Monday, June 20, 2005
on California's Financial Privacy Law
SAN FRANCISCO, CA – In a lawsuit challenging California’s landmark financial privacy law, the 9th Circuit Court of Appeals today rejected the assertions by national banks that states have no authority to restrict financial institutions from sharing information about customers with affiliated companies. While the 9th Circuit overturned a lower court ruling that no part of the California law restricting affiliate information sharing was displaced by federal law, the decision suggests that states can limit financial institutions from sharing with affiliates certain kinds of information about customers. The case has been sent back to the District court for further proceedings.
“The court declined to issue the sweeping ruling against California’s financial privacy law that was sought by the banks,” said Gail Hillebrand, Senior Attorney with Consumers Union’s West Coast Office. “Today’s decision recognizes that Congress did not take away all of California’s ability to protect its citizens’ financial privacy when it comes to affiliate information sharing.”
In American Bankers Association vs. Bill Lockyer, the court held that federal Fair Credit Reporting Act prevents states from restricting financial institutions from sharing when the information is of the type that would constitute a credit report if shared with a third party and that information is used, expected to be used, or collected for the purpose of determining eligibility for credit, insurance, employment, and other FCRA purposes. The 9th Circuit has remanded the case to the District Court to determine which parts of the California law covering affiliate information sharing remain intact.
Current federal law gives consumers no ability to stop the sharing of personal information between financial institutions and their affiliates and leaves consumers vulnerable to identity theft. Some financial institutions have thousands of “affiliates” and routinely share with them such information as customers’ Social Security numbers, account balances, and spending habits without any restriction.
California’s landmark financial privacy law went into effect in July 2004. The American Bankers Association challenged the provision of the law which gave consumers the right to opt out of affiliate information sharing. Other provisions of the law went unchallenged by the lawsuit and will remain in effect regardless of the ultimate outcome of the lawsuit. For example, the law requires financial institutions to get permission first before sharing or selling their California customers’ private information with most unaffiliated, outside companies (known as an “opt-in” right for consumers). The law imposes penalties of $2,500 per violation of the law, with a cap of $500,000 for negligent violations. There is no cap for knowing and willful violations of the law.
Financial institutions who sell information or share it with unaffiliated, outside companies also must inform consumers of this right in a user-friendly and understandable form so they can more easily exercise their rights. Independent reviews of financial institution privacy notices have revealed that most current notices are written in complicated language that the average consumer finds difficult to understand. California’s law requires notices to be written in simple language and sent in envelopes that are marked “Important Privacy Notices.”
“Californians have made it clear that they are fed up with big banks, insurance companies, and other financial institutions that profit by sharing and selling their customers’ private information,” said Hillebrand. “We look forward to the California Attorney General vigorously defending the affiliate information sharing provisions of the law in the trial court.”
For More Information:
Gail Hillebrand - 415-431-6747