BILL ANALYSIS |
|
C.S.H.B. 2129 |
|
By: Giddings |
|
Pensions, Investments & Financial Services |
|
Committee Report (Substituted) |
|
BACKGROUND AND PURPOSE
The sale of a consumer's private financial information to a third party entity by a financial institution can facilitate identity theft. Under the federal Gramm-Leach-Bliley Act, if a financial institution provides this information to a third party the institution is required to give the customer the opportunity to exercise the nondisclosure option to prevent such a release. The act also requires a financial institution to provide a clear and conspicuous disclosure of its privacy policies to a customer at the time of establishing the relationship with the customer and at least once a year during the continuation of such relationship.
C.S.H.B. 2129 prohibits financial institutions from selling a consumer's financial information to a nonaffiliated third party without the consumer's express authorization. The bill also requires institutions to provide written privacy notices to consumers with whom they conduct business or who use their services and prohibits institutions from requiring consumers to authorize the sale of their information as a condition of doing business.
|
|
RULEMAKING AUTHORITY
It is the committee's opinion that this bill does not expressly grant any additional rulemaking authority to a state officer, department, agency, or institution.
|
|
ANALYSIS
C.S.H.B. 2129 amends the Finance Code to authorize a financial institution to sell a consumer's financial information to another person only if the consumer authorizes the sale of the information. The bill authorizes a financial institution to sell a consumer's financial information to an affiliate of the financial institution without the consumer's authorization. The bill authorizes an affiliate who receives a consumer's financial information from a financial institution to sell the information only if the consumer authorizes the financial institution to sell the information.
C.S.H.B. 2129 requires a financial institution to provide a written privacy notice to each consumer who is transacting business with or using the services of the financial institution and to a consumer who begins a relationship with the financial institution at the time the financial institution first communicates in writing or in person with the consumer. The bill requires the privacy notice to inform the consumer that the financial institution is prohibited from selling the consumer's financial information if the consumer does not authorize the sale and to provide a form that the consumer may sign and return to the financial institution to indicate that the consumer authorizes the financial institution to sell the consumer's financial information. The bill authorizes a financial institution to sell a consumer's financial information only after the financial institution receives the form authorizing the sale. The bill exempts a financial institution that does not sell a consumer's financial information to a person other than an affiliate of the financial institution from being required to provide a privacy notice to a consumer. The bill authorizes a consumer who has authorized the sale of financial information to withdraw the authorization in writing at any time and makes the withdrawal of an authorization effective on the date the financial institution receives the withdrawal.
C.S.H.B. 2129 authorizes a financial institution, if two or more consumers jointly obtain a financial product or service, to provide a privacy notice to one or all of the consumers. The bill authorizes the financial institution, if a consumer authorizes the sale of a consumer's financial information, to sell any financial information relating to the consumer, including information relating to a jointly obtained product or service. The bill authorizes a financial institution, if a consumer who does not authorize the sale of the consumer's financial information jointly obtains a financial product or service with another consumer who has authorized the sale, to sell only the financial information of the first consumer that relates to the jointly obtained product or service.
C.S.H.B. 2129 prohibits a financial institution from requiring a consumer's authorization for the sale of the consumer's financial information as a condition of doing business with the financial institution. The bill establishes that a consent or waiver obtained from a consumer as a condition of doing business with a financial institution is not valid.
C.S.H.B. 2129 makes a person liable to a consumer for an intentional violation of the sale of a consumer's financial information in an amount equal to the greater of $1,000 or the actual damages caused by the sale of the financial information.
C.S.H.B. 2129 prohibits the interpretation of any of the bill's provisions to prevent a credit bureau from obtaining a consumer's financial information without the consumer's authorization.
C.S.H.B. 2129 requires a financial institution to provide each person who is transacting business with or using the services of the institution on September 1, 2009, the privacy notice required above not later than the 60th day after September 1, 2009. The bill prohibits a financial institution from selling a consumer's financial information after the 180th day after the effective date of this bill unless authorized by the consumer to do so.
C.S.H.B. 2129 defines "affiliate of a financial institution," "consumer," "control," "financial information," and "financial institution."
|
|
EFFECTIVE DATE
September 1, 2009.
|
|
COMPARISON OF ORIGINAL AND SUBSTITUTE
C.S.H.B. 2129 adds a provision not in the original prohibiting the interpretation of any of the bill's provisions to prevent a credit bureau from obtaining a consumer's financial information without the consumer's authorization.
|
|
|