C.S.H.B. 56 78(R) BILL ANALYSIS C.S.H.B. 56 By: Wise Financial Institutions Committee Report (Substituted) BACKGROUND AND PURPOSE Under current law and practice, financial institutions may share (or sell) their customers' private information with third parties unless the customer opts out of this practice. Many customers have relationships with a number of different financial institutions, and customers must opt out with each financial institution separately. Though financial institutions are required to provide customers with notices of their privacy rights, these are often included among a number of other documents, including billing statements and promotional materials. C.S.H.B. 56 requires a financial institution to clearly and conspicuously notify a customer, in a separate mailing, of the customer's ability to prevent the financial institution from disclosing information about the customer. RULEMAKING AUTHORITY It is the committee's opinion that rulemaking authority is expressly granted to the Texas Department of Banking, Savings and Loan Department, and Credit Union Department in SECTION 1 (Sec. 278.003, Finance Code) of this bill. ANALYSIS C.S.H.B. 56 amends Subtitle Z, Title 3 of the Finance Code by adding new Chapter 278 to establish a financial institution's obligations to notify its customers of their abilities to prevent the financial institution from disclosing customer information except under certain circumstances. Specifically, a financial institution may disclose customer information to a nonaffiliated third party if: _the financial institution has provided the customer the opportunity to prevent the disclosure as provided by the bill; _the disclosure is incidental to the third party's performance of a service or function for or on behalf of the financial institution; or _the disclosure is authorized by applicable federal law. A financial institution may not otherwise disclose customer information to a nonaffiliated third party. A financial institution intending to disclose customer information must clearly and conspicuously notify the customer (or the customer's legal representative) that information may be disclosed and that disclosure may be prevented. This notice must be in writing and mailed to the customer independently of any other communications. C.S.H.B. 56 establishes that a financial institution is liable to a customer whose information is disclosed in violation of the bill's provisions. At the option of the customer, liability is equal to $200 for each violation up to $20,000 or actual damages, plus attorney's fees. The bill makes a financial institution liable for punitive damages if the violation was intentional. The bill requires a financial institution regulatory agency of this state shall adopt rules to carry out the purposes of the bill by December 1, 2003. Such rules would become effective January 1, 2004, and the bill's provisions would apply to disclosures of information on or after that date. EFFECTIVE DATE September 1, 2003 COMPARISON OF ORIGINAL TO SUBSTITUTE The substitute deletes provisions relating to exemptions, prohibited disclosures, disclosure of unlawful activities, consent requirements, and reimbursement of costs. The substitute deletes the requirement that a customer provide written consent before a financial institution may disclose the customer's information and instead requires a financial institution to provide the customer with an opportunity to prevent disclosure of that customer's information. The substitute adds provisions allowing a financial institution to share information with nonaffiliated third parties during the performance of certain functions for the financial institution and as provided by federal law. The substitute adds the requirement that a financial institution mail the required written notice to a customer independently of any other communication it sends the customer. The substitute deletes the requirement that a customer prove a violation of the laws governing disclosure was intentional, and the substitute places liability upon the financial institution, not a person as in the original. The substitute changes the amount of liability to $200 per violation, up to a maximum of $20,000, from $1,000 in the original. The substitute expressly makes a financial institution liable for attorney's fees. The substitute makes a financial institution liable for punitive damages for an intentional violation of the bill's provisions. The substitute adds language requiring a financial institutions regulatory agency to adopt rules to carry out the bill's provisions no later than December 1, 2003. The substitute adds language providing that the bill governs disclosures of information made on or after January 1, 2004.