A Preferable Privacy Law

That giant sucking sound you hear around your personal financial information is not an illusion.

Only a few years ago, banks had to keep the lid on what they knew about your checking or savings account. Since Congress passed the Financial Services Modernization Act in 1999, however, the “financial supermarkets” created by the merger of banks, insurance companies and brokerage firms have been allowed to share any and all data within their dubiously named “families” with virtually no restrictions. They can merge customer data from several sources and even sell it to third parties.

Among the most frightening examples of this is the Orwellian Medical Information Bureau, a central database on about 15 million Americans and Canadians. More than 750 insurance firms use the database to obtain hospital and doctors’ office records, which are used to screen life and health insurance policy applicants.

Widespread sharing of private information helps explain the growth in identity theft, up 500% since the late ‘90s.

In the last three years, Sen. Jackie Speier (D-Hillsborough) has sponsored legislation that would require financial companies to obtain consumers’ permission before sharing or selling their personal data. Each year, Speier’s bills have been defeated by banks, insurers and securities houses. This time, opponents will be hurting only themselves if they lobby against Speier’s SB 1.

Unlike similar previous bills, SB 1 is co-authored by one of the Legislature’s most powerful leaders, Senate President Pro Tem John Burton (D-San Francisco). If the Legislature fails to embrace it, momentum is expected to build for local privacy ordinances such as those recently passed in San Mateo, Contra Costa, Alameda, Santa Cruz and Solano counties. The San Francisco Board of Supervisors is expected to approve one Monday that would forbid financial companies to sell or trade confidential personal information without the customer’s written consent. Consumer groups also have said that should SB 1 fail, they will put a sweeping privacy measure on the 2004 ballot.

SB 1 would preempt local ordinances. As Mark Lowe, a spokesman for the California Credit Union League, put it: “A statewide standard would be far preferable to [the current] patchwork of local laws. It would be much, much easier for all financial institutions to live with.”

Speier has made reasonable compromises. Last year, for instance, she agreed to revise her bill to allow some relatively innocuous data sharing, such as letting auto insurers switch a customer from a high-risk group to a low-risk group without first obtaining that customer’s permission.

Banks may try to kill SB 1 by suggesting it could hurt the economy, a potential death blow in the current deficit crisis. Opponents should realize that would amount to a suicide pact. A bill like Speier’s is the companies’ best hope of avoiding dozens of conflicting laws, a swamp of litigation and a ballot measure dictated by consumers who are mad as hornets.