Financial Privacy

Owing to advances in information technology, many consumer transactions now yield an electronic trace that enables banks, credit card companies and other financial institutions to gather large amounts of information on a consumer's identity. Many consumer advocates believe that companies should not be able to share or sell non-public information without permission.

The debate on enhancing consumer privacy has focused on two basic approaches. With the "opt in" approach, the financial institution must obtain permission from the consumer before releasing financial information. The consumer must opt in by providing explict authorization. With the "opt-out" approach, the financial institution is assumed to have tacit approval to release financial information unless the consumer objects. The burden is on the consumer to take action to opt out. Consumer advocates favor the "opt-in" approach because it optimizes consumer control.

In general, the argument against stricter financial privacy regulation is that the financial services industry is already doing a good job of protecting consumer privacy, that the industry appropriately uses customer information to improve services to the consumer, and that more regulation will increase costs for the consumer.

In 1999 Congress passed the Gramm-Leach-Bliley Act, which provides that any financial institution that intends to share nonpublic customer information with third parties (companies not related by ownership ties) must give customers an opportunity to deny them permission to do so, or opt out. In addition, financial institutions are required to provide customers with an annual statement of their privacy policy. These provisions were fully implemented in the summer of 2001.

The Gramm-Leach-Bliley Act also allows individual states to adopt privacy provisions that are stricter than the federal standard if they so desire. In North Dakota and California, consumer advocates have pressed for legislation further restricting customer information sharing and requiring fuller disclosure to the consumer.

Lawmakers in a few states, including Vermont, Alaska, Connecticut, and Illinois, have kept strict opt-in rules, enabling consumers to choose whether or not they want their information shared or sold.

Since 2001 the financial privacy movement in California has been spearheaded by Senator Jackie Speier (D-San Mateo). Speier has tried several times to pass a privacy bill. In 2001 she introduced SB773, which passed in the State Senate, but stalled and eventually died in the State Assembly. The financial services industry has spent millions of dollars to block privacy legislation. The San Francisco Chronicle, which has vigorously supported the legislation, reported in a September 7, 2002 story that the industry spent more than $20 million in 2002 alone in campaign contributions and lobbying fees.

In 2003 Senators Speir and John Burton (D-San Francisco) introduced SB1. SB1 would require financial institutions to obtain consumers' permission before sharing personal financial information with non-affiliated companies. It would also provide consumers the option to stop information from being shared with affiliated companies. Although SB1 is a slightly weakend version of SB773, Speier claims that SB1 is more "streamlined" than her previous efforts and will be more acceptable to those who opposed the earlier bills.

In June 2003, SB 1 failed to pass the Legislature despite last minute support by Governor Gray Davis. Assemblywoman Ellen Corbett, D-San Leandro and Majority Leader Wilma Chan, provided two of just three votes for the measure as it went down to defeat in the Assembly Banking and Finance Committee. There were four no votes and five abstentions.

Consumer groups protested SB 1's failure and moved on two fronts. They quickly gathered 500,000 signatures supporting a ballot proposition on the issue which would appear on the March 2004 ballot. But, they said they would give California legislators one last chance to pass a bill by Aug. 19. Otherwise, they would submit the proposition for a March 2004 statewide vote. While SB1 would allow the banks and other institutions to share customer information within their own family of firms, the proposition would bar such sharing.

On August 19 the California Assembly passed the bill with a vote of 76-1. On Tuesday, Aug. 20 it passed the Senate 21 to 6. Governor Davis is expected to sign the bill as early as the week of the 25th. Many analysts believe that the financial information industry was not willing to risk a harsher bill on the ballot in March and dropped their opposition leading to easy passage in both Assembly and Senate. On August 28, Governor Davis signed the bill into law. SB1 is widely considered the toughest financial privacy law in the country.

The battle continues, however, in Washington where pending legislation could halt SB1's key elements. There is currently a provision in federal law which pre-empts states from enacting laws like SB1. It was written into law in 1996 when the Credit Reporting Law was enacted. The ban is due to expire, Jan 1. 2004, but a new bill that cleared the House Financial Services Committee last July could make the ban permanent. If the new bill passes, it could virtually negate SB1, due to become effective on July 1, 2004. Privacy advocates are campaigning to push Richard Shelby (R-Al), chairman of the Senate Banking Committee, to add an exception to the bill which would exclude the California provision from the ban. Congress is scheduled to further review the bill when it returns from its August recess.

American Bankers Association
Website includes a major section on Privacy of Customer Information.

California. Office of Privacy Protection.
The California state agency responsible for financial privacy rights. Website includes a section on Financial Privacy.

Federal Reserve Board
Website includes a section on Privacy Choices for Your Personal Financial Information.

Personal Insurance Federation of California
One of the major groups opposing stricter financial privacy regulation in California.

Privacy Rights Clearinghouse
This San Diego-based organization has published guides to financial privacy in its fact sheet series. See nos. 24 through 24(d).

Senator Jackie Speier - Offical Website
Highlights her efforts to pass financial privacy legislation.

U.S. Federal Trade Commission
Website includes a Privacy Initiatives section with links to information about the Gramm-Leach-Bliley Act and to financial privacy guidelines.

Epstein, Edward.
" House Votes to Gut State's Financial Privacy Law." San Francisco Chronicle, Sept. 12, 2003.

Epstein, Edward.
" Privacy Law's Fate Depends on House." San Francisco Chronicle, Sept. 11, 2003.

" Standing Up For California." San Francisco Chronicle, Sept. 10, 2003.

Epstein, Edward.
"New State Privacy Law Threatened: Federal Law Could Block Bills Protecting Financial Information." San Francisco Chronicle, Aug. 28, 2003.

"A Milestone in Privacy Rights." The San Francisco Chronicle, Aug. 27, 2003.

Mandaro, Laura.
Growling Over Calif. Privacy Act Won't Fade: B of A Skipped Talks, Still a Foe, Seeks a National Standard." American Banker, Aug. 25, 2003.

"Speier's Perseverance." San Francisco Chronicle, Aug. 20, 2003.

Gledhill, Lynda.
"Financial Privacy Bill Bursts Through Deadlock: After Years of Legislative Gridlock, Assembly Votes 76-1." San Francisco Chronicle, Aug. 19, 2003.

"Consumers Win; Industry Agrees to Financial Privacy Bill." San Diego Union-Tribune, Aug. 16, 2003.

"Populist Revolt Lifts Privacy Bill." San Francisco Chronicle, Aug. 14, 2003.

Berthelson, Christian.
"Privacy Foes Give Up Their Fight: Threat of Stringent Initiative Convinces Bankers, Insurers." San Francisco Chronicle, Aug. 14, 2003.

Said, Carolyn.
"Privacy Bill Backers Ready to Go to Ballot: Pass Law or Face Initiative, They Tell Legislature." San Francisco Chronicle, July 31, 2003, p. A1.

"Privacy Revolution is Here." San Francisco Chronicle, July 31, 2003, p. A20.

Geissinger, Steve.
"Lawmakers Kill Speier's Financial-Privacy Bill: Supporters Say They Will Take Fight to the Ballot Box," San Mateo County Times, June 9, 2003.

"Follow Up; Missing: The Public's Servants," San Francisco Chronicle, July 1, 2003, p. A18.

Berthelsen, Christian.
"Privacy Backers Hit In War Chest: More Campaign funds For Those Who Killed Bill," San Francisco Chronicle, June 30, 2003, p. A1.

Foundation for Taxpayer and Consumer Right.
"FTCR: No Financial Privacy for Californians, None for Politicians Who Stop Bill; Social Security Numbers of Assembly Members, Governors Released," U.S. Newswire, June 17, 2003.

Mandaro, Laura.
"Calif.'s New Privacy Bill is Ready -- What's Inside?" American Banker,June 6, 2003, v.168, n.108.

Salladay, Robert.
"Financial Privacy Initiative in Works: Its Sponsor Doesn't Think Comparable Bill Will Survive Assembly," San Francisco Chronicle, Mar. 4, 2003, p. A17.

"Privacy Now: Adopt Law to Protect Personal Financial Data [editorial]," San Diego Union-Tribune, Dec. 27, 2002, p. B8.

Yamamura, Kevin.
"Banks Fight Rash of Local Privacy Rules: Four Bay Area Entities Limit the Release of Data on Customers in the Absence of State Action," Sacramento Bee, Nov. 7, 2002, p. A3.
The four Bay Area jurisdictions are San Mateo County, Daly City, Contra Costa County and Alameda County.

Lacker, Jeffrey M.
"The Economics of Financial Privacy: to Opt out or Opt in?", Economic Quarterly, v. 88, issue 3 (Summer 2002), p. 1-16.

Financial Privacy (San Francisco Chronicle)
A series of editorials dating from May 2001 strongly supporting financial privacy legislation.

Cate, Fred H.
Protecting Consumer Privacy: Ten Questions Every Legislator Should Ask. Sept. 16, 2000. (BBBOnLine)
BBBOnLine is a service of the Counci of Better Business Bureaus.

Prepared by the staff of the IGS Library. Send comments to igsl@uclink.berkeley.edu.