires the commissioner to attempt
to keep state privacy requirements consistent with federal regulations
adopted under 15 U.S.C. Section 6801 et seq., as amended. 

Art. 28A.52.  STANDARDS.  Requires the department to implement standards as
required by 15 U.S.C. Section 6805(b), as amended. 

 [Reserves Articles 28A.53-28A.100 for expansion.]

SUBCHAPTER C.  ENFORCEMENT

Art. 28A.101.  DUTY TO ENFORCE.  Requires the department to enforce 15
U.S.C. Section 6801-6805, as amended, to the extent required by 15 U.S.C.
Section 6805, as amended, and this chapter. 

Art. 28A.102.  INJUNCTIVE RELIEF; CIVIL PENALTY.  Authorizes the attorney
general, after conferring with the commissioner, to institute an action for
injunctive relief or declaratory relief to restrain a violation of this
chapter.  Authorizes the attorney general, after conferring with the
commissioner, in addition to the injunctive relief provided by this
article, to institute an action for civil penalties against a covered
entity or a nonaffiliated third party for a violation of this chapter.
Prohibits a civil penalty assessed under this article from exceeding $3,000
for each violation.  Authorizes the court in which an action under this
article is pending, if it finds that the violations have occurred with a
frequency as to constitute a pattern or practice, to assess a civil penalty
not to exceed $250,000.  Authorizes the attorney general, if the attorney
general substantially prevails in an action for injunctive relief or a
civil penalty under this article, to recover reasonable attorney's fees,
costs and expenses incurred obtaining the relief or penalty, including
court costs and witness fees. 

SECTION 2.  Requires the commissioner to adopt rules as required by Article
28A.51, Insurance Code, as added by this Act, not later than 30 days after
the effective date of this Act.  Authorizes the commissioner to adopt these
initial rules on an emergency basis. 

SECTION 3.  Effective date: upon passage or September 1, 2001.