Wired Magazine
Consumer and privacy advocates have gathered nearly enough signatures to put one of the nation’s toughest financial privacy laws on the ballot next year in California.
The California Financial Privacy Act (PDF), which needs a majority vote to pass, would require financial institutions to receive permission from their customers before sharing their sensitive financial information with other companies, affiliates and even other divisions of the same company. That requirement, known as “opt in,” is one that the initiative’s backers have been unable to pass through the state legislature.
The law also would allow California’s attorney general and local district attorneys to sue companies to stop illegal information sharing and would double monetary penalties if that sharing leads to identity theft.
A coalition of privacy groups, known as Californians for Privacy Now, is spearheading the statewide initiative effort. The group has collected more than 300,000 signatures since May and has until mid-August to collect 373,816 valid signatures to qualify for the March 2004 ballot.
Funding for the signature-gathering effort came from an unlikely source: Chris Larsen, CEO of E-Loan, an online mortgage broker. Larsen, who argues that privacy protections will reassure customers and be good for business, gave $1 million to the coalition.
Supporters say the new provisions will help prevent identity theft and prevent large companies from developing detailed profiles of people’s incomes, spending habits and medical histories.
“I don’t talk to my close friends or family about my finances very often,” said Shelly Curran, a policy analyst for Consumers Union. “But financial institutions feel comfortable sharing information every day about how much money I make and how I spend it. We’re not talking about stopping the sharing of information; we’re talking about giving people control.”
The financial industry calls the initiative a “job killer,” arguing that the costs of complying with the provisions will trickle down to customers, that mortgages will become more expensive as a result and that fewer new homes will be built.
“We don’t like opt in,” said Fred Main, senior vice president of the California Chamber of Commerce. “The more information that businesses have access to, the better credit can be allocated. Their solution doesn’t fit the problem of identity theft.”
Currently, federal law allows financial companies, such as banks, insurers and brokerage houses, to share financial information with other companies unless individuals contact the companies to opt out of such sharing. However, customers cannot prevent the sharing of information among a company’s affiliates or with outside companies that have marketing agreements with a given financial institution.
The battle over the initiative opens a new front in a long-running fight in California over financial privacy. The financial industry and privacy advocates have been jousting in the state legislature for four years over a financial privacy bill authored by Democratic State Sen. Jackie Speier. SB-1, this year’s version of her bill, was defeated recently in an assembly committee vote, despite the Senate’s approval of the bill and an endorsement from Gov. Gray Davis, who previously had opposed the measure.
That bill would force companies to get permission to share or sell financial data to outside companies but allow them to share information with affiliates unless the customer contacts them to say no. These provisions are weaker than those in the initiative, which requires a company to get permission for any sharing of financial information. SB-1 is up for reconsideration next week, though few expect it to pass.
“The financial services industry will tolerate opt in for nonaffiliate sharing, but when it comes to sharing among affiliates, they are opposed to opt out,” said Chris Hoofnagle of the Electronic Privacy Information Center. “They want no opt.”
Main says the blame for the bill’s demise should go to privacy advocates who refused to compromise.
“Sen. Speier could have opt-in provisions for sharing with nonaffiliates,” said Main. “But privacy advocates are so in love with their initiative that they killed the bill.”
SB-1’s backers have high hopes for the initiative’s passage, citing poll numbers that show 92 percent of voters support the measure. However, they expect that number to drop once the financial industry starts running ads opposing the initiative in the fall.
The outcome of the battle is likely to have consequences that reach far beyond California.
“What happens in California tends to be the model for the rest of the country,” said Jerry Flanagan of the Foundation for Taxpayer & Consumer Rights. “Since so many financial institutions do business in California, it makes sense for banks to implement regulations across the board. It’s more costly for them to have patchworks.”
A California law that went into effect Monday requires companies, regardless of location, to inform Californians if hackers gain access to sensitive financial information.
Sen. Dianne Feinstein (D-Calif.) introduced a Senate bill modeled on that legislation in late June.
Even if it passes, the future of the California Financial Privacy Act is clouded by the prospect of the extension of provisions in the Fair Credit Reporting Act. Those provisions, which prevent states from passing tougher financial laws than the federal government, expire Jan. 1, 2004.
The Bush administration is sending signals to the financial industry that it will support reauthorizing those provisions in exchange for companies taking stronger measures to prevent identity theft.
Backers of the California initiative say they aren’t worried by that possibility and hope Californians will follow the lead of North Dakota’s voters, who overwhelmingly supported stringent opt-in provisions for the sharing of financial data in a 2002 referendum vote.
“This is an issue people care about,” said Curran. “Republicans in Washington, D.C., but not California, get that. This issue, people getting control of their financial information, is a question of when, not a question of if.”
—–
http://www.wired.com/news/politics/0,1283,59529,00.html
