Insurance Data Protection Act
- Bill Number
- H.R. 3437
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Finance and Financial Sector
- Status
- Introduced
- Latest Action
- 2025-05-15: Referred to the Committee on Financial Services, and in addition to the Committee on Agriculture, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- Last Updated
- 2026-04-24T08:07:14Z
AI-Generated Summary
Purpose of the Legislation
The Insurance Data Protection Act (H.R. 3437) aims to limit federal financial regulators' ability to directly collect data from insurance companies. It promotes coordination with state regulators and existing sources to obtain information, while strengthening protections for the confidentiality of sensitive data. This reduces direct burdens on insurers and ensures data collection follows established federal rules, such as those governing paperwork and privacy.
Key Provisions
- Repeal of Direct Enforcement Powers: Eliminates the Federal Insurance Office's (FIO) authority to issue subpoenas or enforce data collection directly from insurers.
- Enhanced Confidentiality for FIO: Expands rules to protect nonpublic data shared with or by the FIO, including with federal agencies, state insurance regulators, or other entities. Sharing does not waive legal privileges (e.g., protections against forced disclosure in court), and federal disclosure laws like the Freedom of Information Act (FOIA) continue to apply with their exceptions.
- Limits on Office of Financial Research (OFR) Subpoenas: Prohibits the OFR from issuing subpoenas to insurance companies for data collection.
- New Rules for Financial Regulators (Added to the Financial Stability Act of 2010):
- Definitions: Clarifies terms like "covered entity" (a nonbank financial company that is an insurer), "financial regulator" (e.g., Securities and Exchange Commission, Commodity Futures Trading Commission, Federal Reserve, or OFR), and "insurance company."
- Advance Coordination Requirement: Before collecting data from insurers, regulators must first check federal agencies, state regulators, other oversight bodies, or public sources. If data is available and obtainable quickly, it must be sourced from there instead of directly from the insurer. Direct collection is only allowed if the data is unavailable and the regulator complies with the Paperwork Reduction Act (a law that minimizes unnecessary federal paperwork burdens).
- Information Sharing: Allows agencies and state regulators to provide data to federal regulators without legal barriers.
- Confidentiality Protections:
- Sharing data with regulators does not waive any federal or state legal privileges.
- Existing privacy agreements between data sources remain in effect.
- Data can be shared with state regulators via formal agreements that comply with federal law and preserve privileges.
- FOIA rules apply to any submitted data, including exemptions for sensitive information.
Significant Changes to Existing Law
- Repeals and Restrictions: Removes FIO's subpoena powers (from 31 U.S.C. § 313(e)(6)) and OFR's subpoena authority over insurers (from 12 U.S.C. § 5343(f)(1)), shifting away from direct federal demands.
- Coordination Mandate: Introduces a new pre-collection step requiring regulators to exhaust alternative sources, with mandatory Paperwork Reduction Act compliance for any direct requests—previously, direct collection was more straightforward without this hurdle.
- Broadened Confidentiality: Strengthens protections in FIO rules (31 U.S.C. § 313(e)(5)) and adds a new section (Sec. 181) to the Financial Stability Act, explicitly covering data sharing across regulators and states while preventing waivers of privileges. This builds on but expands prior laws like FOIA (5 U.S.C. § 552).
Potential Impacts
- On Government Agencies: Federal regulators (e.g., FIO, OFR) may face delays or increased reliance on state partners for data, potentially streamlining overall processes but limiting independent federal access. State insurance regulators could see more involvement in federal data flows.
- On Citizens: Indirectly benefits insurance consumers by reducing administrative costs for companies, which might lower premiums or improve efficiency. However, it could slow federal monitoring of systemic risks in the insurance sector, potentially affecting financial stability responses.
- On International Relations: Minimal direct impact, as the bill focuses on domestic regulation; it may indirectly influence U.S. insurers' global operations by protecting proprietary data from federal overreach.
Main Stakeholders Affected
- Insurance Companies: Primary beneficiaries, as they face fewer direct data requests, reducing compliance costs and protecting sensitive business information.
- Federal Financial Regulators: Including FIO, OFR, SEC, CFTC, and banking agencies; they must adapt to coordination requirements, potentially altering oversight workflows.
- State Insurance Regulators: Gain a larger role in data provision and sharing, enhancing their influence in a traditionally state-led sector.
- Nonbank Financial Companies: Specifically those classified as insurers, who are shielded from direct federal subpoenas.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces federalism by deferring to state regulators in insurance (a field historically regulated at the state level under the McCarran-Ferguson Act). It upholds privileges under federal and state law, reducing risks of data breaches or unauthorized disclosures, but ties direct collection to the Paperwork Reduction Act, ensuring oversight of federal burdens.
- Constitutional: Aligns with principles of limited federal power by avoiding direct intrusions into private entities without necessity, potentially mitigating Tenth Amendment concerns over state authority in insurance.
- Political: Limits post-financial crisis expansions of federal authority (e.g., from Dodd-Frank Act), reflecting preferences for state-led regulation and reduced federal bureaucracy; introduced by a bipartisan group but emphasizes protecting industry from overregulation.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Fitzgerald, Scott [R-WI-5]
Cosponsors (24)
Rep. Flood, Mike [R-NE-1], Rep. Meuser, Daniel [R-PA-9], Rep. De La Cruz, Monica [R-TX-15], Rep. Timmons, William R. [R-SC-4], Rep. Garbarino, Andrew R. [R-NY-2], Rep. Ogles, Andrew [R-TN-5], Rep. Moore, Tim [R-NC-14], Rep. Donalds, Byron [R-FL-19], Rep. Huizenga, Bill [R-MI-4], Rep. Williams, Roger [R-TX-25], Rep. Norman, Ralph [R-SC-5], Rep. Nunn, Zachary [R-IA-3], Rep. Loudermilk, Barry [R-GA-11], Rep. Grothman, Glenn [R-WI-6], Rep. Hageman, Harriet M. [R-WY-At Large], Rep. Moolenaar, John R. [R-MI-2], Rep. Gill, Brandon [R-TX-26], Rep. Lawler, Michael [R-NY-17], Rep. Barr, Andy [R-KY-6], Rep. Stauber, Pete [R-MN-8], Rep. Steil, Bryan [R-WI-1], Rep. Davidson, Warren [R-OH-8], Rep. Downing, Troy [R-MT-2], Rep. Nehls, Troy E. [R-TX-22]
Recent Actions
- 2025-05-15: Referred to the Committee on Financial Services, and in addition to the Committee on Agriculture, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-05-15: Referred to the Committee on Financial Services, and in addition to the Committee on Agriculture, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
- 2025-05-15: Introduced in House
- 2025-05-15: Introduced in House
Bill Versions
- Insurance Data Protection Act — issued 2025-05-15 — PDF (7 pages)