California Gov. Gray Davis signed the toughest financial privacy regulations in the country into law on Wednesday at a ceremony held in San Francisco’s Pacific Stock Exchange.
But California consumer advocates say all their work might be undone by a move on the opposite coast, where lawmakers, supported by the Bush administration, are moving a bill forward that would pre-empt stronger state laws, including the one newly signed by Davis.
The proposed Fair and Accurate Credit Transactions Act of 2003, the federal law that is expected to be voted on by the full House in September, would reauthorize a portion of the Fair Credit Reporting Act that bars states from passing more-stringent financial privacy laws than those set by FCRA. That provision expires at the end of 2003, and the financial industry has been lobbying hard to have Congress permanently ban stronger state laws.
If the current version of the bill doesn’t change dramatically, it will nullify the new California regulation that allows Californians to say no to financial companies that want to share their personal information with marketing partners and most affiliated companies.
However, the provisions of the California legislation that force companies to get explicit permission to share information with unrelated companies would likely stand, according to Ken Clayton, chief legislative counsel for the American Bankers Association.
The Bush administration has indicated its support of federal pre-emption through Treasury Secretary John Snow who, in July, told the Senate Banking Committee, “The administration proposes to remove the sunsets on the uniform standards….”
“The FCRA’s uniform national standards for information sharing operate to expand the opportunity for consumers to access credit and financial services,” Snow said.
The California-based Foundation for Taxpayer & Consumer Rights today accused President Bush of backtracking on campaign promises to expand financial privacy.
The foundation’s Jerry Flanagan points to a Bush interview with ZDNet in June 2000 in which he is quoted as saying, “I think there ought to be laws that say a company cannot use my information without my permission. We can live in a private world.”
To prove their point about the need for stricter privacy regulations, the group also announced they had acquired, through online data search companies, the Social Security numbers of prominent administration officials, including Attorney General John Ashcroft, CIA Director George Tenet, political adviser Karl Rove and FCC chairman Michael Powell, as well as the Federal Trade Commission’s point person for identity theft, chairman Timothy J. Muris.
A spokeswoman for the FTC would only say that Mr. Muris was aware of the group’s action and that the act was not illegal.
The consumer group used a similar tactic in June when it acquired the Social Security numbers of eight California legislators who voted against the privacy bill prior to its passage in August. The group published a Western-style wanted poster that included photos of the representatives and the first four digits of their Social Security numbers.
When asked if the group would give the Bush administration figures similar treatment, the group’s director, Jamie Court, responded cryptically, “All I’ll say is that I hope the administration does the right thing here.”
Backers of the bill say that allowing state laws to regulate a national industry would create an expensive business environment for financial institutions and that the cost of complying with a patchwork of regulations would eventually be paid for by consumers. In addition, the banking industry argues that restrictions on information sharing would hurt consumers’ efforts to get the best deals on financial services.
The ABA’s Clayton compared the varying state laws to the train system in the 19th century, when the width of railroad tracks was not standardized.
Chris Hoofnagle of the Electronic Privacy Information Center disputes such contentions.
“They make it sound like it’s impossible to do with databases,” said Hoofnagle, who says all banks and credit card companies have to do is filter by ZIP code.
Hoofnagle argues that the House bill is also a Trojan Horse that will pre-empt state identity-theft laws, such as a California law that tries to prevent fraud by requiring credit card issuers to match at least three items on a credit application to information in a credit report.
“The financial industry can’t stand these provisions,” said Hoofnagle, “but they make sense and they stop crime.”
Evan Keefer, a spokesman for the House bill’s author, Rep. Spencer Bachus (R-Ala.), defended the measure, saying the bill wasn’t aimed at California. He argued that it was passed by committee before the California privacy bill was passed in mid-August and that the pre-emption clauses guarantee efficient continuity of the national credit-reporting system.
Keefer also said the bill had tough new provisions that protect consumers.
Those provisions would allow consumers to freeze the issuance of credit if they suspect fraud, and allow them to obtain a free credit report annually. Retailers would be barred from printing full credit card numbers on credit card receipts.
Sen. Richard Shelby (R-Ala.), who heads the Senate Banking Committee, plans to introduce a similar measure in the Senate in September. Though a spokesman declined to comment on the bill’s specifics, it is widely expected to contain both a pre-emption provision and stronger privacy protections than the House version.
Foundation for Taxpayer & Consumer Rights’ Jerry Flanagan and others think the Senate will be the real battleground, but Flanagan said he doesn’t expect the final bill to be a big win for those worried about privacy and information sharing.
“The best we can do is to remove pre-emption from the table,” said Flanagan