BILL ANALYSIS

 

 

Senate Research Center                                                                                                        S.B. 224

80R820 ATP-D                                                                                                                     By: Ellis

                                                                                                                        Business & Commerce

                                                                                                                                              4/2/2007

                                                                                                                                              As Filed

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

The sale of consumers' private financial information to third party entities by a financial institution can facilitate identity theft.  Under federal law, if a financial institution provides this information to a third party, the institution must give the customer the opportunity to exercise the nondisclosure option to prevent such a release under the Gramm-Leach-Bliley Act (15 U.S.C. Section 6802).  The Act also requires, at the time of establishing a customer relationship with a consumer and at least annually during the continuation of such relationship, the institution to provide a clear and conspicuous disclosure of its privacy policies to the customer.

 

As proposed, S.B. 224 prohibits financial institutions from selling a consumer's financial information to a non-affiliated third party, such as a bank, savings and loan company, credit union, or trust company.  The bill also requires institutions to provide written privacy notices to consumers with whom they conduct business and prohibits institutions from requiring consumers to authorize the sale of their information as a condition of doing business with the institutions.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1.  Amends Subtitle Z, Title 3, Finance Code, by adding Chapter 279, as follows:

 

CHAPTER 279.  SALE OF CONSUMER'S FINANCIAL INFORMATION

 

Sec. 279.001.  DEFINITIONS.  Defines "affiliate of a financial institution," "consumer," "financial information," and "financial institution."

 

Sec. 279.002.  AUTHORIZATION REQUIRED FOR SALE OF FINANCIAL INFORMATION.  Permits the sale of a consumer's financial information by a financial institution only if the individual consumer authorizes the sale as provided by this chapter.  Authorizes a financial institution to sell such information to its affiliates without consumer authorization.  Permits an affiliate to sell a consumer's financial information only if the individual consumer authorizes the sale as provided by this chapter.

 

Sec. 279.003.  PRIVACY NOTICE AND AUTHORIZATION FOR SALE.  (a)   Requires a financial institution to provide a written privacy notice to consumers with whom they are conducting business.

 

(b)  Requires the notice to inform the consumer of the prohibition on the unauthorized sale of the consumer's financial information and to provide a form that the consumer may sign and return to the institution to provide such authorization.

 

(c)  Authorizes a financial institution to sell a consumer's financial information only after it receives the form authorizing the sale of the information.

 

(d)  Provides that a financial institution that does not sell a consumer's financial information to a person other than an affiliate of the institution is not required to provide a notice to a consumer under this section.

 

Sec. 279.004.  WITHDRAWAL OF AUTHORIZATION FOR SALE OF INFORMATION.  Permits consumers who have given authorization to sell their financial information at any time to withdraw the authorization in writing.  Provides that the effective date of the withdrawal of an authorization is the date on which the financial institution receives the withdrawal.

 

Sec. 279.005.  JOINT RELATIONSHIPS.  Authorizes a financial institution to provide a notice to one or all of the involved consumers if two or more consumers jointly obtain a financial product or service.  Authorizes a financial institution to sell any financial information relating to jointly obtained products or services if a consumer authorizes the sale of that particular consumer's information, but prohibits the sale of information relating to other consumers who have obtained the product or service jointly with the first consumer but who have not authorized the sale of their information. 

 

Sec. 279.006.  FINANCIAL INSTITUTION MAY NOT REQUIRE AUTHORIZATION.  Prohibits a financial institution from requiring a consumer's authorization for the sale of the consumer's financial information as a condition of doing business with the institution.  Makes a consent or waiver obtained from a consumer, as a condition of doing business with a financial institution, invalid.

 

Sec. 279.007.  LIABILITY.  Sets forth the liability amounts for a person who intentionally violates this chapter.

 

SECTION 2.  Requires a financial institution to provide to its customers a notice, as provided by Section 279.003, Finance Code, not later than 60 days after the effective date of this Act.  Prohibits financial institutions from selling consumers' financial information after the 180th day of the effective date of this Act unless authorized by the individual consumer.  Defines the date on which a sale occurs for purposes of this subsection.

 

SECTION 3.  Effective date: upon passage or September 1, 2007.