In a significant move toward enhancing consumer rights, California lawmakers have introduced Senate Bill 354, the Insurance Consumer Privacy Protection Act of 2025, aiming to bolster transparency and accountability in the state's insurance market. Authored by state Senator Monique Limón and sponsored by California Insurance Commissioner Ricardo Lara, this bill seeks to give consumers greater control over their personal data.
SB 354 is designed to exceed existing protections under California’s consumer privacy laws, including the Consumer Privacy Rights Act. The bill covers a wide range of personal identifiers, such as real names, email addresses, social security numbers, and even biometric information. It aims to protect the privacy of over 400,000 California insurance licensees and their third-party service providers.
The legislation outlines several key consumer rights, including the right to consent to the sharing of personal information, the right to amend or delete inaccurate information, and the right to access categories of personal information processed by licensees. Additionally, it ensures that consumers can exercise their privacy rights without fear of retaliation.
In a similar vein, Massachusetts lawmakers have also taken steps to enhance data privacy protections for residents. On April 9, 2025, Representatives Andy Vargas and David Rogers introduced the Massachusetts Data Privacy Act (H 104), which aims to safeguard sensitive online information. The bill emphasizes 'data minimization' standards, limiting the data that companies can collect and process to what is necessary for their stated purposes.
Vargas and Rogers have positioned their proposal as a top priority for the Legislature, particularly in light of growing concerns about companies collecting and selling consumer data without adequate consent. "Data minimization is just the notion that the company uses it only for the specific purpose the person’s there — they don’t gather all this other information and start selling it to other third parties," Rogers explained during a hearing of the Joint Committee on Advanced Information Technology, the Internet and Cybersecurity.
The Massachusetts bill also includes protections against targeted advertising for minors and grants residents the ability to sue for data privacy violations. It imposes restrictions on processing sensitive information such as geolocation and biometric data, empowering Bay Staters to request corrections or deletions of their data.
However, not all stakeholders are in agreement on the best approach to data privacy. Andrew Kingman, representing the State Privacy & Security Coalition, which includes major tech companies like Amazon and Google, urged the committee to consider different frameworks. He praised the Comprehensive Massachusetts Consumer Data Privacy Act (H 80), which aligns with regulations adopted in other states, but raised concerns about the implications of the proposed data minimization standards.
Kingman argued that the data minimization provisions could create confusion for companies trying to comply with the law. He suggested that differing standards across states could hinder Massachusetts businesses in reaching their customers, contrasting with the more straightforward regulations in neighboring states like Connecticut and Rhode Island.
Despite these concerns, committee co-chair Senator Michael Moore emphasized the urgent need for stronger data protections, citing the increasing frequency of data breaches and how personal data has been weaponized, particularly in relation to women's health issues. "Congress should act to protect our residents, but we know they will not," Moore stated, urging the Legislature to take action.
As both California and Massachusetts move forward with their respective bills, the focus on consumer privacy rights is becoming a pressing issue across the nation. With technology companies collecting vast amounts of data, the need for clear and enforceable privacy protections has never been more critical.
In California, SB 354 not only aims to enhance consumer rights but also establishes enforcement mechanisms, allowing the California insurance commissioner to impose escalating penalties on licensees and third-party providers found in violation of the act. This could set a precedent for other states looking to strengthen their own privacy laws.
Meanwhile, the Massachusetts Data Privacy Act seeks to empower consumers while ensuring that companies are held accountable for their data practices. The ongoing discussions among lawmakers reflect a growing recognition of the complexities involved in regulating data privacy in an increasingly digital world.
As these legislative efforts unfold, both states are poised to lead the way in establishing robust frameworks that prioritize consumer privacy, potentially influencing similar initiatives in other jurisdictions. The outcome of these bills could reshape how personal data is handled across various sectors, underscoring the importance of consumer rights in today's data-driven economy.
