We expressed concerns about two sections tucked at the end of this lengthy Department of Business Regulation bill which would make numerous revisions to the insurer licensing statute. First, we opposed a purported “anti-discrimination” provision for insurers to follow, which was extremely narrow and excluded a number of protected classes, including gender identity and expression, sexual orientation, and religion. Second, we noted that a chapter creating a “cybersecurity breach reporting” structure for insurers was largely insufficient – the “penalties” for failing to follow appropriate protocols were virtually non-existent, and the bill explicitly barred a private right of action for individuals affected by a data breach. We urged that the anti-discrimination provision be expanded, and that the cybersecurity chapter be removed from the bill for individual consideration and amendment.
While the Sub A of the Senate version removed the cybersecurity chapter which we were concerned about, the narrow anti-discrimination provision remained in the amended legislation. This legislation ultimately died in the House.