KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to California

SB-354 • 2026

Insurance Information and Privacy Protection Act.

Insurance Information and Privacy Protection Act.

Crime Education Elections Privacy
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Limón
Last action
2026-04-15
Official status
From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.
Effective date
Not listed

Plain English Breakdown

The official summary does not provide detailed information on enforcement costs or consumer rights to request changes in personal information.

Insurance Information and Privacy Protection Act

The Insurance Information and Privacy Protection Act updates privacy rules for insurance companies and their partners, requiring clear notices to consumers about how personal information is used.

What This Bill Does

  • Updates the existing Insurance Information and Privacy Protection Act with new standards for handling consumer personal information.
  • Requires insurance companies (licensees) to provide clear privacy notices to customers at specific times.
  • Prohibits processing of a customer's personal information unless it is necessary, reasonable, and agreed upon by the customer.
  • Sets fines and penalties for violations, including suspension or revocation of licenses for repeat offenders.
  • Expands criminal penalties for obtaining consumer information under false pretenses.

Who It Names or Affects

  • Insurance companies and their partners (third-party service providers).
  • Consumers who interact with insurance companies.

Terms To Know

Licensee
An insurance company or agent that is legally allowed to provide insurance services.
Third-party service provider
A company that works with an insurance licensee but is not directly regulated by the same rules as the licensee.

Limits and Unknowns

  • The bill does not specify how much it will cost to enforce these new privacy standards.
  • It's unclear what specific information must be included in the privacy notices provided to consumers.
  • There are no details on how often or under what circumstances a consumer can request changes to their personal information.

Bill History

  1. 2026-04-15 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  2. 2025-06-16 California Legislative Information

    Referred to Coms. on INS. and P. & C.P.

  3. 2025-06-05 California Legislative Information

    In Assembly. Read first time. Held at Desk.

  4. 2025-06-04 California Legislative Information

    Read third time. Passed. (Ayes 28. Noes 10. Page 1502.) Ordered to the Assembly.

  5. 2025-05-27 California Legislative Information

    Read second time. Ordered to third reading.

  6. 2025-05-23 California Legislative Information

    Read second time and amended. Ordered to second reading.

  7. 2025-05-23 California Legislative Information

    From committee: Do pass as amended. (Ayes 5. Noes 1. Page 1197.) (May 23).

  8. 2025-05-16 California Legislative Information

    Set for hearing May 23.

  9. 2025-05-12 California Legislative Information

    May 12 hearing: Placed on APPR. suspense file.

  10. 2025-05-06 California Legislative Information

    Set for hearing May 12.

  11. 2025-05-01 California Legislative Information

    Read second time and amended. Re-referred to Com. on APPR.

  12. 2025-04-30 California Legislative Information

    From committee: Do pass as amended and re-refer to Com. on APPR. (Ayes 11. Noes 2. Page 939.) (April 29).

  13. 2025-04-09 California Legislative Information

    Set for hearing April 29.

  14. 2025-04-09 California Legislative Information

    From committee: Do pass and re-refer to Com. on JUD. (Ayes 5. Noes 2. Page 738.) (April 9). Re-referred to Com. on JUD.

  15. 2025-04-03 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  16. 2025-03-28 California Legislative Information

    Set for hearing April 9.

  17. 2025-03-26 California Legislative Information

    Re-referred to Coms. on INS. and JUD.

  18. 2025-03-18 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on RLS.

  19. 2025-02-19 California Legislative Information

    Referred to Com. on RLS.

  20. 2025-02-13 California Legislative Information

    From printer. May be acted upon on or after March 15.

  21. 2025-02-12 California Legislative Information

    Introduced. Read first time. To Com. on RLS. for assignment. To print.

Official Summary Text

SB 354, as amended, Limón.
Insurance
Consumer
Information and
Privacy Protection
Act of 2025.
Act.
The California Consumer Privacy Act of 2018 (CCPA) grants to a consumer various rights with respect to personal information that is collected by a business, including the right to request that a business delete personal information about the consumer that the business has collected from the consumer. The California Privacy Rights Act of 2020, an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA. Existing law, the Insurance Information and Privacy Protection Act, establishes privacy standards for the collection, use, and disclosure of information gathered in connection with insurance transactions by insurance institutions, agents, and insurance-support organizations.
The Insurance Information and
Privacy Protection Act imposes various monetary penalties for violations of the act and makes a person who knowingly and willfully obtains information about an individual from an insurance institution, agent, or insurance-support organization under false pretenses guilty of a misdemeanor.
This bill would
enact the Insurance Consumer Privacy Protection Act of 2025
revise the Insurance Information and Privacy Protection Act
to establish new standards for the collection, processing, retaining, or sharing of consumers’ personal information by insurance licensees and their third-party service providers. The bill would authorize processing of a consumer’s personal information for specified purposes, including in connection with an insurance transaction. The bill would require a licensee to provide a clear and conspicuous privacy notice that includes specified information to a consumer at specified times, and would prohibit the processing of a consumer’s personal information unless it is consistent with and complies with that notice and is reasonably necessary and proportionate to achieve the purposes related to an insurance transaction or other purpose the consumer requested or authorized. The bill would also require a licensee to provide a privacy rights notice, as specified, to each consumer with whom the licensee has an ongoing business relationship. The bill would require a licensee or third-party service provider to
obtain a consumer’s consent to take specified actions, and would set forth the means by which consent is obtained. The bill would authorize a licensee to retain personal information, as specified, and would require a licensee to develop a written records retention policy and schedule. The bill would require a licensee to provide specified information to a consumer if it makes an adverse underwriting decision, and would provide a process by which a consumer may correct, amend, or delete any personal or publicly available information about the consumer in the possession of the licensee or its third-party service providers. The bill would require a contract between a licensee and a third-party service provider to clearly govern the processing of personal information performed on behalf of the licensee. The bill would prohibit retaliation against a consumer because the consumer exercised or attempted to exercise their rights under the act. The bill would prohibit public disclosure of specified systems,
processes, policies, procedures, and plans that are disclosed to the Insurance Commissioner.
The bill would also make technical and conforming changes.
To determine if a licensee or third-party service provider has been or is engaged in any conduct in violation of the act, this bill would authorize the commissioner to examine and investigate the licensee or third-party service provider, then hold a hearing regarding those violations. If a hearing results in a finding of a knowing violation, the bill would require the commissioner to issue a cease and desist order and
This
bill
would authorize a penalty of at least $5,000, not to exceed $1,000,000 in the aggregate for multiple
violations.
violations of the act.
The bill would
authorize additional fines and suspension or revocation of the licensee’s license
increase the fine
if a cease and desist order is
violated.
violated to at least $25,000, but not more than $10,000,000, for each violation, and would increase a fine to at least $50,000 for each violation if the commissioner
finds the violations to be a general business practice.
Under the bill, a person who knowingly and willfully obtains information about a consumer from a licensee or third-party service provider under false pretenses would be guilty of a misdemeanor, punishable by a fine of up to $50,000, imprisonment in a county jail for up to 6 months, or both, thus
creating
expanding the applicability of
a crime and imposing a state-mandated local program.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.

Current Bill Text

Read the full stored bill text 
Download Bill PDF