Skip to Top Main Navigation Skip to Left Navigation Skip to Content Area Skip to Footer
Texas Department of Insurance
Topics:   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z All
Topics A to Z

Commissioner’s Bulletin # B-0056-00

October 6, 2000


To:   ALL DEPOSITORY INSTITUTIONS, INSURANCE COMPANIES, CORPORATIONS, EXCHANGES, MUTUALS, RECIPROCALS, ASSOCIATIONS, LLOYDS, HEALTH MAINTENANCE ORGANIZATIONS OR OTHER ENTITIES REGULATED BY THE TEXAS DEPARTMENT OF INSURANCE AND AUTHORIZED OR ELIGIBLE TO DO BUSINESS IN TEXAS; AND TO THEIR AGENTS AND REPRESENTATIVES AND THE PUBLIC GENERALLY

Re:   Compliance Date of Privacy Provisions of Title V of the Gramm-Leach-Bliley Act


The purpose of this bulletin is to provide guidance to affected entities which have voiced concerns about the effective date of the privacy provisions of Title V of the Gramm-Leach-Bliley Act, 15 USC 6801-6827. The Texas Department of Insurance (the Department) does intend to propose rules implementing the privacy provisions. However, in order to allow the Texas Legislature the opportunity to consider the need for possible legislative action, and to allow affected entities sufficient opportunity to develop policies and systems to comply with the requirements of Title V, the Department intends that any proposed rules would not require compliance earlier than July 1, 2001. This is the same effective date as the joint rules promulgated by federal regulators.

On November 12, 1999, the President signed into law the Gramm-Leach-Bliley Act (hereinafter GLBA, or the Act), which makes significant changes to the delivery of financial services in the U.S. and which is applicable to licensees of the Department. Title V of the Act requires financial institutions, including insurers, to protect the privacy of consumers. Federal financial regulators are responsible for promulgating and implementing privacy regulations for the banking and securities industries. The states are responsible for promulgating and implementing privacy regulations for insurers and other entities regulated by the states. States are permitted to provide greater privacy protection for consumers than the requirements set forth in Title V.

Under the Act, the Department retains, as do all other state insurance departments, the power to regulate insurance. It is the Department´s position that pursuant to Section 505, which charges state insurance regulators with proposing rules to implement and enforce the privacy provisions of the Act, and Section 507, which allows states to impose more rigorous privacy standards than those set forth in the Act, the privacy provisions of Title V of the Act cannot be implemented as to licensees of the Department until the Department promulgates rules.

Section 510 of the Act provides that the requirements of Title V become effective November 13, 2000 with regard to licensees of federal banking agencies, unless those federal agencies by rule postpone the effective date. In May 2000, these agencies adopted rules postponing enforcement until July 1, 2001:

The Agencies agree that six months may be insufficient in certain instances [for compliance] with the rule. In order to accommodate situations requiring additional time, the Agencies have retained the effective date of November 13, but, consistent with their authority under section 510(1) of the GLB Act to extend the effective date, the Agencies will give financial institutions until July 1, 2001 to be in full compliance with the regulation. Adoption Order, 65 Fed Reg. 35185 (2000).

Because of the sensitivity to the need for uniformity, on June 11, 2000, the National Association of Insurance Commissioners (NAIC) passed a resolution stating that state insurance regulators intend to promulgate privacy regulations providing for a uniform compliance date of July 1, 2001. This resolution was based, in part, upon NAIC´s recognition that federal financial agencies' privacy regulations delay the compliance date for the banking and securities industries until July 2001; that many states will need additional legislation to implement GLBA privacy regulations, and thus may not be able to issue such regulations by November 13, 2000; and that state insurance regulators believe that consumers and companies will be better served by a uniform compliance date for enforcement of GLBA privacy regulations.

Despite this resolution, insurers and other potentially affected entities have expressed concerns that, unless states have rules in place prior to the effective date for federal agencies, the Act´s November 13, 2000 effective date for federally regulated financial institutions would apply to insurers as well, and that the provisions of Title V could be enforced against them. Accordingly, this bulletin advises insurers and other licensees that any rules the Department proposes to implement the privacy provisions of Title V will, in harmony with the federal rules and the NAIC resolution, require compliance by all affected entities no earlier than July 1, 2001.

This bulletin is strictly advisory in nature, and does not attempt to answer all questions that may arise concerning this issue. The Department will address other questions as they arise.

To obtain general information please contact Staff Attorneys Ryan Tredway at 512-305-7543 or Barbara Holthaus at 512-305-7311. The Department´s web site is located at http://www.tdi.state.tx.us.

Sincerely,

____________________________

Sara Shiplet Waitt

Senior Associate Commissioner

Legal & Compliance Division

Texas Department of Insurance

For more information, contact: ChiefClerk@tdi.texas.gov