US 2004 Introduced Financial Privacy Legislation Resources in United States
US 2004 Introduced Financial Privacy Legislation Resources
| State: | Bill Summary: |
| Arizona | H.B. 2311 Relates to transmissions of personal identifying information. If personal identifying information is stolen from a person or entity, the person or entity shall notify its customers that their personal identifying information has been stolen and shall provide information on what the customers may do to protect against the unauthorized use of their personal identifying information. |
| H.B. 2581 Concerns telephone solicitations; requires disclosure by consumer services employee of the complete street address, including city, state and county and the consumer services employee’s true legal name; prohibits such employee from sending a person’s financial, credit or identifying information to any foreign county unless the person gives express written permission; amends provisions regarding state contracts for telephone solicitation services. |
|
| California | A.B. 258 Died pursuant to Art. IV, Sec. 10(c) of the California Constitution 2/2/04 Prohibits any retail seller from requesting personal identifying information, as defined, from any person making a return or exchange of merchandise, if paid for by cash. |
| A.B. 664 Requires a person or entity conducting business in California that shares personal information with offices, affiliates, subcontractors, or subsidiaries outside of the United States to disclose to the customer specific information about the information shared, including the category of personal information, and country where the information is or may be shared. |
|
| A.B. 735 Died pursuant to Art. IV, Sec. 10(c) of the California Constitution 2/4/04 Known as the Taxpayer Privacy Bill of Rights Act, this bill prohibits the Franchise Tax Board from releasing a taxpayer’s personal or financial information to the general public, unless the Franchise Tax Board shows a compelling interest for the disclosure of that information and the disclosure is first authorized by the courts. Expands the scope of the Taxpayers’ Rights Advocate’s authority to review and facilitate resolution of taxpayer complaints to include complaints regarding the unauthorized release of taxpayers’ personal and financial information to the general public by employees or officers of the Franchise Tax Board. Specifies that an officer or employee of the Franchise Tax Board may not threaten to release a taxpayer’s personal or financial information for purposes of forcing a taxpayer to accept an offer to settle the taxpayer’s civil tax liability dispute. Provides that the release of, or a threat to release, that information by an officer or an employee of the Franchise Tax Board would constitute grounds for termination or other disciplinary actions as provided by existing law. |
|
| A.B. 1387 Died pursuant to Art. IV, Sec. 10(c) of the California Constitution 2/4/04 Requires that each house of the Legislature use a unique number other than an individual’s social security number to identify its employees, beginning January 1, 2005. Requires that each house of the Legislature establish and maintain a permanent privacy policy that includes the principles set forth in existing law for state agencies. Requires each house to provide specified notice to persons before collecting personal information, to establish rules for persons using this personal information, to establish safeguards to protect the confidentiality of the personal information, and to provide notification of any breach in security. |
|
| A.B. 1664 Died pursuant to Art. IV, Sec. 10(c) of the California Constitution 2/2/04 Enacts the Bank Customer Bill of Rights that would prohibit banks from engaging in various acts, including selling private credit information about a customer to a marketing business without the customer’s consent, charging customers using the bank’s automated teller machine cards an overdraft penalty that is $30 or more without providing a specified notice, issuing a credit card that has an interest rate that is greater than two percent above the prime rate, and charging a customer with a higher than average interest rate on a loan if the customer qualifies for a lower interest rate and the bank has not made the customer aware of that fact. |
|
| A.B. 2421 Enacts the Taxpayer Privacy Bill of Rights Act and prohibits the Franchise Tax Board from releasing a taxpayer’s personal or financial information to the general public, unless the Board shows a compelling interest for the disclosure of that information and the disclosure is first authorized by the courts. Expands the scope of the Taxpayers’ Rights Advocate’s authority to review and facilitate the resolution of taxpayer complaints to include complaints regarding the unauthorized release of a taxpayer’s personal and financial information to the general public by employees or officers of the board. Provides for the suspension of the accrual of interest and penalties during any stay of a pending action that is authorized by the advocate. Specifies that an officer or employee of the Board may not threaten to release a taxpayer’s personal or financial information for purposes of forcing a taxpayer to accept an offer to settle the taxpayer’s civil tax liability dispute. Provides that the release of, or an express or implied threat to release, that information by an officer or an employee of the Board for purposes of forcing a tax settlement would constitute grounds for termination or other disciplinary actions as provided by existing law. Specifies conditions for the Board’s disclosure of a taxpayer’s financial or personal information in any court or administrative proceeding where that information would otherwise be made available to the general public. Allows a taxpayer, who has sustained damages as the result of any unauthorized release of, or a threat to release, the taxpayer’s personal or financial information, to pursue an action for damages against the Board or its officers or employees. |
|
| A.B. 2583 Failed to pass Assembly 5/27/04 Prohibits a landlord from demanding private or personal information from existing tenants as a condition of continuing residency, except as specified. Provides that a landlord or his or her agent who violates its provisions is liable for actual damages, a civil penalty, and attorney’s fees, as specified. |
|
| S.B. 1279 Passed Senate 5/24/04 Requires an agency, or a person or business conducting business in California that possesses noncomputerized data, as defined, that includes the personal information of a consumer, to notify the consumer of any unauthorized disclosure of that information, as specified. |
|
| S.B. 1330 Passed Senate 5/17/04 Prohibits a provider of embedded automotive telematic services, as defined, from collecting, selling, sharing, transferring, or otherwise disclosing nonpublic personal information, as specified, without the explicit prior consent of the consumer or subscriber to whom the nonpublic personal information relates, offered in a clear and conspicuous manner, unless the collection or disclosure is necessary to effect, administer, or enforce an agreement with the consumer or subscriber. Specified rights and remedies would apply to a violation thereof. |
|
| S.B. 1451 Vetoed by governor 9/29/04 Prohibits a person who receives protected information, as specified, from sharing or disclosing the information in a manner that would be prohibited by a privacy law, as specified. Provides that the person would be civilly liable for sharing or disclosing that information, as specified. |
|
| S.B. 1664 Relates to existing law requiring a business to destroy a customer’s records containing personal information. Expands the definition of business for these purposes to include a subcontractor of a business that is entrusted with a customer’s personal information. |
|
| Colorado | H.B. 1278 Postponed indefinitely 3/2/04 Makes it a deceptive trade practice under the Colorado Consumer Protection Act for a mortgage originator to sell personal information of a client. |
| H.B. 1289 Postponed Indefinitely 3/11/04 Requires a commercial call center receiving a consumer’s call to immediately, upon the consumer’s request, identify the location of the call center, the identity of the employee the consumer is speaking with, and the true legal name or trade name of the operator of the call center. Requires a consumer’s express, written permission before a telephone call containing personal information may be routed into or through a foreign country. Defines the failure of a business to provide such notice or obtain such consent as a deceptive trade practice, subject to existing penalties under the Colorado Consumer Protection Act. Makes a contract formed as a result of, or in connection with, a violation of these provisions void and unenforceable against the consumer. |
|
| Connecticut | S.B. 395 Requires employees of call centers to identify themselves to consumers and prohibits such employees from sending consumers’ personal identifying or financial information to foreign countries. |
| S.B. 400 Failed Joint Favorable deadline 3/9/04 Requires that employees of customer sales and services call centers provide identifying information to persons who call and prohibits vendors from sending financial or identifying information about its customers overseas. |
|
| Florida | H.B. 393 Laid on table 4/29/04 Prohibits the use of deception to obtain certain personal information for commercial solicitation purposes; provides penalties; prohibits the sale or disclosure of personal customer information by persons in bankruptcy; provides an exception; provides penalties; provides an exception to a civil penalty; prohibits falsely representing oneself as being affiliated with a law enforcement or firefighting agency or public utility; provides a civil penalty; provides that a violation of s. 817.568, F.S., relating to criminal use of personal identification information, is an unfair or deceptive act or practice or unfair method of competition in violation of pt. II of ch. 17 501, F.S.; provides penalties. |
| H.B. 1189 Died in committee 4/30/04 Requires certain persons who maintain computerized data that contains personal information to notify any state resident whose unencrypted personal information may have been obtained as result of security breach; provides for forms of notice; provides exceptions and alternative forms of notice; provides for delays in notification in certain circumstances. |
|
| S.B. 482 Died on calendar 4/30/04 Prohibits the use of deception to obtain certain personal information for commercial solicitation purposes; provides penalties; prohibits the sale or disclosure of personal customer information by persons in bankruptcy; provides an exception; provides penalties; provides an exception to a civil penalty; prohibits falsely representing oneself as being affiliated with a law enforcement or firefighting agency or public utility; provides a civil penalty; provides that a violation of s. 817.568, F.S., relating to criminal use of personal identification information, is an unfair or deceptive act or practice or unfair method of competition in violation of pt. II of ch. 17 501, F.S.; provides penalties. |
|
| S.B. 2684 Died in committee 4/30/04 Requires certain persons who maintain computerized data that contains personal information to notify any state resident whose unencrypted personal information may have been obtained as result of security breach; provides for forms of notice; provides for delays in notification in certain situations. |
|
| Hawaii | S.B. 3199 Prohibits a financial institution from disclosing a customer’s financial information, subject to exceptions. Establishes penalties. |
| Idaho | H.B. 555 Adds to existing law to provide legislative intent relating to the protection of personal information; provides for disclosure upon breach in the security of personal information by certain agencies, persons and businesses; provides for delayed notification in the event of certain criminal investigations; provides for means of notice; provides an exception; and provides certain rights and remedies for breach in the security of personal information. |
| Illinois | H.B. 4886 Tabled by sponsor 3/2/04 Amends the Electronic Commerce Security Act. Provides that government agencies are authorized but not required to accept electronic signature technology. Requires a government agency that accepts electronic signatures to take adequate precautions to protect personal information. |
| H.B. 7046 Tabled by sponsor 3/2/04 Creates the Illinois Financial Information Privacy Act. Allows a consumer to direct a financial institution to not share the nonpublic personal information with affiliated companies or with nonaffiliated financial companies with which the financial institution has contracted to provide financial products and services. Does not restrict or prohibit the sharing of nonpublic personal information between a financial institution and its wholly owned financial institution subsidiaries or in certain other cases if both entities are regulated by the same functional regulator and are engaged in the same line of business, among other requirements. Requires the permission of the consumer before the financial institution may share the nonpublic personal information with other nonaffiliated companies. Provides that a financial institution shall not discriminate against or deny an otherwise qualified consumer a financial product or service because the consumer has not provided the necessary consent that would authorize the financial institution to disclose or share nonpublic personal information. Requires a financial institution to comply with the consumer’s request regarding nonpublic personal information within 45 days of receipt of the request. |
|
| S.B. 3175 Amends the Illinois Banking Act. Authorizes a bank to furnish information from customer financial records upon request by a law enforcement authority, the Department on Aging or one of its regional administrative or provider agencies, the Department of Human Services Office of Inspector General, or a public guardian. Provides that a bank or person furnishing such information is entitled to the same rights and protections as a person furnishing information under the Abuse of Adults with Disabilities Intervention Act. |
|
| Iowa | S.F. 2200 Establishes a criminal offense of unauthorized collection and disclosure of personal information by computer,and provides for a civil cause of action. |
| Kentucky | H.B. 140 Creates three new sections of KRS Chapter 365, relating to trade practices, to require businesses, when they dispose of customer records not required to be retained, to take reasonable steps to destroy the portions of the records containing personally identifiable information so that the personal information is unreadable or indecipherable; creates a civil cause of action for a customer who is injured and can claim damages because of the failure of a business to conform; and amends KRS 434.870, relating to disclosure of financial information, expands the definition of “person” to include any type of business entity. |
| Louisiana | H.B. 172 Prohibits any public employee or official from knowingly and willfully disclosing or disseminating or causing the disclosure or dissemination of any information about a natural person which is confidential or privileged pursuant to state or federal law and provides for enforcement and the payment of attorney fees, court costs, and damages in certain circumstances. |
| S.B. 417 Requires businesses to notify customers of a breach of security of their computerized data. |
|
| S.B. 677 Withdrawn 6/8/04 Prohibits a business, unless given express written consent, from disclosing customer information. “Customer information” includes the customer’s name, address, telephone number, or any other information which may identity a specific consumer. |
|
| Massachusetts | H.B. 295 Relates to the privacy rights of certain customers of financial institutions; makes provisions regarding the disclosure of nonpublic personal information to affiliates and nonaffiliated third parties and disclosure of personal information of persons who have ceased to be customers of such financial institutions; provides for required disclosure to the consumer. |
| H.B. 1209 Provides for an investigation by a special commission relative to the protection of privacy in the collection, storage, use and release of personal information and other related matters. |
|
| H.B. 1701 Relates to further regulating the use of personal information by insurance companies. |
|
| H.B. 1810 Relates to the privacy rights of certain customers of supermarkets. |
|
| S.B. 63 Relates to check cashing privacy. |
|
| S.B. 125 Restores control over the private information collected by retail discount cards. |
|
| Michigan | H.B. 6175 Passed House 9/29/04 S.B. 220 Passed House 9/29/04 Prohibits the expiration date and full account number from being printed on receipts. Prohibits a merchant from requiring a consumer to disclose his or her Social Security number as a condition to selling goods or providing a service to the consumer, unless the transaction includes an extension of credit to the consumer or disclosure is required by state or federal law. |
| H.B. 6169 Passed House 9/29/04 S.B. 797 Passed House 9/29/04 Amends the Code of Criminal Procedure to specify that the crimes of identity theft and of obtaining, possessing, selling, or transferring personal identifying information of another or falsifying a police report with intent to commit identity theft would have a statutory maximum term of imprisonment of five years. Both crimes would be Class E felonies against the Public Order. |
|
| S.B. 1492 Provides for immunity for the disclosure of personal information by a financial institution or law enforcement agency under certain circumstances. |
|
| Minnesota | H.F. 739 Indefinitely postponed 5/9/04 S.F. 568 Passed Senate 5/7/03 Relates to data practices; classifies and regulates the access to, use, release, and sharing of certain government, financial, and consumer data, personal information, Social Security numbers, and other data; provides for award of attorney fees and other remedies under certain conditions. |
| Missouri | H.B. 1248 Prohibits government agencies from employing a person with a criminal record in any position that would have access to personal records with unique personal identifiers including mailing addresses, telephone numbers, e-mail addresses, drivers’ license numbers, and Social Security numbers. |
| New Hampshire | H.B. 759 Failed to pass House 1/7/04 Requires an insurance licensee to obtain certain authorization before disclosing nonpublic personal health and financial information about consumers or customers. Grants the insurance commissioner rulemaking authority to administer the provisions of the bill. |
| New Jersey | A.B. 757 Allows a financial institution to disclose information relative to an electronic fund transfer account to a third party when the disclosure is permitted by the privacy provisions of the federal Gramm-Leach-Blilely Act and the regulations adopted pursuant thereto. If required by federal law, a financial institution that shares nonpublic personal information with nonaffiliated third parties must provide consumers with an opt-out notice and a reasonable period of time for consumers to opt out of the sharing of the information pursuant to federal law and regulation. The bill is retroactive to July 1, 2001, which coincides with the effective date of compliance with the applicable federal regulations. |
| A.B. 832 S.B. 362 Protects the privacy of an individual’s financial information by prohibiting disclosure without the prior informed, affirmative consent of the consumer. Requires such consent before a financial institution may disclose information to affiliated or unaffiliated third parties. Requires financial institutions to adopt fair information practices when selling or disclosing confidential consumer information and provides that a violation of the bill, or of a company’s privacy policy, constitutes consumer fraud. |
|
| A.B. 1080 Requires that a financial institution that discovers or reasonably should discover that a consumer’s nonpublic personal information maintained by the financial institution was compromised in any way shall promptly notify the consumer of the breach of the security or confidentiality of the information. In addition to promptly notifying a consumer of the security compromise, a financial institution is required to provide assistance to the consumer to remedy any such compromise; to reimburse the consumer for any losses the consumer incurred as a result of the compromise of the security or confidentiality of such information; and to provide information concerning the manner in which the consumer can obtain assistance. However, a financial institution may delay notifying a consumer of the compromise of the security or confidentiality of the information at the request of a law enforcement agency investigating such violation for a period determined by the law enforcement agency performing the investigation. Additionally, if an issuer of credit receives a request for an additional credit card for an existing cardholder no later than 30 days after receiving a change of address for the cardholder, the issuer of credit is required to notify the cardholder of the request at the new address and former address no later than five days after sending the additional card to the new address. The issuer of credit shall also provide the cardholder with a means of promptly reporting incorrect changes. Any violation of this bill shall be punished under either N.J.S.A.56:11-38 or N.J.S.A.56:11-39, or both. |
|
| A.B. 1831 Requires a financial institution to notify the account holder in writing anytime a financial institution discloses that information to a third party under certain limited circumstances. |
|
| A.B. 1982 Establishes guidelines by which a business may discard or dispose of business documents containing personal information. A business may not discard a record containing personal information unless it: (1) shreds the customer’s record before discarding the record, or renders the record unreadable or irretrievable before discarding the device which contained the record; (2) erases the personal information contained in the customer’s record before discarding the record; (3) modifies the customer’s record to make the personal information unreadable before discarding the record; or (4) takes actions that it believes reasonable, and that is in conformance with industry standards, if any, to ensure that no unauthorized person will have access to the personal information contained in the customer’s record for the period between the record’s disposal and the record’s destruction. Any person may file a complaint with the county prosecutor or the attorney general alleging a violation of this bill. A complaint filed under this bill shall be promptly investigated, and if the complaint is determined to be credible by the county prosecutor or attorney general, an action to initiate a hearing shall be filed in the Superior Court. Any person who knowingly violates the provisions of this bill shall be fined $100 for the first offense and no less than $100 nor more than $500 for any subsequent offense, recoverable by the state by a summary proceeding under the “Penalty Enforcement Law of 1999.” The Superior Court shall have jurisdiction to enforce the penalty upon complaint of the attorney general or the county prosecutor. Notwithstanding any provision of this bill, it shall be an affirmative defense to the wrongful disposing of or discarding of a customer’s record that contains personal information if the business can show that it used due diligence in its attempt to properly dispose of or discard such records. |
|
| A.B. 2048 Requires a business to take all reasonable steps to destroy customer records within its control containing personal information which is no longer to be retained by the business. The customer records shall be destroyed by shredding, erasing, or otherwise modifying the personal information to make them unreadable or undecipherable through any means. In addition, any business that conducts business in New Jersey and owns or licenses computerized data that includes personal information must disclose any breach of the security of the computer system within 15 days to any customer who is a resident of New Jersey whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. However, the disclosure may be delayed if a law enforcement agency determines that notification will impede a criminal investigation. Any business that maintains computerized data that includes personal information that the business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. For purposes of this bill, notice may be written or electronic. If the business demonstrates that the cost of providing notice would exceed $250,000, or that the affected class of subject persons to be notified exceeds 500,000, or the business does not have sufficient contact information, it may provide substitute notice, which must consist of all of the following: (1) e-mail notice when the business has an e-mail address; (2) conspicuous posting of the notice on the Web site page of the business, if the business maintains one; and (3) notification to major statewide media. However, a business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of the bill, shall be deemed to be in compliance with the notification requirements of this bill if the business notifies subject persons in accordance with its policies in the event of a breach of security of the system. Finally, a violation of any provisions of this bill shall be an unlawful practice subject to the penalties applicable to a violation of the consumer fraud law pursuant to N.J.S.A. 56:8-13. Under N.J.S.A. 56:8-13, any business who violates any of the provisions of this bill, in addition to any other penalty provided by law, shall be liable to a penalty of not more that $10,000 for the first offense and not more than $20,000 for the second and each subsequent offense. |
|
| A.B. 2074 S.B. 493 Enacts the “New Jersey Financial Information Privacy Act,” which would require a financial institution to provide a specified written form to a consumer relative to the sharing of the consumer’s nonpublic personal information and, instead to permit consumers to “opt in” to allow the sharing of such information. Does not restrict or prohibit the sharing of nonpublic personal information between a financial institution and its wholly owned financial institution subsidiaries or entities that are regulated by the same functional regulator and are engaged in the same line of business. Provides that a financial institution shall not discriminate in offering or denying an otherwise qualified consumer a financial product or service because the consumer has not provided the necessary consent that would authorize the financial institution to disclose or share nonpublic personal information and requires a financial institution to comply with the consumer’s request regarding nonpublic personal information within 45 days of receipt of the request. Provides specified requirements that must be met for the financial institution to disclose a consumer’s nonpublic personal information. Provides that nonpublic personal information may be released in order to identify or locate missing children, witnesses, criminals and fugitives, parties to lawsuits, and missing heirs and that it would not change existing law regarding access by law enforcement agencies to information held by financial institutions. Provides various civil penalties for negligent, or knowing and willful violations of its provisions. |
|
| A.B. 2130 Prohibits financial institutions from disclosing a customer’s personal information without that customer’s consent to nonaffiliated third parties, and, even with the customer’s consent, limits disclosure to the customer’s current name, address and phone number. Makes exceptions for certain circumstances, however, such as where disclosure is required by state or federal law, or is necessary to assist the customer or protect the institution’s legal interests. Provides for a penalty of up to $500 for each violation of the disclosure prohibitions. |
|
| A.B. 2447 S.B. 1210 Corrects an inconsistency resulting from the recent enactment of two laws, both of which provided definitions of “personal identifying information.” P.L.2002, c.85 deleted the definition of “personal identifying information” found in the state’s impersonation and theft of identity statute, N.J.S.2C:21-17, and replaced it with a comprehensive definition of the term in N.J.S.2C:20-1 that would apply to all crimes in chapters 20 and 21 of Title 2C of the New Jersey Statutes. But P.L. 2003, c.39 cross-referenced the definition of “personal identifying information” that had been deleted in N.J.S.2C:21-17, while also adding certain computer specific language to the definition. Resolves the inconsistency created by the passage of these two laws by placing the additional computer specific language within the definition of “personal identifying information” in the comprehensive definition section of N.J.S.2C:20-1. |
|
| A.B. 2683 S.B. 1169 Protects the privacy of customers of financial institutions in the state. Mandates that financial institutions send each customer an annual notice that clearly and conveniently offers the customer the opportunity to prohibit disclosure of nonpublic personal information to nonaffiliated third parties, except in certain circumstances, such as where disclosure is required by state or federal law, or is necessary to assist the customer or protect the institution’s legal interests. |
|
| S.B. 370 Provides for regulation by the director of the Division of Consumer Affairs in the Department of Law and Public Safety of inbound call centers, which receive telephone call or electronic mail messages from callers. Provides that an employee at an inbound call center operating in a foreign country shall not solicit any personal information, whether by telephone or by an electronic mail message unless the employee first informs the caller that disclosing that information to the employee is optional, and receives the affirmative consent of the caller to whom the information relates. Provides that any telephone call to an in-bound call center located in a foreign country shall be rerouted to a call center located in the United States, if such a request is made by the caller. As defined in the bill, “personal information” means any personally identifiable information that is provided by a person to an inbound call center, which shall include, but not be limited to, financial and credit information, or a name, address, telephone number or Social Security number. Violators of the bill’s provisions are subject to the provisions of the consumer fraud law, P.L.1960, c.39 (C.56:8-1 et seq.), which carries maximum penalties of $10,000 for the first offense and $20,000 for the second and subsequent offenses. |
|
| S.B. 1050 This bill, the “New Jersey Online Privacy Protection Act,” regulates disclosure of personal information collected by a website or online service. Under the provisions of the bill it would be an unlawful practice under the New Jersey consumer fraud act, P.L.1960, c.39 (C.56:8-1 et seq.), to collect, use or disclose personal information in violation of the regulations adopted pursuant to the act. The provisions of the bill apply to individuals of age 18 and above. The Division of Consumer Affairs in the Department of Law and Public Safety would adopt regulations requiring the operator of a website or online service to provide notice, in a clear and conspicuous manner, of the identity of the operator, what personal information is collected by the operator, how the operator uses such information, and what information may be shared with other companies. The operator would also be required to provide a meaningful and simple online process for individuals to consent to or limit the disclosure of personal information for purposes unrelated to those for which that information was obtained or described in the notice. The regulations provide an individual access to the personal information the website or online service has collected. The regulations require the operator of a website or online service to establish and maintain reasonable procedures to protect the confidentiality, security and integrity of personal information the operator collects and maintains. The regulations permit an operator of a website or online service to terminate service to an individual who has refused to permit the operator’s further use or maintenance in retrievable form, or future online collection of, personal information from that individual. A person who violates the provisions of the consumer fraud act is liable to a penalty of not more than $7,500 for the first offense and not more than $15,000 for the second and each subsequent offense. |
|
| New Mexico | H.B. 309 Passed House Defines terms in the Public Records Act; provides for confidential records retention; provides for access to confidential records, including confidential personal identification information, at the end of a records retention and disposition schedule period or other period. |
| H.B. 408 Prohibits utilities from selling or disclosing customer’s nonpublic personal information. |
|
| H.B. 596 Prohibits current and former Taxation and Revenue Department employees from disclosing trade secrets, customer information, proprietary information and certain commercial and financial information. |
|
| New York | A.B. 397 Enacts the “Electronic Fund Transfer Privacy Act”; provides privacy protection for consumer engaging in electronic fund transfer transactions by limiting disclosure of personal information about any consumer involved in such and limiting the circumstances in which government authority may get such information; outlines procedures and limitations for obtaining such information and civil and criminal penalties for violations. |
| A.B. 834 S.B. 3676 Prohibits bankers from selling or otherwise making available a consumer’s credit card, social security or bank account number to a third party except as specifically provided for herein; authorizes an action for injunctive relief and for damages for violations; permits recovery of attorneys’ fees therein; provides for enforcement by the attorney general. |
|
| A.B. 869 Makes provisions for privacy in banking, insurance, and other financial transactions, forbidding disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information; provides for enforcement by the attorney general and authorizes private actions. |
|
| A.B. 2148 S.B. 607 Provides that no person, firm, partnership, corporation or association may sell, rent, exchange or in any other way release personal identification information to other persons and/or affiliates for their commercial purposes without the express written permission of the data subject; imposes civil monetary penalties for violations of such offense and authorizes the attorney general to issue an injunction against such defendant. |
|
| A.B. 2505 S.B. 2115 Enacts the “Personal Privacy Act of 2004” to comprehensively enhance, preserve, and protect the right of personal privacy; enacts a telecommunications privacy act; significantly expands upon present legal protections; includes use of voice, actual performance, identity, nickname, or objects in protections; regulates unsolicited electronic and other advertisements; establishes duty to maintain the confidentiality of health information; regulates collection, use, or disclosure of information by telecommunications carriers. |
|
| A.B. 2837 Passed Assembly 3/10/04 S.B. 3195 Grants consumers the option to prohibit the rental, sale, exchange or other availability of personal information possessed by an issuer of a credit card, charge card or debit card; requires notice of such option be given to cardholders by credit card, charge card and debit card issuers in existing bill mailings and in credit card and debit card agreements and renewals thereof; limits any effect on credit card registration services. |
|
| A.B. 3131 Prohibits any person from disclosing health care information or personal information to a person who engages in the business of accessing and compiling information for commercial purposes or whose use of such information will be in connection with the marketing of a product or service without the explicit written authorization of the data subject. |
|
| A.B. 3787 Regulates the collection, disclosure and dissemination of personal information acquired by a provider of on-line computer services in order to ensure the privacy of subscriber information and wage patterns. |
|
| A.B. 4093 Prohibits the dissemination of certain personal information, including but not limited to, names, addresses, children and bank accounts, when such information relates to a petition for guardianship. |
|
| A.B. 4385 Enacts New York State Internet Privacy Law to which operators of Web sites may voluntarily be subject; limits disclosure of personal information to those submitting to the law by publicizing that they comply with such law; provides for enforcement. |
|
| A.B. 5153 Passed Assembly 6/4/03 S.B. 4557 Makes unsolicited electronic mail advertising unlawful unless certain information is provided by the sender, including the sender’s name and street and e-mail address; prohibits sale, lease or exchange of certain personal identifying information obtained online without the knowledge and affirmative consent of the consumer; makes provisions for penalties for violations. |
|
| A.B. 5157 Prohibits the use of inmate labor to access, collect or process personal information relating to a natural person residing in this state; provides for a civil penalty of not more than $1,500 for a first violation and not more than $2,500 for a second or subsequent violation. |
|
| A.B. 5169 S.B. 3638 Requires that banking institutions provide forms to senior citizen customers whereby a third person may be designated to receive a copy of any notice or information pertaining to the investments or accounts of such customer; for purposes of these provisions senior citizen means a person 62 years of age or older. |
|
| A.B. 6127 Imposes the same standards with respect to issuance of a subpoena upon a retail establishment or retailer which sells written material as currently applicable to libraries; keeps records and receipts of customer purchases created during the ordinary course of business by retail establishments and retailers of written materials which contain names, credit card information, checking account numbers or other personally identifying details confidential, except when pursuant to a subpoena, court order or where otherwise required by statute. |
|
| A.B. 6576 Passed Assembly 2/23/04 S.B. 3192 Restricts insurers from demanding intrusive personal, financial and tax information from insureds as a standard practice in processing ordinary theft claims where no special circumstances warranting a demand for such information exists. |
|
| A.B. 7489 Relates to regulating the use and dissemination of confidential customer information by financial institutions; prohibits the disclosure of financial information without the informed consent of the customer to whom the information relates; establishes the basic privacy rights for financial information; authorizes attorney general enforcement; imposes civil penalties; allows a private cause of action. |
|
| A.B. 8031 S.B. 5011 Provides for the protection of confidential personal information collected and distributed by individual reference services providers or marketing list brokers; establishes exclusion lists, penalties and grounds for civil liability. |
|
| A.B. 9184 S.B. 6517 Requires any state agency or business which owns or licenses a computerized database which includes vulnerable personal information shall disclose any breach of security of such system to any resident of New York state whose unencrypted personal information may have been acquired by an unauthorized person; provides enforcement provisions. |
|
| A.B. 9220 S.B. 6017 Enacts the Financial Information New York Privacy Act to require that financial institutions obtain consent from consumers prior to disclosing nonpublic personal information; defines terms and sets penalties. |
|
| A.B. 9326 Relates to regulating the use and dissemination of confidential customer information by financial institutions; prohibits the disclosure of financial information without the informed consent of the customer to whom the information relates; establishes the basic privacy rights for financial information; authorizes attorney general enforcement; imposes civil penalties; allows a private cause of action. |
|
| A.B. 9431 S.B. 6615 Enacts the Personal Information Protection Act, requiring disclosure of breaches of security of data systems of business entities to affected persons; provides for administration by the Department of State; requires use of best available technology to detect breaches of security; provides for a private right of action. |
|
| A.B. 10070 S.B. 7122 Authorizes the superintendent of Banks to audit the international administrative offices of banking organizations doing business in this state which process personal information from customers for the purposes of enforcing privacy protections. |
|
| A.B. 10295 S.B. 7121 Requires any banking institution that owns or licenses data that includes personal identifying information to disclose any breach of security following discovery or notification of such breach to any person whose personal identification was, or is reasonably believed to have been, acquired by an unauthorized person; defines personal identifying information and breach of security. |
|
| A.B. 11012 S.B. 6739 Requires notice to residents when a computerized database security breach releases personal information. |
|
| S.B. 256 Requires every entity providing goods or services to customers and which hold records containing personal information on such entity’s customers, to destroy such records prior to discarding the records; defines “personal information”; imposes a civil fine of not more than $100 for each violation thereof. |
|
| S.B. 600 Enacts New York State Internet Privacy Law to which operators of Web sites may voluntarily be subject; limits disclosure of personal information to those submitting to the law by publicizing that they comply with such law; provides for enforcement. |
|
| S.B. 1100 Enacts the “Internet Privacy Policy Act”; prohibits disclosure by any state agency of the personal information, including credit card numbers, of any subscriber to an interactive computer service operated by such an agency without the consent of such subscriber; direct the office for technology to establish an on-line privacy notice relating to such provisions. |
|
| S.B. 1950 Restricts the right of certain utility corporations to sell or otherwise distribute information concerning residential customers, subscriber names and addresses subjecting the same to regulations by the public service commission; prohibits such utility from disclosing and marketing certain other information about its customers; permits a violated customer to bring an action against such utility and imposes a fine of not more than $500 for a violation. |
|
| S.B. 2544 Provides that banking institutions in New York State may release customer information in the following manner; (a) to the actual customer or authorized agent, or (b) unless a customer affirmatively and in writing prohibits the release, to a subsidiary or affiliate of the banking institution, or, (c) to any other persons or entities if the customer information intended to be released consists only of customer identification, (e.g. name or address of customer) and/or is recorded in public records; defines the term “customer information” to mean account records and any other information constructed from those records relating to the customer’s relationship with the institution. |
|
| S.B. 2713 Creates a nine member privacy task force within the state Office for Technology to conduct ongoing review of state and local laws, regulations and practices with respect to the compilation, protection and dissemination of “personal information”; provides for composition of the task force and for annual reports to the governor and the legislature. |
|
| S.B. 3637 Enacts the consumer privacy act to protect the personal privacy of individuals and families who choose to retain such privacy without unreasonably restricting the ability of commercial entities to collect and use information necessary to conduct business or as is permitted by the subject of such information: defines terms; prohibits wrongful disclosure of protected personal information with certain exceptions; provides for civil liability for wrongful disclosure; authorizes the attorney general to bring enforcement action for injunction and penalties; limits time period in which such an action may be brought. |
|
| S.B. 4150 Prohibits the disclosure of personal information on consumers by banking organizations to third parties without providing notice in plain language to the consumer in writing or electronic form. |
|
| S.B. 6935 Enacts the New York Consumer and Worker Protection Act; requires employers to provide notice of the outsourcing of jobs prior to such outsourcing; prohibits any governmental agency from engaging in the practice of outsourcing jobs; requires consumers be made aware and provide consent if such consumers nonpublic personal information is disclosed to nonaffiliated third parties by any corporation or other business entity; requires ratification by the legislature of procurement contracts between the state, through the governor, and any multinational trade organization or corporation; and defines applicable terms. |
|
| S.B. 7328 Provides privacy protection for voter registration records; prohibits sale or other dissemination of records or information contained in such records if use of such information would promote identity theft, fraud or otherwise invade privacy. |
|
| Ohio | H.B. 459 Establishes restrictions related to work performed outside the United States or by noncitizens with regard to state contracts, economic development assistance, employment termination notices, telephone and internet sales, and consumer financial information being sent overseas without consent. |
| Oklahoma | H.B. 1680 Provides exemption from Open Records Act for private financial account information. |
| S.B. 552 Relates to insurance; relates to nonpublic personal information; specifies language to be included on certain form; provides exception. |
|
| S.B. 1563 Relates to insurance; relates to nonpublic personal information; updates statutory references; prohibits the sale of certain information. |
|
| Pennsylvania | H.B. 257 Provides for privacy protection for customer information. |
| H.B. 885 Adds provisions relating to privacy protection for customer information of financial transactions; defines the offense of public or private grant solicitation; and imposes penalties. |
|
| S.B. 705 Passed Senate 3/23/04 Includes false or misleading statements in a privacy policy, published on the Internet or otherwise distributed or published regarding the use of personal information submitted by members of the public as a deceptive or fraudulent business practice. |
|
| South Carolina | H.B. 4434 Provides that an expenditure of state funds under contract through a governmental body for telemarketing services requires contract provisions that the services must be performed in the United States and that only United States citizens and persons authorized to work in the United States may be employed; and provides for disclosure of certain information from a consumer sales or service call centers; prohibits the financial, credit, or identifying information of a person being sent to any foreign country without express written permission of that person. |
| Tennessee | H.B. 3325 S.B. 3357 Requires the department of safety to include insurance information on accident report forms and forbids any state agency from selling personal information from a completed accident report. |
| H.B. 3351 S.B. 3222 Prohibits Tennessee Student Assistance Corporation from requiring student applying for postsecondary financial assistance from lottery proceeds to provide financial information unless such student is applying for assistance limited to low-income students. |
|
| Utah | S.B. 127 Enacting clause struck 3/3/04 Modifies the Criminal Code by making it illegal for persons to sell, give, or receive government records containing personal information. |
| Vermont | S.B. 174 Proposes to ensure that a customer’s record containing personal information held by a business will be properly discarded. |
| Washington | H.B. 2351 Requires contact center employees, upon request, to identify their employer’s identity and location. Prohibits contact center employees in foreign countries from soliciting personal information from another party without the other party’s disclosure and consent. Requires that, upon request, communications with contact centers in foreign countries be rerouted to the United States. Makes violations of these provisions unfair acts for purposes of applying the state Consumer Protection Act. |
| H.B. 3186 Finds that consumer rights when dealing with contact centers need greater protection. Consumers have a right to know who they have contacted, to know where they are located, to receive truthful information, and to engage in secure financial transactions. Establishes standards governing contact centers to strengthen consumer rights to choose, to be informed, and to protect the privacy and security of their personal information. |
|
| S.B. 6528 Provides that personal identifiers and lists of students or alumni may not be shared, given, provided, or sold to organizations, corporations, or other business entities for the purpose of marketing goods and services, unless specifically authorized by a majority vote of the students or alumni. |
|
| West Virginia | H.B. 4021 S.B. 152 Prevents the disclosure of personal information, including debit and credit card numbers, of state employees and officers, and their dependents. |
| S.B. 138 Relates to nondisclosure of personal information, including employees’ credit and debit numbers, maintained by the state. |
|
| S.B. 151 Prohibits the Division of Motor Vehicles’ sale of personal information for bulk distribution. |
|
| Wisconsin | A.B. 83 |
Failed to pass pursuant to Senate Joint Resolution 1 3/31/04
Prohibits a person (which includes a corporation) from selling information about Wisconsin residents that is obtained from credit card transaction records. Provides for certain exceptions from this prohibition. First, the bill excepts disclosures to credit reporting agencies for the purpose of preparing a credit report and disclosures by credit reporting agencies. Contains certain exceptions for disclosing information to affiliates of the person making the disclosure and to contractors or agents of the issuer for the purpose of performing functions for or on behalf of the issuer. Persons violating the disclosure provisions created in the bill are subject to a forfeiture of not more than $10,000 for each violation. Authorizes the Department of Justice to bring actions in circuit court to enjoin violations of the disclosure provisions. S.B. 309
Failed to pass pursuant to Senate Joint Resolution 1 3/31/04
Generally prohibits any financial institution from disclosing personal, financial information relating to a customer of the financial institution, unless the customer “opts in” or consents to the disclosure. The bill specifies numerous exceptions to this prohibition.
Leave a Reply