| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to a consumer's option to prevent the sale of the |
|
|
consumer's financial information by a financial institution; |
|
|
providing a civil penalty. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subtitle Z, Title 3, Finance Code, is amended by |
|
|
adding Chapter 279 to read as follows: |
|
|
CHAPTER 279. SALE OF CONSUMER'S FINANCIAL INFORMATION |
|
|
Sec. 279.001. DEFINITIONS. In this chapter: |
|
|
(1) "Affiliate of a financial institution" means a |
|
|
person who controls, is controlled by, or is under common control |
|
|
with the financial institution. In this subdivision, "control" |
|
|
means the possession, directly or indirectly, of the power to |
|
|
direct or cause the direction of the management and policies of a |
|
|
person, whether through the ownership of voting securities, by |
|
|
contract, or otherwise. |
|
|
(2) "Consumer" means an individual resident of this |
|
|
state, or the legal representative of an individual resident of |
|
|
this state, who obtains a financial product or service for |
|
|
personal, family, or household purposes. |
|
|
(3) "Financial information" means information, other |
|
|
than information that a financial institution has a reasonable |
|
|
basis to believe is lawfully made available to the general public, |
|
|
obtained by a financial institution in connection with providing a |
|
|
financial product or service to a consumer, including: |
|
|
(A) information provided on an application for a |
|
|
loan, credit card, or other financial product or service; |
|
|
(B) account balance information; |
|
|
(C) payment or overdraft history; |
|
|
(D) credit or debit purchase information; |
|
|
(E) information that indicates whether an |
|
|
individual is or has been a consumer of a financial institution; |
|
|
(F) information obtained in connection with |
|
|
collecting on or servicing a loan; or |
|
|
(G) information from a consumer report. |
|
|
(4) "Financial institution" has the meaning assigned |
|
|
by Section 201.101. |
|
|
(5) "Joint Agreement" means a formal written contract |
|
|
pursuant to which two or more institutions jointly offer, endorse, |
|
|
or sponsor a financial product or service. |
|
|
(6) "Financial product or service" means any product |
|
|
or service that a financial holding company could offer by engaging |
|
|
in an activity that is financial in nature or incidental to such |
|
|
financial activity under section 4(k) of the Bank Holding Company |
|
|
Act of 1956 (12 USC 1843 (k)). |
|
|
Sec. 279.002. EXCEPTIONS. This chapter does not apply to |
|
|
the sale of a consumer's financial information as necessary to: |
|
|
(1) effect, administer, or enforce a transaction |
|
|
requested or authorized by the consumer to protect against or |
|
|
prevent actual or potential fraud, unauthorized transactions, |
|
|
claims, or other liability; or |
|
|
(2) comply with a federal or state law, rule, or |
|
|
regulation. |
|
|
Sec. 279.003. AUTHORIZATION REQUIRED FOR SALE OF FINANCIAL |
|
|
INFORMATION. (a) A financial institution may sell a consumer's |
|
|
financial information to another person only if the consumer |
|
|
authorizes the sale of the information as provided by this chapter. |
|
|
(b) A financial institution may sell a consumer's financial |
|
|
information to an affiliate of the financial institution or to a |
|
|
financial institution that offers financial products or services |
|
|
which the financial institution has entered into a joint agreement. |
|
|
An affiliate of a financial institution who receives a consumer's |
|
|
financial information from a financial institution or a financial |
|
|
institution with which the financial institution has entered into a |
|
|
joint agreement may sell the information only if the consumer |
|
|
authorizes the financial institution to sell the information as |
|
|
provided by this chapter. |
|
|
Sec. 279.004. PRIVACY NOTICE AND AUTHORIZATION FOR SALE. |
|
|
(a) A financial institution shall provide a written privacy notice |
|
|
to: |
|
|
(1) each consumer who is transacting business with or |
|
|
using the services of the financial institution; and |
|
|
(2) a consumer who begins a relationship with the |
|
|
financial institution at the time the financial institution first |
|
|
communicates in writing or in person with the consumer. |
|
|
(b) The privacy notice shall: |
|
|
(1) inform the consumer that the financial institution |
|
|
may not sell the consumer's financial information if the consumer |
|
|
does not authorize the sale of the information; and |
|
|
(2) provide a form that the consumer may sign and |
|
|
return to the financial institution to indicate that the consumer |
|
|
authorizes the financial institution to sell the consumer's |
|
|
financial information. |
|
|
(c) A financial institution may sell a consumer's financial |
|
|
information only after the financial institution receives the form |
|
|
authorizing the sale of the information. |
|
|
(d) A financial institution that does not sell a consumer's |
|
|
financial information to a person other than an affiliate of the |
|
|
financial institution is not required to provide a privacy notice |
|
|
to a consumer under this section. |
|
|
Sec. 279.005. WITHDRAWAL OF AUTHORIZATION FOR SALE OF |
|
|
INFORMATION. A consumer who has authorized the sale of financial |
|
|
information under Section 279.004 may at any time withdraw the |
|
|
authorization in writing. The withdrawal of an authorization is |
|
|
effective on the date the financial institution receives the |
|
|
withdrawal. |
|
|
Sec. 279.006. JOINT RELATIONSHIPS. (a) If two or more |
|
|
consumers jointly obtain a financial product or service, the |
|
|
financial institution may provide a privacy notice to one or all of |
|
|
the consumers. |
|
|
(b) If a consumer authorizes the sale of the consumer's |
|
|
financial information as provided by this chapter, the financial |
|
|
institution may sell any financial information relating to that |
|
|
consumer, including information relating to a jointly obtained |
|
|
product or service. |
|
|
(c) If a consumer who does not authorize the sale of the |
|
|
consumer's financial information as provided by this chapter |
|
|
jointly obtains a financial product or service with another |
|
|
consumer who has authorized the sale, the financial institution may |
|
|
sell only the financial information of the first consumer that |
|
|
relates to the jointly obtained product or service. |
|
|
Sec. 279.007. FINANCIAL INSTITUTION MAY NOT REQUIRE |
|
|
AUTHORIZATION. A financial institution may not require a |
|
|
consumer's authorization for the sale of the consumer's financial |
|
|
information as a condition of doing business with the financial |
|
|
institution. A consent or waiver obtained from a consumer as a |
|
|
condition of doing business with a financial institution is not |
|
|
valid. |
|
|
Sec. 279.008. LIABILITY. A person is liable to a consumer |
|
|
for an intentional violation of this chapter in an amount equal to |
|
|
the greater of: |
|
|
(1) $1,000; or |
|
|
(2) actual damages caused by the sale of the financial |
|
|
information. |
|
|
Sec. 279.009. CIVIL PENALTY. (a) A person who knowingly |
|
|
violates this chapter is liable to the state for a civil penalty in |
|
|
an amount not to exceed $1,000 for each violation. The attorney |
|
|
general or the prosecuting attorney in the county in which the |
|
|
violation occurs may bring: |
|
|
(1) a suit to recover the civil penalty imposed under |
|
|
this section; and |
|
|
(2) an action in the name of the state to restrain or |
|
|
enjoin a person from violating this chapter. |
|
|
(b) The attorney general or the prosecuting attorney in the |
|
|
county in which the violation occurs, as appropriate, is entitled |
|
|
to recover reasonable expenses incurred in obtaining injunctive |
|
|
relief, civil penalties, or both, under this section, including |
|
|
reasonable attorney's fees, court costs, and investigatory costs. |
|
|
SECTION 2. (a) A financial institution shall provide each |
|
|
person who is transacting business with or using the services of a |
|
|
financial institution on the effective date of this Act a privacy |
|
|
notice as required by Section 279.004, Finance Code, as added by |
|
|
this Act, not later than November 1, 2011. |
|
|
(b) A financial institution may not sell a consumer's |
|
|
financial information after March 1, 2012, unless authorized by the |
|
|
consumer under Chapter 279, Finance Code, as added by this Act. For |
|
|
purposes of this subsection, a sale occurs on the earlier of the |
|
|
date an enforceable agreement to sell information is made or the |
|
|
date the information being sold is disclosed. |
|
|
SECTION 3. This Act takes effect September 1, 2011. |