NOTICES
Compliance Date; No. 2000-08
[30 Pa.B. 5212] The Insurance Department has issued this Notice in order to provide guidance for all insurers authorized to do business in the Commonwealth of Pennsylvania in regard to the compliance date for the privacy provisions of the Gramm-Leach-Bliley Act (GLBA or Act) (Public Law 106-102).
Under the Insurance Department Act, 40 P. S. §§ 1 et seq., and the Insurance Company Law, 40 P. S. §§ 341 et seq., the Insurance Commissioner and the Pennsylvania Insurance Department are charged with the regulation and oversight of insurers and insurance producers within the Commonwealth of Pennsylvania. 40 P. S. §§ 1, 341; 71 P. S. § 66, 186, 411, 412. The GLBA recognizes the Pennsylvania Insurance Department's jurisdiction by reaffirming the McCarran-Ferguson Act, 15 U.S.C. §§ 1011 et seq., which provides for the functional regulation of insurance by the states. GLBA § 301.
A major component of the GLBA is contained in Title V of the Act, which provides for the protection of customer privacy. Specifically, Section 501 of the GLBA indicates that ''financial institutions'' have an affirmative duty to respect the privacy of its customers and to protect the security and confidentiality of those customers' non-public personal information. The term ''financial institution'' is statutorily defined in Section 509(3) of the GLBA by reference to any institution engaging in ''financial activities.'' For the purpose of the Act, ''financial activities'' include ''[i]nsuring, guaranteeing, or indemnifying against loss, harm, damage, illness, disability, or death, or providing and issuing annuities, and acting as principal, agent, or broker for purposes of the foregoing.'' Therefore, the statutory privacy requirements of the GLBA extend to all insurers and insurance producers, regardless of any involvement or affiliation with a banking or securities entity.
Once again recognizing that states are the functional regulators of the insurance industry, Section 505(a)(6) of the GLBA directs state insurance regulators to establish ''appropriate standards'' for the disclosure of non-public personal information in order to provide guidance to insurers and insurance producers as to the implementation of the Act's statutory privacy protection requirements. State insurance regulators are also charged with the duty of enforcing the customer privacy requirements contained in the Federal statute. Although there is no requirement that state insurance regulators promulgate ''appropriate standards'' prior to a specific date, the Act's statutory privacy requirements will become effective on November 12, 2000. GLBA § 510. However, because enforcement of the GLBA's statutory privacy provisions is within the jurisdiction of state insurance regulators, the Pennsylvania Insurance Department may extend the date on which all insurers and insurance producers within the Department's jurisdiction must comply with the Act's statutory privacy requirements.
While enforcement of the GLBA's statutory privacy requirements for insurers and insurance producers is within the jurisdiction of the state insurance regulators, enforcement for banking entities is within the jurisdiction of the Federal banking agencies. GLBA §§ 504, 505. Like the state insurance regulators, the Federal banking agencies are authorized to extend the compliance date for enforcement of the Act's statutory privacy requirements. However, unlike the state insurance regulators, the Federal banking agencies were required to develop their ''appropriate standards'' in the form of a final regulation by May 12, 2000. In this regulation, the Federal banking agencies determined that the compliance date should be extended to July 1, 2001 in order to permit financial institutions to adequately implement the statutory privacy requirements.
The Pennsylvania Insurance Department has been actively involved through the NAIC in the development of a model privacy regulation for adoption by the states. Also, the Pennsylvania Insurance Department joined other members of the NAIC in a June 11, 2000 resolution which details that it is the intent of state insurance regulators to extend the GLBA privacy requirements compliance date to July 1, 2001 for insurers and insurance producers.
Therefore, under its regulatory authority under the Insurance Department Act and the Insurance Company Law, as recognized by the Section 505 of GLBA, the Pennsylvania Insurance Department has determined that the compliance date for the GLBA's statutory privacy requirements as they apply to insurers and insurance producers shall be extended until July 1, 2001. Prior to this date, no action to enforce the Act's statutory privacy requirements will be taken against an insurer or insurance producer subject to the Department's jurisdiction. Any questions concerning this Notice may be directed to Timothy L. Knapp, Deputy Insurance Commissioner, Office of Policy, Enforcement and Administration, Pennsylvania Insurance Department, 1326 Strawberry Square, Harrisburg, PA 17120; (717) 787-0636.
M. DIANE KOKEN,
Insurance Commissioner
[Pa.B. Doc. No. 00-1744. Filed for public inspection October 6, 2000, 9:00 a.m.]
No part of the information on this site may be reproduced for profit or sold for profit.This material has been drawn directly from the official Pennsylvania Bulletin full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.