S 187 IS, Financial Information Privacy Act.
Sponsor: Sen. Paul Sarbanes (D-MD).
Date introduced: January 19, 1999.
Source: Library of Congress.
| 106th CONGRESS 1st Session |
S. 187 |
To give customers notice and choice about how their financial institutions share or sell their personally identifiable sensitive financial information, and for other purposes.
IN THE SENATE OF THE UNITED STATES
January 19, 1999
Mr. SARBANES (for himself, Mr. DODD, Mr. BRYAN, Mr. LEAHY, Mr. EDWARDS, and Mr. HOLLINGS) introduced the following bill; which was read twice and referred to the Committee on Banking, Housing, and Urban Affairs
A BILL
To give customers notice and choice about how their financial institutions share or sell their personally identifiable sensitive financial information, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the `Financial Information Privacy Act of 1999'.
In this Act--
(1) the term `covered person' means a person that is subject to the jurisdiction of any of the Federal financial regulatory authorities; and
(2) the term `Federal financial regulatory authorities' means--
(A) each of the Federal banking agencies, as that term is defined in section 3(z) of the Federal Deposit Insurance Act; and
(B) the Securities and Exchange Commission.
(a) RULEMAKING- The Federal financial regulatory authorities shall jointly issue final rules to protect the privacy of confidential customer information relating to the customers of covered persons, not later than 270 days after the date of enactment of this Act (and shall issue a notice of proposed rulemaking not later than 150 days after the date of enactment of this Act), which rules shall--
(1) define the term `confidential customer information' to be personally identifiable data that includes transactions, balances, maturity dates, payouts, and payout dates, of--
(A) deposit and trust accounts;
(B) certificates of deposit;
(C) securities holdings; and
(D) insurance policies;
(2) require that a covered person may not disclose or share any confidential customer information to or with any affiliate or agent of that covered person if the customer to whom the information relates has provided written notice, as described in paragraphs (4) and (5), to the covered person prohibiting such disclosure or sharing--
(A) with respect to an individual that became a customer on or after the effective date of such rules, at the time at which the business relationship between the customer and the covered person is initiated and at least annually thereafter; and
(B) with respect to an individual that was a customer before the effective date of such rules, at such time thereafter that provides a reasonable and informed opportunity to the customer to prohibit such disclosure or sharing and at least annually thereafter;
(3) require that a covered person may not disclose or share any confidential customer information to or with any person that is not an affiliate or agent of that covered person unless the covered person has first--
(A) given written notice to the customer to whom the information relates, as described in paragraphs (4) and (5); and
(B) obtained the informed written or electronic consent of that customer for such disclosures or sharing;
(4) require that the covered person provide notices and consent acknowledgments to customers, as required by this section, in separate and easily identifiable and distinguishable form;
(5) require that the covered person provide notice as required by this section to the customer to whom the information relates that describes what specific types of information would be disclosed or shared, and under what general circumstances, to what specific types of businesses or persons, and for what specific types of purposes such information could be disclosed or shared;
(6) require that the customer to whom the information relates be provided with access to the confidential customer information that could be disclosed or shared so that the information may be reviewed for accuracy and corrected or supplemented;
(7) require that, before a covered person may use any confidential customer information provided by a third party that engages, directly or indirectly, in activities that are financial in nature, as determined by the Federal financial regulatory authorities, the covered person shall take reasonable steps to assure that procedures that are substantially similar to those described in paragraphs (2) through (6) have been followed by the provider of the information (or an affiliate or agent of that provider); and
(8) establish a means of examination for compliance and enforcement of such rules and resolving consumer complaints.
(b) LIMITATION- The rules prescribed pursuant to subsection (a) may not prohibit the release of confidential customer information--
(1) that is essential to processing a specific financial transaction that the customer to whom the information relates has authorized;
(2) to a governmental, regulatory, or self-regulatory authority having jurisdiction over the covered financial entity for examination, compliance, or other authorized purposes;
(3) to a court of competent jurisdiction;
(4) to a consumer reporting agency, as defined in section 603 of the Fair Credit Reporting Act for inclusion in a consumer report that may be released to a third party only for a purpose permissible under section 604 of that Act; or
(5) that is not personally identifiable.
(c) CONSTRUCTION- Nothing in this section or the rules prescribed under this section shall be construed to amend or alter any provision of the Fair Credit Reporting Act.