COUNTY OF SAN MATEO

Inter-Departmental Correspondence

Board of Supervisors

 

DATE:

July 16, 2002

BOARD MEETING DATE:

July 23, 2002

 

TO:

Honorable Board of Supervisors

FROM:

Supervisor Mike Nevin

SUBJECT:

Proposed County Ordinance regarding Consumer Financial Information Privacy

   
 

Recommendation

Approve introduction of a County ordinance regarding consumer financial information privacy with a second reading and adoption no sooner than August 6, 2002.

 

Background

In 1999, Congress enacted the Financial Services Modernization Act (also known as the Gramm-Leach-Bliley, or "GLB"Act). GLB is intended generally to prevent various financial institutions from conducting the business of other financial institutions. As part of the act, GLB allows businesses to share and sell customer information. The act requires financial institutions to inform consumers of their right to "opt out" (to notify affirmatively the financial institution that the consumer does not want his or her information shared). However, the "opt out" provision applies only to disclosures to non-affiliated third parties, such as telemarketers. Under GLB, customers have no right to opt out of the sharing of their nonpublic information between affiliates. GLB permits states to provide increased protections.

SB 773 (Speier) and AB 1775 (Nation) have been two more prominent attempts to pass state legislation on the issue of financial information privacy. AB 1775 has effectively died in the Assembly Judiciary Committee. SB 773 remains on the Assembly floor having passed through the Senate and the required Assembly policy committees. The bill failed to gain the required 41 votes to pass the Assembly floor (32 ayes, 26 noes; September 2001).

SB 773 has been consistently granted reconsideration on the floor since the September 2001 vote. Senator Speier hopes to find the votes needed for passage before the end of the session in November.

Daly City has introduced an ordinance similar to SB 773. The ordinance's second reading has been scheduled for August 12, 2002.

The County's proposed ordinance would, with exceptions, prohibit "financial institutions" from disclosing "confidential information" to third parties unless the financial institution has given written notice to the consumer and has received signed consent acknowledgement from the customer authorizing the disclosure. This ordinance would allow for administrative fines to be levied against those financial institutions that negligently or intentionally disclose such information.

 

Discussion

Consumers are increasingly concerned about the privacy of their personal financial information. According to a Harris poll released in February 2002, 75% of those polled expressed concern about companies they patronized providing their information to other companies without their permission.

Advances in technology and the proliferation and manageability of consumer information databases have enabled financial institutions significant ability to sell and utilize information of all kinds including nonpublic personal information about consumers. Over 5 years ago Christine Varney, Former Federal Trade Commissioner (1994-1997), stated, "[P]ersonal information about an individual is being collected at a rate and to a degree unthinkable even five years ago." Subsequent developments in technology and compatibility to technology only reinforce Commissioner Varney's comments in 1996. In support of SB 773, State Senator Jackie Speier stated protection of confidential consumer information is, "critical, since, with increasingly sophisticated innovations in technology, banks can manipulate the information to enable them to profile customers by, for example, wealth, personal habits, and life events such as inheritances, higher salary, and pregnancy."

The sharing of confidential consumer information can impact consumers in ways they consider negative. Beth Givens, Executive Director of the Privacy Rights Clearinghouse, in testimony before the State Assembly Banking and Finance Committee regarding a similar privacy bill, gave several examples of how the sharing, selling and basic mishandling of confidential consumer information can have results not desired by consumers. Examples included a financial institution's sale of confidential consumer information "to a felon who then made hundreds of thousands of fraudulent entries on their credit cards to the tune of several million dollars in fraud."

Existing law, as reflected in the Gramm-Leach-Bliley Act, does not provide a variety of protections proposed in the ordinance. GLB allows financial institutions to share confidential consumer information unless the consumer "opts out" of such disclosures. "Opt out" provisions require the consumer to take affirmative action to prevent the financial institution from sharing the consumer's confidential consumer information. The failure of the consumer to take that affirmative action implicitly permits the financial institution to share the information with nonaffiliated third parties. The opt-out provision of GLB does not adequately gauge a consumer's opinion about how the consumer's information is to be used. Failure to opt out can result from a number of factors including the consumer's inability to understand the opt-out notice or their simple failure to identify the opt out notice from other notices and advertisements included in the financial institutions communications. The consumer's conscious and active decision to take no action is only one of many reasons for a consumer to not opt-out. In addition, GLB does not permit consumers to opt out of information sharing between affiliates.

The proposed ordinance would provide greater protection to consumers. Similar to the May 30th amended version of SB 773, the proposed ordinance would, with exceptions, require financial institutions to provide consumers with written notice and to receive signed consent acknowledgment before they share the consumer's confidential information with third parties. By requiring consumers to "opt in" financial institutions would be able to better determine the wishes of consumers regarding the sharing of their confidential information. The ordinance would require the written notice to describe the information to be shared, to what entities and for what purposes the information will be shared.

The proposed ordinance would provide greater protections than that found in Daly City's financial information privacy ordinance. Daly City's ordinance addresses negligent disclosures, but does not address willful or intentional disclosures.

However, this ordinance would not prohibit financial institutions from conducting everyday business such as using a separate company for mailing services for monthly bills and statements. This ordinance would also not prohibit financial institutions from marketing to their own customers. This ordinance would only apply to financial institutions located within unincorporated San Mateo County and for customers using those financial institutions.

This Board supports SB 773 (Speier) and has reaffirmed its support for the bill with a letter signed by all Board members urging the Assembly leadership to pass the bill and send it to Governor Davis.

With the inadequate protections of federal law and the inability of the State Legislature to pass greater protections, this ordinance provides an alternative method by which consumers can be protected. This ordinance would serve as a model ordinance for cities within San Mateo County as well as a model ordinance for other California counties.

 

Vision Alignment

Adoption of this ordinance ensures basic health and safety for all and supports Goal #7 to maintain and enhance the public safety of all residents and visitors.

 

Fiscal Impact

Adoption of the ordinance would have no fiscal impact to the County. However, potential litigation surrounding the ordinance and enforcement activities would have unknown costs. The approved administrative fines would offset some of the costs for enforcement.