Bills to Shield Consumer Data Killed

Banks, insurance companies, stock brokers and other major financial institutions teamed up Wednesday to defeat legislation that would have enabled Californians to give consent before their personal information is shared with other businesses.

In a massive show of force, representatives of the financial services industry packed a hearing of the state Senate Finance, Investment and International Trade Committee to oppose a pair of bills aimed at protecting consumers against disclosure of private data, such as bank account balances, unless the companies obtained permission in advance.

A handful of consumer advocates, supported by California Atty. Gen. Bill Lockyer, unsuccessfully appealed to the committee for approval of the bills. They argued that Californians need extra protections, beyond those provided by a federal privacy law signed by President Clinton last year.

The committee defeated the bills by state Sens. Jackie Speier (D-Daly City) and Tim Leslie (R-Tahoe City), the committee chairman, despite last-minute amendments Leslie added to win the support of opponents.

Rejection of the two Senate bills (SB 1337 and SB 1372) also raised concerns about a similar privacy protection bill by Assemblywoman Sheila Kuehl (D-Santa Monica). Although the Kuehl measure is advancing in the Assembly, the Senate committee’s action suggests that her bill will face a hostile reception in the upper house.

Banks, insurance companies and securities firms want to maintain the authority to align themselves under the same corporate roof and share or sell personal data with each other without consent from consumers. In some cases, they also sell information to outside companies, unless a customer specifically instructs them not to do so.

Federal law requires financial institutions to notify consumers of their right to deny permission for information sharing with unaffiliated outside companies. But the “opt out” feature does not apply to affiliated companies, such as banks and life insurers that share the same corporate “family.”

In California, Speier said, a San Fernando bank sold 3.7 million credit card numbers to a convicted felon, who “then used the numbers to bilk cardholders out of millions of dollars.”

Under her bill, financial institutions would be required to obtain customer consent before release of private data, such as the account balance, home address, telephone number and other information that could be used to create a customer profile for another company.

Violators under Speier’s bill would face misdemeanor charges and the same civil penalties as violators of confidential medical records, with fines ranging from $1,000 to $250,000 for repeated violations.

“Your financial privacy is as important as your medical privacy,” she told the committee.

But representatives of banks and other financial institutions warned against California enacting a law that would be tougher than the federal statutes covering release of private data. They argued that the new federal law should be given more time to work.

Other industry witnesses indicated that a voluntary “opt in” choice might not be as convenient for customers and would have the effect of restricting a consumer’s ability to learn of new products and services.