logo
Issues News Reports How You Can Help Results About U.S. PIRG U.S. PIRG Education Fund Jobs

U.S. PIRG Consumer Blog

« FCC may weaken telco complaint reporting | Main | Government to take over housing giants Fannie and Freddie »

September 05, 2008

Ninth Circuit reinstates part of privacy law

This week, the Ninth Circuit US Court of Appeals (decision, San Francisco Chronicle story) reinstated part of a landmark PIRG-backed California financial privacy law, SB 1, that will prevent banks and other financial firms from sharing some of your information with affiliates if you choose to opt-out. The new decision differentiates between sharing for credit purposes, which will still be subject to a "no-opt" rule and sharing for marketing or profiling purposes, which will have a newly enforced opt-out right. From the Chronicle:

For example, Deputy Attorney General Catherine Ysrael, the state's lawyer in the case, said customers provide personal and financial information to banks that maintain their accounts, and their credit card statements might reveal buying patterns that a bank could turn over to affiliated retailers. The law allows customers to block the sharing of such information.
Over at Consumer Law and Policy blog, Leah Nicholls has more legal and preemption analysis. Below is some more explanation and history.

Federal law (the 1999 Gramm-Leach-Bliley Financial Modernization Act) allows unfettered sharing between firms and their affiliates regardless of your preference; it only gives you a limited right to opt-out whenever information is shared with some third parties. California law now says that some sharing (for marketing or profiling) with affiliates requires the firm to first offer you a right to opt out (say no) and that all sharing with most third parties requires you to first affirmatively consent (opt-in or say yes). That part of the law had not been challenged and has been in force. (Note that some third parties selling financial products on behalf of the bank are treated as if they are affiliates; so, the opt-in that applies to "most third parties" applies primarily to sharing with all telemarketers and their ilk). SB 1 was championed by then-state senator Jackie Speier, who became U.S. Rep. Jackie Speier (D-CA) in a special election earlier this year following the death of Rep. Tom Lantos (D-CA).

During Congressional consideration of the 1999 Gramm-Leach-Bliley Financial Modernization Act, it became clear that information sharing among corporate affiliates was an issue of bi-partisan concern. While much has been written of the Victoria's Secret catalog that helped us, gross abuses of privacy by some of the nation's biggest banks -- including U.S. Bank and Bank of America predecessor NationsBank also helped us make the case for privacy. However, due to the power of the banking lobby, the final federal law resulted in privacy notices, but not much in the way of actual privacy rights. However, former Senator Paul Sarbanes (D-MD), a consumer champion, inserted language allowing states to pass stronger financial privacy laws. As it often does, California went first, passing SB 1. However, the legal turmoil (my 2005 blog entry) that ensued caused other states to drop similar efforts. The GLBA had unfortunately also included language preserving the Fair Credit Reporting Act. This conflict between its anti-preemptive Sarbanes amendment and its cross-reference to the preemptive Fair Credit Reporting Act's definition of affiliate led to the myriad court decisions before today. The court's decision this week recognizes that affiliate sharing not for credit reporting purposes should not be preempted by this cross-reference. This is important for privacy since it gives consumers the right to prevent unwanted marketing and invasive profiling. More older background from EPIC.

Posted by Ed Mierzwinski at September 5, 2008 04:59 PM

Comments

Post a comment




Remember Me?



218 D. Street, SE Washington, DC 20003
Phone (202) 546-9707
E-mail: