KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to California

SB-354 • 2026

Insurance Information and Privacy Protection Act.

Insurance Information and Privacy Protection Act.

Crime Education Elections Privacy
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Limón
Last action
2026-06-11
Official status
From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Insurance Information and Privacy Protection Act.

SB 354, as amended, Limón.

What This Bill Does

  • SB 354, as amended, Limón.
  • Insurance Information and Privacy Protection Act.
  • The California Consumer Privacy Act of 2018 (CCPA) grants to a consumer various rights with respect to personal information that is collected by a business, including the right to request that a business delete personal information about the consumer that the business has collected from the consumer.
  • The California Privacy Rights Act of 2020, an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-06-11 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  2. 2026-05-27 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  3. 2026-04-15 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  4. 2025-06-16 California Legislative Information

    Referred to Coms. on INS. and P. & C.P.

  5. 2025-06-05 California Legislative Information

    In Assembly. Read first time. Held at Desk.

  6. 2025-06-04 California Legislative Information

    Read third time. Passed. (Ayes 28. Noes 10. Page 1502.) Ordered to the Assembly.

  7. 2025-05-27 California Legislative Information

    Read second time. Ordered to third reading.

  8. 2025-05-23 California Legislative Information

    Read second time and amended. Ordered to second reading.

  9. 2025-05-23 California Legislative Information

    From committee: Do pass as amended. (Ayes 5. Noes 1. Page 1197.) (May 23).

  10. 2025-05-16 California Legislative Information

    Set for hearing May 23.

  11. 2025-05-12 California Legislative Information

    May 12 hearing: Placed on APPR. suspense file.

  12. 2025-05-06 California Legislative Information

    Set for hearing May 12.

  13. 2025-05-01 California Legislative Information

    Read second time and amended. Re-referred to Com. on APPR.

  14. 2025-04-30 California Legislative Information

    From committee: Do pass as amended and re-refer to Com. on APPR. (Ayes 11. Noes 2. Page 939.) (April 29).

  15. 2025-04-09 California Legislative Information

    Set for hearing April 29.

  16. 2025-04-09 California Legislative Information

    From committee: Do pass and re-refer to Com. on JUD. (Ayes 5. Noes 2. Page 738.) (April 9). Re-referred to Com. on JUD.

  17. 2025-04-03 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on INS.

  18. 2025-03-28 California Legislative Information

    Set for hearing April 9.

  19. 2025-03-26 California Legislative Information

    Re-referred to Coms. on INS. and JUD.

  20. 2025-03-18 California Legislative Information

    From committee with author's amendments. Read second time and amended. Re-referred to Com. on RLS.

  21. 2025-02-19 California Legislative Information

    Referred to Com. on RLS.

  22. 2025-02-13 California Legislative Information

    From printer. May be acted upon on or after March 15.

  23. 2025-02-12 California Legislative Information

    Introduced. Read first time. To Com. on RLS. for assignment. To print.

Official Summary Text

SB 354, as amended, Limón.
Insurance Information and Privacy Protection Act.
The California Consumer Privacy Act of 2018 (CCPA) grants to a consumer various rights with respect to personal information that is collected by a business, including the right to request that a business delete personal information about the consumer that the business has collected from the consumer. The California Privacy Rights Act of 2020, an initiative measure approved by the voters as Proposition 24 at the November 3, 2020, statewide general election, amended, added to, and reenacted the CCPA. Existing law, the Insurance Information and Privacy Protection Act, establishes privacy standards for the collection, use, and disclosure of information gathered in connection with insurance transactions by insurance institutions, agents, and insurance-support organizations. The Insurance Information and Privacy Protection Act imposes various monetary penalties for violations of the act and
makes a person who knowingly and willfully obtains information about an individual from an insurance institution, agent, or insurance-support organization under false pretenses guilty of a misdemeanor.
This bill would revise the Insurance Information and Privacy Protection Act to establish new standards for the collection, processing, retaining, or sharing of consumers’ personal information by insurance licensees, surplus line insurers, reinsurers, and third-party service providers. The bill would authorize processing of a consumer’s personal information for specified purposes, including in connection with an insurance transaction. The bill would require a
licensee
licensee, surplus line insurer, reinsurer, or third-party service provider
to provide a clear and conspicuous
privacy notice
presented as a standalone document
that includes specified information to a consumer
at specified times,
within a specified period of time,
and would prohibit the processing of a consumer’s personal information unless it
is consistent with and complies with that notice and
is reasonably necessary and proportionate to achieve
the
specified
purposes related to an insurance transaction or
other purpose the consumer requested or authorized.
another purpose that is fully disclosed to the consumer and to which the consumer has consented.
The bill would also require a licensee to provide a privacy rights notice, as specified, to each consumer with whom the licensee has an ongoing business relationship. The bill would require a licensee, surplus line insurer, reinsurer, or third-party service provider to obtain a consumer’s consent to take specified actions, and would set forth the means by which consent is obtained. The bill would authorize a licensee, surplus line insurer, or reinsurer to retain personal information, as specified, and would require a licensee, surplus line insurer, or reinsurer to develop a written records retention policy and schedule. The bill would require a
licensee
licensee, surplus line insurer, or reinsurer
to provide specified information to a consumer if it makes an adverse underwriting decision, and would provide a process by which a consumer may correct, amend, or delete any personal or publicly available information about the consumer in the possession of the
licensee
licensee, surplus line insurer, reinsurer,
or its third-party service providers. The bill would require a contract between a
licensee
licensee, surplus line insurer, or reinsurer
and a third-party service provider to
clearly
govern the processing of personal information performed on behalf of the
licensee.
licensee, surplus line insurer, or reinsurer.
The bill would prohibit retaliation against a consumer because the consumer exercised or attempted to exercise their rights under the act. The bill would prohibit public disclosure of specified systems, processes, policies, procedures, and plans that are disclosed to the Insurance Commissioner. The bill would also make technical and conforming changes.
This bill would authorize a penalty of at least $5,000, not to exceed $1,000,000 in the
aggregate for multiple violations of the act. The bill would increase the fine if a cease and desist order is violated to at least $15,000 for each violation, and would increase a fine to at least $50,000 for each violation if the commissioner finds the violations to be a general business practice. Under the bill, a person who knowingly and willfully obtains information about a consumer from a licensee, surplus line insurer, reinsurer, or third-party service provider under false pretenses would be guilty of a misdemeanor, punishable by a fine of up to $50,000, imprisonment in a county jail for up to 6 months, or both, thus expanding the applicability of a crime and imposing a state-mandated local program.
Existing constitutional provisions require that a statute that limits the right of access to the meetings of public bodies or the writings of public officials and agencies be adopted with findings demonstrating the interest protected by the
limitation and the need for protecting that interest.
This bill would make legislative findings to that effect.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.

Current Bill Text

Read the full stored bill text 
Download Bill PDF