Legislature(2023 - 2024)BUTROVICH 205
04/05/2024 01:30 PM Senate JUDICIARY
Note: the audio ![]()
and video ![]()
recordings are distinct records and are obtained from different sources. As such there may be key differences between the two. The audio recordings are captured by our records offices as the official record of the meeting and will have more accurate timestamps. Use the icons to switch between them.
| Audio | Topic |
|---|---|
| Start | |
| SB134 | |
| HJR3 | |
| Adjourn |
* first hearing in first committee of referral
+ teleconferenced
= bill was previously heard/scheduled
+ teleconferenced
= bill was previously heard/scheduled
| += | SB 134 | TELECONFERENCED | |
| + | TELECONFERENCED | ||
| += | HJR 3 | TELECONFERENCED | |
SB 134-INS. DATA SECURITY; INFO. SECURITY PRGRMS
[CSSB 134(L&C) was before the Senate.]
1:35:36 PM
CHAIR CLAMAN announced the consideration of SENATE BILL NO. 134
"An Act relating to insurance data security; amending Rule 26,
Alaska Rules of Civil Procedure, and Rules 402 and 501, Alaska
Rules of Evidence; and providing for an effective date."
CHAIR CLAMAN said this is the second hearing of SB 134 in the
Senate Judiciary Committee. The bill sponsor requested changes
to the bill and the intention is to consider a committee
substitute (CS). He invited Ms. Kakaruk to identify herself for
the record and explain the changes.
1:36:15 PM
BREANNA KAKARUK, Staff, Senator Matt Claman, Alaska State
Legislature, Juneau, Alaska, presented the explanation of
changes for SB 134 from version S to R:
[Original punctuation provided.]
Summary of Changes for SB 134 Bill Version S to R
Structural Change
All sections of the bill moved from AS 21.96 to AS
21.23. The Legal Services Division felt that the topic
of the bill would fit better under Risk Management in
Alaska Statute.
Throughout the bill, changes all references of 72
hours to 3 business days instead.
All Changes are in Section 1
• Page 1, Lines 7-14
• Adds a new section, Purpose and Construction,
establishing an exclusivity standard.
• Page 2, Lines 1-5
• Adds clarifying language regarding the scope of
the risk assessment.
• Page 4, Lines 1-4
• Adds clarifying language to ensure due
diligence of licensees when using externally
developed applications.
• Page 5, Lines 2-9
• Adds clarifying language regarding access to
encrypted nonpublic information.
1:37:27 PM
MS. KAKARUK continued the explanation of changes for SB 134
from version S to R:
• Page 8, Lines 8-10
• Changes "law enforcement official" to be
exclusively of federal law enforcement. There
were concerns that law enforcement would be too
broad.
• Page 8, Lines 25-26
• Adds clarifying language regarding notification
to the director by licensees.
• Page 10, Lines 27-29
• Provides reporting requirement exemptions for
assuming insurers with exceptions.
• Page 11, Lines 9-23
• Clarifies reporting requirements regarding
insurers and insurance producers.
• Pages 14-16
• Clarifies some definitions. Of note, the
definition of "non-public information" is
expanded upon.
1:38:28 PM
SENATOR KIEHL referred to page 4, recalling that past practice
required procedures for evaluating, assessing, and testing
third-party applications. He expressed his belief that the
proposed CS requires only "testing" and requested an explanation
for the removal of "evaluating and assessing" from the
procedure.
1:39:10 PM
SENATOR KAUFMAN commented that he would defer to the expertise
of Ms. Wing-Heier as the committee proceeds to delve into the
specifics of SB 134. He replied, speaking broadly, many of the
changes in the bill concern practical implementation, tightening
where possible, and recognizing the realities of the
marketplace, including how contractors are managed through
contracts. He deferred to Ms. Wing-Heier to further elaborate.
1:39:57 PM
LORI WING-HEIER, Director, Division of Insurance, Department of
Commerce, Community & Economic Development, Anchorage, Alaska,
stated that the pared down language was the result of a
compromise with industry. Originally, the language was probably
a bit more stringent. She recalled that industry wanted to use
the term "to safeguard," but in discussions with the sponsor's
staff, it was determined that the phrase implied passive
protection rather than active testing and risk assessment. As a
result, the CS pares the language down to testing. The reasoning
was that if testing was required, it would inherently involve
prior procedures and processes. She reiterated that she nor the
bill sponsor agreed to the use of the term "to safeguard."
1:41:08 PM
SENATOR KIEHL sought confirmation that, as a direct result of
requiring testing, procedures for assessment and evaluation
would inherently follow. He restated that a third-party would
have to assess and evaluate the system to determine what should
be tested.
MS. WING-HEIER affirmed that was her logic. She explained that
testing was the stronger of the original terms and would still
provide a fairly good level of protection.
1:41:29 PM
SENATOR KIEHL referred to subsection (h) on page 10, lines 27 -
29, and requested that she walk the committee through the
difference between an assuming insurer and a ceding insurer.
MS. WING-HEIER replied that an assuming insurer could be,
perhaps, a front-end company that takes on risk on behalf of
another insurer in commercial transactions. She used a
hypothetical example to explain the terminology. If an Alaskan
insurer such as Alaska National [Insurance Company] was unable
to meet the required coverage limits for a huge property risk,
another insurer might step in and quote a share, thus becoming
the assuming insurer.
MS. WING-HEIER stated that while the arrangement functions
somewhat like reinsurance, the structure can differ. The
assuming insurer assumes a risk and the ceding insurer still
appears in the documentation. She noted that the division sees
these types of arrangements frequently in commercial
transactions but not in personal lines of insurance.
1:42:58 PM
SENATOR KIEHL sought confirmation that the assuming insurer does
not have the notice obligations with this change.
MS. WING-HEIER confirmed that is correct. The insurer actually
holding the risk would have the obligation to provide notice to
the division.
1:43:18 PM
CHAIR CLAMAN followed up to clarify which party would have the
obligation to notify the division.
MS. WING-HEIER affirmed the clarification.
1:43:47 PM
SENATOR KIEHL referred to the exemptions in subsection (k) on
page 11, lines 18 23. He noted that the proposed CS exempts an
insurer from notifying an insurance producer if "the producer is
not authorized by law or contract to sell, solicit, or negotiate
on behalf of the insurer." He asked why the CS includes this
exemption if the producer is not authorized to conduct business
for the insurer.
1:44:33 PM
MS. WING-HEIER reviewed subsection (j) before responding. She
explained the requirement in subsection (j) by presenting a
hypothetical in which State Farm is the insurer. The insurer
shall notify an insurance producer, the local captive agent, if
a cybersecurity event occurred or is suspected. She explained
that these producers use the insurer's computer systems, not
their own.
MS. WING-HEIER turned to subsection (k), explaining that the
insurer is exempt from notifying the insurance producer if "the
producer is not authorized by law or contract to sell, solicit,
or negotiate on behalf of the insurer." She noted it is very
common in Alaska for agencies to represent multiple carriers,
stating that Allstate allows insurance producers to represent
other carriers.
MS. WING-HEIER described a scenario in which an individual works
in an Allstate agency but is licensed to represent consumers of
Alaska National [Insurance Company], not Allstate. In such a
case, if a breach occurred at Allstate, the insurance company
would not be required to notify the individual who is not
licensed to sell Allstate products, even if that person shares
an office with someone who is.
1:46:00 PM
SENATOR KIEHL sought confirmation that the insurer would still
have to notify the appropriate individuals who represent it
within the office.
MS. WING-HEIER answered in the affirmative, differentiating
those from individuals the insurer has not licensed.
1:46:24 PM
SENATOR KAUFMAN briefly described the process SB 134 underwent,
stating it is a technical bill. He said that he worked from a
matrix of conditions, proposals, statuses, along with a
spreadsheet to track how each element interrelated. He remarked
that it was quite a project and found it interesting to work
through its many intricacies. He expressed appreciation to
Ms. Wing-Heier for her capable assistance throughout the
process.
1:47:00 PM
CHAIR CLAMAN stated that SB 134 is model legislation. He asked
about the group and model provisions the bill was based on.
MS. WING-HEIER replied that it was National Association of
Insurance Commissioners (NAIC) Model [668], which has been
adopted by 23 states. She said the change was pursued not only
because it was beneficial, but also in response to a warning
from the federal government that if states did not act, it
would.
1:47:37 PM
CHAIR CLAMAN confirmed the association was NAIC and re-asked
about the model number.
1:47:40 PM
MS. WING-HEIER expressed her belief that the model number was
[668] but said she would confirm.
1:47:46 PM
CHAIR CLAMAN asked whether SB 134 had a House companion bill. He
further asked, from the Division of Insurance's perspective,
whether the legislature should seek to pass the bill this
session or if deferring action until the next session would be
acceptable.
1:48:15 PM
MS. WING-HEIER replied that she would appreciate the passage of
SB 134 this session, in part due to concern that the federal
government may impose its own requirements on Alaska if the
state does not act. She said Representative Stapp is carrying
House companion bill [HB 324]. She noted that the bill passed
out of the House Labor and Commerce Committee and is headed to
the House Judiciary Committee.
1:48:58 PM
SENATOR KAUFMAN expressed appreciation to everyone who worked on
SB 134.
1:49:14 PM
CHAIR CLAMAN stated that during his legislative career, he had
carried several different model acts and appreciates the
importance of this type of detailed work.
MS. WING-HEIER reiterated that she would confirm the model
number.
1:49:48 PM
CHAIR CLAMAN solicited a motion.
1:49:51 PM
SENATOR KIEHL moved to adopt the committee substitute (CS) for
SB 134, work order 33-LS0253\R, as the working document.
1:50:03 PM
CHAIR CLAMAN found no objection and CSSB 134 was adopted as the
working document.
1:50:11 PM
CHAIR CLAMAN held SB 134 in committee.
MS. WING-HEIER said the correct model number is 668.
CHAIR CLAMAN reiterated the correct model number is 668.
| Document Name | Date/Time | Subjects |
|---|---|---|
| HJR 3 Letter of Support 3.20.2024.pdf |
SJUD 4/5/2024 1:30:00 PM |
HJR 3 |
| HJR 3 Letters of Opposition received as of 4.5.2024.pdf |
SJUD 4/5/2024 1:30:00 PM |
HJR 3 |
| SB 134 version R 3.29.24.pdf |
SJUD 4/5/2024 1:30:00 PM |
SB 134 |
| SB 134 Summary of Changes Ver S to R 4.4.2024.pdf |
SJUD 4/5/2024 1:30:00 PM |
SB 134 |
| HJR 3 version R 4.4.2024.pdf |
SJUD 4/5/2024 1:30:00 PM |
HJR 3 |
| HJR 3 Explanation of Changes version S to R 4.5.2024.pdf |
SJUD 4/5/2024 1:30:00 PM |
HJR 3 |