Judge Upholds State’s Financial Privacy Law
A state law regulating how financial institutions can share consumer data will take effect today as scheduled, after a judge ruled Wednesday that federal laws didn’t prevent California from implementing stronger consumer protections.
Several banking associations had challenged key provisions of California’s financial privacy law, saying federal law trumps the state’s restrictions on sharing customer information with affiliated businesses.
U.S. District Judge Morrison C. England Jr. disagreed with the three trade groups -- the American Bankers Assn., the Financial Services Roundtable and the Consumer Bankers Assn. -- and dismissed their lawsuit.
The three groups had argued the federal Fair Credit Reporting Act, reauthorized in December, lets banks and other financial institutions share information with their affiliates about customers’ “creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living.”
England ruled that the Fair Credit Reporting Act covered only the sharing of information for credit reports and not financial privacy. The federal Graham Leach Bliley Act, which was crafted to govern financial privacy, allows states to enact stricter rules, England said.
The ruling was “an important victory for California consumers,” said California Atty. Gen. Bill Lockyer, “and one that places the interest of personal privacy over corporate profits.”
Messages left for the three trade groups were not immediately returned.
The California law requires banks to give consumers the opportunity to bar the sale of information to an affiliate that isn’t in the same line of business. For example, the state law says a bank can’t pass on information about a customer to an insurance company owned by the same corporation if that customer objects.
The law’s author, Sen. Jackie Speier (D-Hillsborough), has said the federal law governing the sharing of financial information allows states to go further in crafting privacy protection.
The law was passed after consumer groups threatened to take a stronger measure to voters.
Speier tried for four years to get a financial privacy bill approved, but earlier versions ran into heavy opposition from business groups, which spent millions to kill it.
The banks didn’t challenge other provisions of the law that require financial institutions to get permission from customers before sharing information, such as a customer’s bank balance or spending habits, with a nonaffiliated company -- commonly called an opt-in requirement.
The same requirement would apply to the sharing of customer information by two companies with a joint marketing agreement, such as a small bank that has a contract with another firm to offer its customers credit cards.
