| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to a consumer's option to prevent the sale of the |
|
|
consumer's financial information by a financial institution; |
|
|
providing a civil penalty. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subtitle Z, Title 3, Finance Code, is amended by |
|
|
adding Chapter 279 to read as follows: |
|
|
CHAPTER 279. SALE OF CONSUMER'S FINANCIAL INFORMATION |
|
|
Sec. 279.001. DEFINITIONS. In this chapter: |
|
|
(1) "Affiliate of a financial institution" means a |
|
|
person who controls, is controlled by, or is under common control |
|
|
with the financial institution. In this subdivision, "control" |
|
|
means the possession, directly or indirectly, of the power to |
|
|
direct or cause the direction of the management and policies of a |
|
|
person, whether through the ownership of voting securities, by |
|
|
contract, or otherwise. |
|
|
(2) "Consumer" means an individual resident of this |
|
|
state, or the legal representative of an individual resident of |
|
|
this state, who obtains a financial product or service for |
|
|
personal, family, or household purposes. |
|
|
(3) "Financial information" means information, other |
|
|
than information that a financial institution has a reasonable |
|
|
basis to believe is lawfully made available to the general public, |
|
|
obtained by a financial institution in connection with providing a |
|
|
financial product or service to a consumer, including: |
|
|
(A) information provided on an application for a |
|
|
loan, credit card, or other financial product or service; |
|
|
(B) account balance information; |
|
|
(C) payment or overdraft history; |
|
|
(D) credit or debit purchase information; |
|
|
(E) information that indicates whether an |
|
|
individual is or has been a consumer of a financial institution; |
|
|
(F) information obtained in connection with |
|
|
collecting on or servicing a loan; or |
|
|
(G) information from a consumer report. |
|
|
(4) "Financial institution" has the meaning assigned |
|
|
by Section 201.101. |
|
|
Sec. 279.002. AUTHORIZATION REQUIRED FOR SALE OF FINANCIAL |
|
|
INFORMATION. (a) A financial institution may sell a consumer's |
|
|
financial information to another person only if the consumer |
|
|
authorizes the sale of the information as provided by this chapter. |
|
|
(b) A financial institution may sell a consumer's financial |
|
|
information to an affiliate of the financial institution without |
|
|
the consumer's authorization. An affiliate who receives a |
|
|
consumer's financial information from a financial institution may |
|
|
sell the information only if the consumer authorizes the financial |
|
|
institution to sell the information as provided by this chapter. |
|
|
Sec. 279.003. PRIVACY NOTICE AND AUTHORIZATION FOR SALE. |
|
|
(a) A financial institution shall provide a written privacy notice |
|
|
to: |
|
|
(1) each consumer who is transacting business with or |
|
|
using the services of the financial institution; and |
|
|
(2) a consumer who begins a relationship with the |
|
|
financial institution at the time the financial institution first |
|
|
communicates in writing or in person with the consumer. |
|
|
(b) The privacy notice shall: |
|
|
(1) inform the consumer that the financial institution |
|
|
may not sell the consumer's financial information if the consumer |
|
|
does not authorize the sale of the information; and |
|
|
(2) provide a form that the consumer may sign and |
|
|
return to the financial institution to indicate that the consumer |
|
|
authorizes the financial institution to sell the consumer's |
|
|
financial information. |
|
|
(c) A financial institution may sell a consumer's financial |
|
|
information only after the financial institution receives the form |
|
|
authorizing the sale of the information. |
|
|
(d) A financial institution that does not sell a consumer's |
|
|
financial information to a person other than an affiliate of the |
|
|
financial institution is not required to provide a privacy notice |
|
|
to a consumer under this section. |
|
|
Sec. 279.004. WITHDRAWAL OF AUTHORIZATION FOR SALE OF |
|
|
INFORMATION. A consumer who has authorized the sale of financial |
|
|
information under Section 279.003 may at any time withdraw the |
|
|
authorization in writing. The withdrawal of an authorization is |
|
|
effective on the date the financial institution receives the |
|
|
withdrawal. |
|
|
Sec. 279.005. JOINT RELATIONSHIPS. (a) If two or more |
|
|
consumers jointly obtain a financial product or service, the |
|
|
financial institution may provide a privacy notice to one or all of |
|
|
the consumers. |
|
|
(b) If a consumer authorizes the sale of the consumer's |
|
|
financial information as provided by this chapter, the financial |
|
|
institution may sell any financial information relating to that |
|
|
consumer, including information relating to a jointly obtained |
|
|
product or service. |
|
|
(c) If a consumer who does not authorize the sale of the |
|
|
consumer's financial information as provided by this chapter |
|
|
jointly obtains a financial product or service with another |
|
|
consumer who has authorized the sale, the financial institution may |
|
|
sell only the financial information of the first consumer that |
|
|
relates to the jointly obtained product or service. |
|
|
Sec. 279.006. FINANCIAL INSTITUTION MAY NOT REQUIRE |
|
|
AUTHORIZATION. A financial institution may not require a |
|
|
consumer's authorization for the sale of the consumer's financial |
|
|
information as a condition of doing business with the financial |
|
|
institution. A consent or waiver obtained from a consumer as a |
|
|
condition of doing business with a financial institution is not |
|
|
valid. |
|
|
Sec. 279.007. LIABILITY. A person is liable to a consumer |
|
|
for an intentional violation of this chapter in an amount equal to |
|
|
the greater of: |
|
|
(1) $1,000; or |
|
|
(2) actual damages caused by the sale of the financial |
|
|
information. |
|
|
SECTION 2. (a) A financial institution shall provide each |
|
|
person who is transacting business with or using the services of a |
|
|
financial institution on the effective date of this Act a privacy |
|
|
notice as required by Section 279.003, Finance Code, as added by |
|
|
this Act, not later than the 60th day after the effective date of |
|
|
this Act. |
|
|
(b) A financial institution may not sell a consumer's |
|
|
financial information after the 180th day after the effective date |
|
|
of this Act unless authorized by the consumer under Chapter 279, |
|
|
Finance Code, as added by this Act. For purposes of this subsection, |
|
|
a sale occurs on the earlier of the date an enforceable agreement to |
|
|
sell information is made or the date the information being sold is |
|
|
disclosed. |
|
|
SECTION 3. This Act takes effect immediately if it receives |
|
|
a vote of two-thirds of all the members elected to each house, as |
|
|
provided by Section 39, Article III, Texas Constitution. If this |
|
|
Act does not receive the vote necessary for immediate effect, this |
|
|
Act takes effect September 1, 2007. |