Financial Privacy in California and Congress:
The Latest Developments

Contents:

• Updated Fact Sheets Note Changes to Credit Reporting Law and Financial Privacy

• CA's SB 1 Not Pre-Empted, Court Rules

• Amended FCRA Signed into Law

• What Happened in Congress

• California Senate Bill 1, Financial Information Privacy Act

• California Voter Initiative on Financial Privacy
  
• Bay Area Local Government Ordinances on Financial Privacy

Updated Fact Sheets Note Changes to Credit Reporting Law and Financial Privacy

The PRC has updated its Fact Sheet 6, How Private is My Credit Report? to reflect changes to the Fair Credit Reporting Act (FCRA) by the Fair and Accurate Credit Transactions Act (FACTA). The Fact Sheet is available at www.privacyrights.org/fs/fs6-crdt.htm.

A new Fact Sheet has also been developed focused strictly on FACTA. Fact Sheet 6(a), FACTA, the Fair and Accurate Credit Transactions Act: Consumers Win Some, Lose Some, is available at www.privacyrights.org/fs/fs6a-facta.htm.

CA's SB 1 Not Pre-Empted, Court Rules

A long battle over financial privacy is decided today as a U.S. District Court ruled that California's SB 1 legislation is not pre-empted by weaker, Federal standards. Today's landmark decision notes that SB 1 is not pre-empted by the Federal updates to the Fair Credit Reporting Act (FCRA) because the financial information maintained by banks are not considered credit reports and therefore, does not fall under the FCRA. Thus, Californians now have more control over how financial institutions such as banks, insurers and brokerages sell and share their personal information.

The full text of SB 1 is available at:
http://www.leginfo.ca.gov/pub/bill/sen/sb_0001-0050/sb_1_bill_20030828_chaptered.pdf

The full decision is available at:
http://www.consumersunion.org/campaigns/SB1-Federal%20District%20Ruling%20Dismissing%20ABA%20Lawsuit%20(6-30-04).pdf

For more details about California's financial privacy law:
http://www.privacy.ca.gov/sheets/cis2english.pdf

New FCRA Signed into Law

The President signed the Fair and Accurate Credit Transactions Act of 2003 (FACTA) into law on December 4, 2003 which will amend of the Fair Credit Reporting Act (FCRA). The updated Act makes some improvements for consumers in regards to the accuracy of credit reports and in providing one free credit report per year with the ability to access credit scores for a "reasonable fee" from each of the credit reporting agencies (CRAs). Yet, the Act now preempts additional areas of the FCRA and does so permanently.

To read the text of the law and other related information, go to:
http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02622:

The National Consumer Law Center (NCLC) and Consumers' Union have analyses of the how FACTA will change the FCRA. See:
www.consumerlaw.org/initiatives/facta/nclc_analysis.shtml
www.consumersunion.org/pub/core_financial_services/000745.html

Consumers' Union also has an in-depth analysis of what states can still do legislatively to prevent and assist victims of identity theft in light of FACTA and how states' identity theft laws may be affected by it at:
www.consumersunion.org/pub/core_financial_services/000756.html

According to the Federal Trade Commission (FTC), "the Interim Final Rules establish December 31, 2003, as the effective date for provisions of the Act that determine the relationship between the FCRA and state laws and provisions that authorize rulemaking authority for the agencies. Second, the Notice of Proposed Rulemaking proposes an effective date of March 31, 2004, for provisions that do not require changes to business procedures. For all other provisions, the proposed effective date would be December 1, 2004."

For the full release from the FTC, see:
www.ftc.gov/opa/2003/12/fyi0372.htm

What Happened in Congress

California's efforts in financial privacy moved to Congress where the financial industry has weakened provisions of the Fair Credit Reporting Act (FCRA). The progress that California has made to protect individuals' financial privacy will be nullified when federal law preempts states from passing stronger provisions, especially in the area of affiliate sharing of customer data.

On November 4th, the Senate voted 70-24 against an amendment to Senate Bill 1753, the National Consumer Credit Reporting System Improvement Act of 2003. The amendment, introduced by Senators Feinstein and Boxer, would have prevented California's strong Financial Privacy Law from being pre-empted by the soon-to-be-updated Fair Credit Reporting Act (FCRA) and would have created a national opt-out standard for affiliate sharing so that customers could elect to not have their financial information shared by affiliated companies.
To see how your Senators voted, go to:
www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress
=108&session=1&vote=00434

To read Senator Feinstein's comments on the Senate vote and other amendments to S1753, go to:
http://feinstein.senate.gov/03Speeches/s-fcra3.htmOn November 5th, the Senate passed S1753 by a 95-2 margin. For more information about S1753, see: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.01753:.On September 10th, HR 2622 was heard in the House of Representatives and was passed with the preemption provisions largely intact -- by a 392 to 30 margin. To see how your Representatives voted, go to:
http://clerkweb.house.gov/cgi-bin/vote.exe?year=2003&rollnumber=499

For more information about HR2622, see: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR02622:

Now that both the Senate and and the House have passed similar bills, the House-Senate Conference Committee reconciles differences between the two versions. Unfortunately, neither bill offers a way for consumers to opt out of having their information shared with affiliates of financial institutions. In addition, many of the identity theft laws passed by the California State Legislature and other states in past years could be preempted (nullified).

U.S.PIRG, Consumer Federation of America, and Consumers Union lead a broad coalition of consumer organizations in the critical effort to prevent Congress from preempting the states strong privacy protection legislation.

	USPIRG, www.pirg.org/consumer/banks/action/privacy.htm and www.pirg.org/consumer/credit/fcraaction.htm See its compilation of coalition support letters and related documents at www.pirg.org/consumer/fcra.htm.
	Consumers Union, www.consumersunion.org and www.financialprivacynow.org.
	EPIC web page on Fair Credit Reporting Act and the preemption  debate, www.epic.org/privacy/fcra and www.epic.org/privacy/preemption
	Congressional Research Service's American Law Division memo on the effect of HR 2622 on current California law www.privacyrights.org/ar/HR2622CRS.pdf
	Most recent coalition testimony on Congressional proposals to amend FCRA: http://www.pirg.org/consumer/pdfs/consumer31julymierzwinski.PDF

The Privacy Rights Clearinghouse and the Identity Theft Resource Center have sent a letter to California congressional representatives asking them to oppose the legislation because "while there are useful provisions in H.R. 2622, the overall harmful impacts of the preemption provisions would exceed the bill's benefits."

• To read the full text of the PRC's letter, go to:
   www.privacyrights.org/ar/HR2622letter.htm

California SB1, Financial Information Privacy Act [Back to Top]
On August 27, 2003, California Governor Gray Davis signed Senate Bill 1 into law. After a four-year effort, the Legislature sent SB1 to the Governor's desk. The authors of the bill are Senator Jackie Speier and Senator John Burton.Generally, SB1 gives consumers an opt-in right of consent for third-party sale/sharing of customer data, an opt-out for sharing among company affiliates, and a no-opt when sharing is within a single line of business of an affiliate. Right now, financial companies can and do sell or share your customer data to other companies and with their many affiliates. The following types of customer data are fair game -- your name, address, and phone number, account balances, account types, your purchase profile, even your Social Security number. A recent Consumer Federation of California poll shows overwhelming support by California consumers to control their financial information.

• CFC Poll: 91% Voter Support for Financial Privacy Initiative
   www.privacyrights.org/ar/CFCsurvey.htm

Do you wonder how that telemarketer got your phone number - the one trying to sell you an annual subscription to a discount shopping or travel club or an insurance policy for credit account protection? Chances are, if you have received telemarketing calls like these, your customer data has been sold to a telemarketer by your bank or credit card company. The federal law, Gramm-Leach-Bliley, has a weak privacy standard, giving consumers the ability to opt-out of sharing or selling customer data to third parties. GLB offers no opt-out provisions for affiliate sharing. The law enables states to pass laws that are stronger than the federal standard.SB1, which goes into effect July 1, 2004, gives California consumers the tools to effectively stop the sale or sharing of your customer data except for necessary transactions related to the administration of your accounts. SB1 bill backers included a broad coalition of consumer organizations and industry groups including: Consumers Union, AARP, Consumer Federation of California, CALPIRG, ACLU, Privacy Rights Clearinghouse, California Attorney General and industry representatives E-Loan and California Credit Unions League.

Learn the details of SB1, the nation's strongest financial privacy law:

Provisions of SB1 passed by California State Legislature Aug. 2003 www.privacyrights.org/ar/SB1Info.htm

California Voter Initiative on Financial Privacy  [Back to Top]
The key factor that led to passage of SB1 was the financial privacy ballot initiative, slated to go on the ballot in March 2004. Initiative backers obtained 600,000 ballots by August 2003, more than enough to quality the initiative for the ballot. Polls indicated that the initiative would likely be voted into law. Industry removed its opposition to SB1 when bill supporters and industry representatives agreed to a set of compromise positions, thereby breaking the legislative logjam and making the initiative unnecessary.

Bay Area Local Government Ordinances on Financial Privacy  [Back to Top]
Another factor that played a part in the developments surrounding SB1 was the passage of opt-in financial privacy ordinances by several Bay Area governments: San Mateo County, Contra Costa County, and Daly City. These local-level laws were challenged in court by the financial companies Bank of America and Wells Fargo. A court decision in August 2003 found that local governments can pass ordinances requiring that financial companies provide an opt-in to their customers for third-party sharing of customer data. But the ruling did not uphold the ability of local governments to legislate on affiliate sharing of customer data. To learn more:

San Mateo County's Financial Privacy Ordinance including U.S. District Court Ruling
www.co.sanmateo.ca.us/smc/department/home/0,,1864_4318241_4513009,00.html

Copyright © 2003-2007. Privacy Rights Clearinghouse/UCAN. This copyrighted document may be copied and distributed for nonprofit, educational purposes only. For distribution of this fact sheet, see our copyright and reprint guidelines. The text of this document may not be altered without express authorization of the Privacy Rights Clearinghouse. This document should be used as an information source and not as legal advice. PRC documents contain information about federal laws as well as some California-specific information. Laws in other states may vary. Overall, our information is applicable to consumers nationwide.

Privacy Rights Clearinghouse, 3100 - 5th Ave., Suite B, San Diego, CA 92103. Web: www.privacyrights.org