California Financial Information Privacy Act: Senate Bill 1 (Speier & Burton)


Courtesy of the office of California Senator Jackie Speier. Text of this bill is available at:


California Financial Information Privacy Act:
Senate Bill 1
(Speier & Burton)


Overview of Provisions of Senate Bill 1 (SB 1)

  • Signed into law by Gov. Gray Davis August 27, 2003.
  • Bill takes effect July 1, 2004.
  • Strongest financial privacy protections in the country.
  • Gives consumers final say in the sharing of their info.
  • Significantly restricts financial profiling of consumers.
  • User-friendly/understandable notice sent to consumers.
  • Level playing field for both small and large institutions.
  • Penalties doubled for identity theft victims.
  • Opt-In standard (get consumer permission first) generally to share information with outside companies.
  • Opt-Out standard (consumer may halt at their request) generally for info sharing in the "family of companies" (affiliates and subsidiaries).
  • Functional regulator can approve alternative to mandated (safe harbor) notice if rigorous readability and clarity standards met; no safe harbor granted, rebuttable presumption instead (3 year sunset on this provision).
  • Alternatives to mandated notice must be filed with Office of Privacy Protection.
  • Prepaid reply postage on notice required unless consumer offered two cost-free ways to respond to notice (e.g., toll-free call, website). Return envelope required.
  • Clarification of sharing in agreements between consumers and licensed broker-dealers in securities industry.
  • For affinity situations (e.g. Sierra Club Visa card), opt-out standards retained, now
    includes telephone number with other contact information.
  • Penalties detailed in bill can be assessed by functional regulators, instead of local
    law enforcement. Attorney General enforcement powers retained.

Sharing Information Always Allowed for These Purposes

  • Sharing customer data between affiliates in single line of business under same regulators.
  • Transactional ("necessary to effect, administer or enforce a transaction requested or authorized by the consumer" & "with the consent of or at the direction of the consumer")
  • Operational (security reasons, customer disputes or inquiries, etc.)
  • ID theft ("to protect against or prevent actual or potential fraud", etc.)
  • Law enforcement purposes
  • Relating to a business merger, sale or transferTo comply with federal, state or local laws and judicial processesElder financial abuse cases (known and suspected)
  • Outsourcing functions with vendors (mail house, data processing, etc.)
  • To identify or locate the following: missing and abducted children, parents delinquent in child support payments, organ and bone marrow donors, pension fund beneficiaries, and missing heirs.
  • Pursuant to the USA PATRIOT act

Text of Financial Privacy Notice

Important Privacy Choices for Consumers

You have the right to control whether we share some of your personal information.
Please read the following information carefully before you make your choices below.

Your Rights

You have the following rights to restrict the sharing of personal and financial information with our affiliates (companies we own or control) and outside companies that we do business with. Nothing in this form prohibits the sharing of information necessary for us to follow the law, as permitted by law, or to give you the best service on your accounts with us. This includes sending you information about some other products or services.

Your Choices

Restrict Information Sharing With Companies We Own or Control (Affiliates): Unless you say "No," we may share personal and financial information about you with our affiliated companies.

(_) NO, please do not share personal and financial information with your affiliated companies.

Restrict Information Sharing With Other Companies We Do Business With To Provide Financial Products And Services: Unless you say "No," we may share personal and financial information about you with outside companies we contract with to provide financial products and services to you. (_) NO, please do not share personal and financial information with outside companies you contract with to provide financial products and services.


Time Sensitive Reply

You may make your privacy choice(s) at any time. Your choice(s) marked here will remain unless you state otherwise. However, if we do not hear from you we may share some of your information with affiliated companies and other companies with whom we have contracts to provide products and services.Name: ______________________________ Account or Policy Number(s):____________________________________[to be filled in by consumer]Signature: ___________________________________________________ To exercise your choices do [one of] the following: (1) Fill out, sign and send back this form to us using the envelope provided (you may want to make a copy for your records); [#1 is mandatory] [(2) Call this toll-free number (800) xxx-xxxx or (xxx) xxx-xxxx; [optional]

[(3) Reply electronically by contacting us through the following Internet option:] [optional]

[End of Notice]

History and Timeline of Financial Privacy Legislation

  • 1999 - Feds enact Gramm-Leach-Bliley (GLB); allows for creation of "financial supermarkets"
    by allowing banks, insurance companies and securities firms to merge. Privacy provisions an
    afterthought necessary to get votes on Hill, include "Sarbanes amendment" (states can go beyond
    federal privacy protections).

  • 2000 - First Speier bill on topic (SB 1337) dies in first policy committee in State Senate.
  • February 2001 - Introduction of SB 773 (Speier) - states that a financial institution must get permission before sharing/selling consumer financial information (opt-in). Bill is opposed by financial institutions.
  • July 2001 - SB 773 amended to reflect opt-in/opt-out combination preferred by Davis administration.
  • September 2001 - SB 773 dies on Assembly floor, falling 9 votes short of passage in last days of session - "corporate Dems" key to failure, pushed hard by financial institutions, who want no bill whatsoever.
  • Early 2002 - Speier urged by Assembly Speaker to work with Assemblyman Nation on a compromise.
  • August 2002 - Speier & Nation reach agreement. Bill supported by consumer groups and some businesses.
  • August 31, 2002 - SB 773 fails on Assembly floor, 3 votes short of passage, thanks to opposition by business groups, who spend $20 million in 2001-2002 working to defeat the bill.
  • December 2002 - Senate Bill 1 introduced by Speier and Senate President Pro Tempore John Burton.
  • March 3, 2003 - SB 1 passes the Senate on a 23-6 vote and moves to the Assembly.
  • June 3, 2003 - SB 1 is endorsed by Governor Davis, who urges swift passage.
  • June 17, 2003 and July 8, 2003 - SB 1 fails in Assembly Banking & Finance Committee.
  • August 14, 2003 - Speier announces agreement with business and consumer groups on bill.
  • August 18, 2003 - SB 1 is resurrected, passes 3 Assembly committees and full Assembly on a vote of 76-1.
  • August 19, 2003 - SB 1 receives final approval by Senate on a 31-6 vote and is sent to Governor Davis, who pledged to sign the bill.
  • August 27, 2003 - Governor signs SB 1 into law.

Comparison with Current Federal Law, Gramm-Leach-Bliley


SB 1

Federal Law

  • Selling or sharing consumer information with outside company (third party)



  • Selling or sharing within "family of companies" (affiliates & subsidiaries)



  • Sharing between 2 financial institutions jointly offering a financial product



  • Sharing to complete a transaction



  • Clear & readable consumer form?



Opt-In = Company must receive consumer permission first.
Opt-Out = Consumer can stop sharing if they object.
No-Opt = Consumer cannot stop the sharing.
= Generally