California Privacy Protection Agency Advances Insurance Privacy Compliance Regulation
Insights for Insurers Alert | 1 min read
Dec 13, 2023
On December 8, 2023, the California Privacy Protection Agency (CPPA) moved forward with an insurance regulation that could expand the privacy compliance obligations of insurance companies. The California Privacy Rights Act (CPRA) required the CPPA to undertake a rulemaking to identify what privacy gaps exist between the California insurance code and the California Consumer Privacy Act (CCPA), as amended by the CPRA.
The CPPA Board agreed to move forward with applying CCPA obligations on consumer personal information for insurance companies where these insurance companies did not otherwise have privacy and security obligations under the Insurance Information and Privacy Protection Act (IIPPA) and the Privacy of Nonpublic Personal Information (PNPI) or otherwise had their privacy obligations fall under a CCPA exemption.
At their December 8, 2023, meeting, the CPPA staff recommended that the CPPA would apply the CCPA requirements only to insurance companies where the insurance code did not apply. The staff supported this approach because the California insurance code is set to be revised by the National Association of Insurance Commissioners Insurance Information and Privacy Protection Act in 2024 (Model Code), and it is expected that those revisions will be subsequently adopted in California.
What Does This Mean for Insurance Companies?
The CCPA regulation would apply to insurance businesses not otherwise regulated by the California insurance code, which fall within the CCPA business threshold definition and process CCPA personal information.
CCPA requirements of privacy notices, data subject access rights, rights to opt-out sale and sharing of personal information, and right to limit the use of sensitive personal information would now apply to these ancillary businesses as well as the statutory damages and the private right of action in the event of a qualifying data breach.
Next Steps
The CPPA staff will finalize the insurance regulatory text, add applicable examples and insurance division feedback, and then move the regulation to the 45-day public comment period. We will provide an update as this CCPA insurance regulation is materially revised or adopted during this CPPA regulatory process.
Related People
Related Capabilities
Featured Insights
Event
Mar 3 – 5, 2026
25th Annual Legal Malpractice & Risk Management (LMRM) Conference
Press Release
Feb 13, 2026
Hinshaw Team Wins Appeal in Criminal Indictment of Waukegan City Clerk Janet Kilkelly
Press Release
Feb 10, 2026
Hinshaw Trial Team Secures $0 Defense Verdict in $15 Million Auto Accident Trial
Event
Mar 3 – 5, 2026
25th Annual Legal Malpractice & Risk Management (LMRM) Conference
Press Release
Feb 13, 2026
Hinshaw Team Wins Appeal in Criminal Indictment of Waukegan City Clerk Janet Kilkelly
Press Release
Feb 10, 2026
Hinshaw Trial Team Secures $0 Defense Verdict in $15 Million Auto Accident Trial
Press Release
Feb 4, 2026
Hinshaw Celebrates 17 Consecutive Years of Being Named an Equality 100 Award Winner
Press Release
Feb 5, 2026
Hinshaw Legal Team Secures Directed Verdict in Florida Equine Fraud Case
Press Release
Feb 2, 2026
Hinshaw Welcomes 16 Attorneys in Seven Offices and Announces Opening of a Cleveland Office
Consumer Crossroads: Where Financial Services and Litigation Intersect
Jan 20, 2026
Press Release
Jan 20, 2026
Hinshaw Attorneys Named to the LCLD 2026 Fellowship Class and 2026 Pathfinder Program
Press Release
Jan 15, 2026
Hinshaw Client Secures a Complete Jury Verdict in Fraudulent Misrepresentation Horse Sale Case
In The News
Jan 9, 2026
Press Release
Jan 6, 2026
Hinshaw Adds Four-Member Consumer Financial Services Team in DC and Florida
Press Release
Jan 6, 2026
