S 0539

S‑0539.2 _____________________________________________

SENATE BILL 5503

_____________________________________________

State of Washington 57th Legislature 2001 Regular Session

By Senators Prentice, Kastama, Costa, Fairley, Thibaudeau, Franklin, Shin, Kline, Gardner, Hargrove and Kohl‑Welles

Read first time 01/24/2001. Referred to Committee on Labor, Commerce & Financial Institutions.

_1 AN ACT Relating to privacy of personal financial information;

_2 and adding a new chapter to Title 19 RCW.

_3 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

_4 NEW SECTION. Sec. 1. It is the policy of the state of

_5 Washington that each financial institution operating in this state

_6 has an affirmative and continuing obligation to respect the

_7 privacy of its customers, to provide its customers with control

_8 over the dissemination of their nonpublic personal information,

_9 and to protect the security and confidentiality of those

10 customers' nonpublic personal information.

11 NEW SECTION. Sec. 2. The definitions set forth in this section

12 apply throughout this chapter.

13 (1) "Financial institution" means an institution, the business

14 of which is engaging in financial activities as described in

15 section 4(k) of the Bank Holding Company Act, 12 U.S.C. 1843(k).

16 (2) "Nonpublic personal information" means:

p. 1 SB 5503

_1 (a) Personally identifiable financial information, including a

_2 social security number:

_3 (i) Provided by a consumer to a financial institution in an

_4 application or otherwise, to obtain a financial product or service

_5 from the financial institution;

_6 (ii) Resulting from any transaction between a financial

_7 institution and a consumer involving a financial product or

_8 service; or

_9 (iii) Obtained by the financial institution about a consumer in

10 connection with providing a financial product or service to that

11 consumer, other than publicly available information; and

12 (b) A list, description, or other grouping of one or more

13 consumers of the financial institution and publicly available

14 information pertaining to them.

15 (3) "Nonaffiliated third party" means an entity that is not an

16 affiliate of, or related by common ownership or affiliated by

17 corporate control with, the financial institution, but does not

18 include a joint employee of the institution.

19 (4) "Affiliate" means a company that controls, is controlled

20 by, or is under common control with another company.

21 (5) "Consumer" means an individual who applies for or obtains

22 products or services from a financial institution that are to be

23 used primarily for personal, family, or household purposes, and

24 also means the legal representative of that individual.

25 (6) "Customer relationship" means, in the case of a financial

26 institution engaged in extending credit directly to consumers to

27 finance the purchase of goods or services, the time of

28 establishing the credit relationship with the consumer. In other

29 cases it will be defined by rules adopted under section 11 of this

30 act.

31 NEW SECTION. Sec. 3. Except as otherwise provided in this

32 chapter, a financial institution may not disclose nonpublic

33 personal information to an affiliate or a nonaffiliated third

34 party unless the financial institution:

35 (1) Has provided to the consumer who is the subject of the

36 personal information a clear and conspicuous notice, in writing,

SB 5503 p. 2

_1 electronic form, or other form permitted by the rules adopted to

_2 implement this chapter, of the categories of information that may

_3 be disclosed to the affiliate or nonaffiliated third party;

_4 (2) Has given the consumer an opportunity, before the time that

_5 the information is initially disclosed, to direct that the

_6 information not be disclosed to the affiliate or nonaffiliated

_7 third party; and

_8 (3) Has given the consumer the ability to exercise that

_9 nondisclosure option through the same method of communication by

10 which the consumer received the notice described in subsection (1)

11 of this section, or another method at least as convenient to the

12 consumer, and an explanation of how the consumer can exercise that

13 option.

14 This section does not prevent a financial institution from

15 providing nonpublic personal information to an affiliate or

16 nonaffiliated third party to perform services for or functions on

17 behalf of the financial institution, including marketing of the

18 financial institution's own products or services, or financial

19 products or services offered under joint agreements between two or

20 more financial institutions that comply with requirements imposed

21 by rules adopted under section 11 of this act, if the financial

22 institution fully discloses the providing of the information and

23 enters into a contractual agreement with the third party that

24 requires the third party to maintain the confidentiality of the

25 information.

26 NEW SECTION. Sec. 4. (1) If a financial institution provides a

27 service to a consumer through which the consumer makes or receives

28 payments or transfers by check, debit card, credit card, or other

29 similar instrument, the financial institution shall not transfer

30 to an affiliate or a nonaffiliated third party:

31 (a) An individualized list of that consumer's transactions or

32 an individualized description of that consumer's interests,

33 preferences, or other characteristics; or

34 (b) A list or description constructed in response to an inquiry

35 about a specific named individual

36 if the list or description is derived from information collected

37 in the course of providing that service.

p. 3 SB 5503

_1 (2) Notwithstanding subsection (1) of this section, a financial

_2 institution may transfer the described information if the

_3 financial institution has clearly and conspicuously requested in

_4 writing or electronic form or other form permitted by the rules

_5 adopted to implement this chapter, that the consumer affirmatively

_6 consents to the transfer and use of that type of information, and

_7 the consent has not been withdrawn.

_8 NEW SECTION. Sec. 5. A financial institution shall not

_9 disclose, other than to a consumer reporting agency, an account

10 number or access code for a credit card account, deposit account,

11 or transaction account of a consumer to an affiliate or

12 nonaffiliated third party for use in telemarketing, direct mail

13 marketing, or other marketing through electronic mail to the

14 consumer.

15 NEW SECTION. Sec. 6. (1) An affiliate or nonaffiliated third

16 party that receives nonpublic personal information from a

17 financial institution shall not disclose the information to

18 another person unless the disclosure would be lawful if made

19 directly to the other person by the financial institution.

20 (2) Notwithstanding subsection (1) of this section, a person

21 who receives nonpublic personal information from a financial

22 institution in accordance with one of the general exceptions in

23 section 10 of this act may use or transfer the information only

24 (a) as permitted under that general exception, or (b) under

25 another general exception in section 10 of this act, if necessary

26 to carry out the purpose for which the information was disclosed

27 by the financial institution.

28 NEW SECTION. Sec. 7. Upon the request of a consumer, a

29 financial institution shall make available to the consumer

30 information about the consumer that is under the control of and

31 reasonably available to the financial institution. However, a

32 financial institution may not be required to:

33 (1) Disclose to a consumer confidential commercial information,

34 such as an algorithm used to derive credit scores or other risk

35 scores or predictors;

SB 5503 p. 4

_1 (2) Create new records in order to comply with the consumer's

_2 request;

_3 (3) Disclose to a consumer information assembled by the

_4 financial institution, in a particular matter, as part of the

_5 financial institution's efforts to comply with laws preventing

_6 fraud, money laundering, or other unlawful conduct; and

_7 (4) Disclose information required to be kept confidential by

_8 federal law.

_9 NEW SECTION. Sec. 8. A financial institution shall provide a

10 consumer the opportunity to dispute the accuracy of information

11 disclosed to the consumer under section 7 of this act, and to

12 present evidence on the accuracy of the information. A financial

13 institution shall correct or delete material information

14 identified by a consumer that is materially incomplete or

15 inaccurate.

16 NEW SECTION. Sec. 9. (1) A financial institution shall

17 provide a disclosure that complies with subsection (2) of this

18 section to an individual upon request, as part of an application

19 for a financial product or service from the financial institution,

20 and to a consumer, before establishing a customer relationship

21 with the consumer and not less than annually during the

22 continuation of the relationship.

23 (2) The disclosure required by subsection (1) of this section

24 must be a clear and conspicuous notice, in writing or in

25 electronic form or other form permitted by the rules implementing

26 this chapter, and must include the financial institution's

27 policies and practices with respect to:

28 (a) Disclosing nonpublic personal information to affiliates and

29 nonaffiliated third parties in compliance with section 2 of this

30 act, including the categories of information that may be

31 disclosed;

32 (b) Disclosing nonpublic personal information of persons who

33 have ceased to be customers of the financial institution; and

34 (c) Protecting the nonpublic personal information of consumers.

p. 5 SB 5503

_1 NEW SECTION. Sec. 10. Sections 3, 4, 5, and 6 of this act do not

_2 prohibit the disclosure of nonpublic personal information:

_3 (1) As necessary to effect, administer, or enforce a

_4 transaction requested or authorized by the consumer, or in

_5 connection with:

_6 (a) Servicing or processing a financial product or service

_7 requested or authorized by the consumer;

_8 (b) Maintaining or servicing the customer's account with the

_9 financial institution, or with another entity as part of a private

10 label credit card program or other extension of credit on behalf

11 of the entity;

12 (c) A proposed or actual securitization, secondary market sale,

13 secondary market sale including the servicing rights, or similar

14 transaction related to a transaction of the consumer; or

15 (d) Performing services for or functions solely on behalf of

16 the financial institution with respect to the financial

17 institution's own customers, including marketing of the financial

18 institution's own products or services to the financial

19 institution's customers;

20 (2) With the consent or at the direction of the consumer;

21 (3)(a) To protect the confidentiality or security of the

22 financial institution's records pertaining to the consumer, the

23 service or product, or the transaction therein; (b) to protect

24 against or prevent actual or potential fraud, unauthorized

25 transactions, claims, or other liability; (c) for required

26 institutional risk control, or for resolving customer disputes or

27 inquiries; (d) to persons holding a legal or beneficial interest

28 relating to the consumer; or (e) to persons acting in a fiduciary

29 or representative capacity on behalf of the consumer;

30 (4) To provide information to insurance rate advisory

31 organizations, guaranty funds or agencies, applicable rating

32 agencies of the financial institution, and persons assessing the

33 institution's compliance with industry standards;

34 (5) To the extent specifically permitted or required under

35 other provisions of law and in accordance with the Right to

36 Financial Privacy Act of 1978, to law enforcement agencies

37 (including a federal or state regulator, the secretary of the

38 treasury with respect to subchapter II of chapter 53 of Title 31,

SB 5503 p. 6

_1 United States Code, section 21 of the Federal Deposit Insurance

_2 Act, and chapter 2 of Title I of Public Law 91-508 (12 U.S.C. 1951-

_3 1959), or the Federal Trade Commission), self-regulatory

_4 organizations, or for an investigation on a matter related to

_5 public safety;

_6 (6)(a) To a consumer reporting agency in accordance with the

_7 Fair Credit Reporting Act, or (b) from a consumer report reported

_8 by a consumer reporting agency;

_9 (7) In connection with a proposed or actual sale, merger,

10 transfer, or exchange of all or a portion of a business or

11 operating unit if the disclosure of nonpublic personal information

12 concerns solely consumers of the business or unit;

13 (8)(a) To comply with federal, state, or local laws, rules, or

14 other applicable legal requirements; (b) to comply with a properly

15 authorized civil, criminal, or regulatory investigation or

16 subpoena or summons by federal, state, or local authorities; or

17 (c) to respond to judicial process or government regulatory

18 authorities having jurisdiction over the financial institution for

19 examination, compliance, or other purposes as authorized by law;

20 (9) In order to facilitate customer service, such as

21 maintenance and operation of consolidated customer call centers or

22 the use of consolidated customer account statements; or

23 (10) To the institution's attorneys, accountants, and auditors.

24 NEW SECTION. Sec. 11. The department of financial institutions

25 shall adopt rules required by this chapter to effectuate and avoid

26 circumvention of its purpose.

27 NEW SECTION. Sec. 12. (1) The legislature finds that the

28 practices covered by this chapter are matters vitally affecting

29 the public interest for the purpose of applying the Consumer

30 Protection Act, chapter 19.86 RCW. A violation of this chapter is

31 an unfair and deceptive act in trade or commerce for the purpose

32 of applying the Consumer Protection Act, chapter 19.86

33 RCW. Invasion of privacy rights protected by this chapter are not

34 reasonable in relation to the development and preservation of

35 business.

36 (2) In an action for a violation of this chapter, with the

p. 7 SB 5503

_1 exception of section 5 of this act, a financial institution may

_2 raise the defense that the violation was not intentional and was

_3 the result of bona fide error. This is an affirmative defense and

_4 must be proved by a preponderance of the evidence.

_5 (3) Damages to a person who is a victim of a violation of this

_6 chapter are five hundred dollars, or actual damages, whichever is

_7 greater. A court may increase the award of damages in an amount not

_8 to exceed three times the actual damages sustained, or one

_9 thousand five hundred dollars, whichever is greater, upon a

10 showing by a preponderance of the evidence that a violation was

11 willful.

12 (4) In a class action for a violation of this chapter, the

13 total recovery of statutory damages arising from the same

14 violation may not be more than the lesser of one million dollars

15 or one percent of the net worth of the defendant. There is no limit

16 on the amount awarded for actual damages.

17 NEW SECTION. Sec. 13. Sections 1 through 12 of this act

18 constitute a new chapter in Title 19 RCW.

‑‑‑ END ‑‑‑

SB 5503 p. 8