Faced with the possibility of an expensive campaign to defeat a threatened ballot initiative, California’s financial industry set aside its opposition to a comprehensive information privacy law Thursday and announced a last-minute compromise with privacy groups.
The deal gives legislators a deadline of Tuesday evening to pass a version of a financial privacy law backed by California State Sen. Jackie Speier (D-San Francisco/San Mateo) which imposes restrictions on how banks and insurance companies can share information about their customers.
If the state House and Senate fail to pass the bill, a coalition of privacy groups called Californians for Privacy Now will turn in the 600,000 signatures it has collected and put the issue on the state’s March 2004 ballot. The deadline for turning in signatures for ballot initiatives is August 20.
Both sides agree the measure, if enacted as expected, will put into effect the strongest financial privacy protections in the country.
The law also is expected to have a ripple effect across the country, because it is often easier for large companies to change their privacy practices across the board than to change them only for a particular state, especially one with a customer base as large as California’s.
The compromise bill contains three levels of regulation. Financial companies that want to share or sell data with other firms will have to ask for explicit permission from individual customers, a process known as opt-in.
Different rules apply if a financial company wants to share information with affiliates. For example, if a bank wants to share information about a customer with an investment company, and both are owned by the same parent company, they can share information but have to give the customer a chance to say no. This is called opt-out.
Thirdly, affiliated companies engaged in the same kind of business can share information freely. Thus, if you hold a home insurance policy with State Farm, the company can share your information with its automotive insurance arm.
Just last month, two similar measures, both sponsored by Speier, were killed in committee because of heavy lobbying by banks and the California Chamber of Commerce, which called the bill a “job killer.”
On Thursday, Fred Main, senior vice president of the California Chamber of Commerce, praised the compromise, saying it was an improvement on a “runaway initiative.”
“We have always wanted a reasonable, workable bill,” said Main. “Both sides decided that it’s better to do complicated public policy in the legislature than on the ballot.”
“We still have thought from the beginning, though, that a federal standard is the way to go,” said Main.
Main’s stance Thursday was far removed from July, when he vowed that the financial industry would spend millions to fight the ballot measure, despite early polling numbers that indicated more than 90 percent of California voters would support it.
Privacy advocates generally lauded Thursday’s events.
“It’s a great stride forward for consumers,” said Beth Givens of the Privacy Rights Clearinghouse. “An initiative is a blunt instrument. If aspects of this law are harmful to consumers, we can go back to the table and fix it.”
However, not all consumer watchdog groups applauded the announcement.
“I’m not sure if this is a quarter loaf or a half loaf,” said Jerry Flanagan of the Foundation for Taxpayer & Consumer Rights.
Flanagan said he was upset that the legislation did not contain guidelines for the language of opt-out forms, which is regulated at the federal level by the Treasury Department.
“Unless the form is clearly written, tells consumers what their rights are, and is a separate form, the effects of this bill may be largely illusory,” he said.
The bill allows companies to write their own opt-out forms and says the language can be written on a college level. Additionally, individuals would not be able to sue if their information is wrongfully disseminated. The bill contains provisions that would only allow the state attorney general to file suit on Californians’ behalf.