HB 1273

Washington State House of Representatives Office of Program Research	BILL ANALYSIS

Insurance, Financial Services & Consumer Protection Committee

HB 1273

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Description: Authorizing fraud alert networks.

Sponsors: Representatives Roach, Ericks, Hurst, Kirby, Strow, Newhouse, Simpson, Williams, Haler, O'Brien, Moeller, Pearson, VanDeWege, McCune, Kenney, Rolfes and Morrell.

Brief Summary of Bill

Authorizes the creation of a statewide "fraud alert network" to allow financial institutions and merchants to share information for the purpose of combating financial crime.

Grants qualified legal immunity to merchants and financial institutions that participate in the fraud alert network.

Hearing Date: 2/6/07

Staff: Jon Hedegard (786-7127).

Background:

There is a host of federal and state laws regarding various crimes involving the use of another's personal information. There is also a number of laws providing protections or remedies for consumers.

Gramm-Leach-Blilely Act (GLBA)
Passed in 1999, the GLBA is a federal act that eliminates the long-standing legal barriers to the integration of banking, securities, and insurance firms, and generally overhauls the regulation of the financial services industry. The GLBA explicitly states that all financial institutions have a continuing obligation to consumers to protect the privacy and security of nonpublic personal information. Since July 1, 2001, financial institutions have been required to notify customers about their privacy practices and allow consumers to "opt out" of having their nonpublic personal information disclosed to nonaffiliated third parties. However, the GLBA carves out an exception to the prohibition against disclosing nonpublic personal information in the event such disclosure is necessary to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability.

Fair Credit Reporting Acts
There are state and federal Fair Credit Reporting Acts. Both restrict the disclosure of consumer credit information by consumer reporting agencies. In general, the Fair Credit Reporting Acts prohibit consumer reporting agencies from disclosing such information except in relation to customer initiated credit transactions or other legitimate business needs in connection with a commercial transaction involving the consumer.

Disposal of customer information
Washington state requires persons and entities engaged in a "trade, occupation, enterprise, governmental function, or similar activity" to take all reasonable steps to destroy, or arrange for the destruction of, personal financial and health information and personal identification numbers issued by government entities when the person or entity is disposing of records. Destruction means shredding, erasing, or modifying personal information to make the personal information unreadable or undecipherable through any reasonable means.

Summary of Bill:

Fraud alert network
The bill grants limited legal immunity to specified financial institutions and merchants with respect to the sharing of consumer information pursuant to participation in a statewide "fraud alert network." The phrase "fraud alert network" refers to a voluntary program of information sharing established by financial institutions and merchants for the purpose of preventing, detecting, and deterring financial crimes. The network may include a website where fraud-related consumer information may be posted and shared by authorized participants.

Financial crimes
"Financial crimes" are defined very broadly to include forgery, identity theft, robbery, embezzlement, tax evasion, money laundering, various fraud-related crimes, and many other offenses. The definition requires that the offense be committed for financial gain and that it be "chargeable or indictable" as a violation of state or federal law, though it does not require that a charge or indictment actually be issued.

Network standards
The fraud alert network must meet specified standards and requirements, including:

participants must either be merchants or entities/persons meeting a very broad definition of "financial institutions;"
access to the network must be limited to designated financial institutions or merchants;
the sole purpose of the network must be for the sharing of information for the prevention, detection, and deterrence of financial crimes;
information posted on the network must be accessible only to designated employees whose job-related duties are relevant to the use of such information for the prevention of financial crimes;
network users must be informed that information cannot be used for routine business purposes related to credit evaluation or acquisition;
information furnished to the network is limited to statements of fact that the provider reasonably believes to be true (subject to an exception for circumstances constituting an emergency); and
the type of information provided to the network must fall under one of the specified categories of information allowed to be shared within the network.

Information furnished to the network
Information provided to the network must relate to suspected financial crimes and must be limited to statements of fact that the provider reasonably believes to be true. The bill also contains a detailed description of the broad categories of information that can be furnished to the network. Participants in the network are prohibited from furnishing information consisting of delinquent payment information or other information regarding credit history, except where such information forms an integral part of a body of information reasonably believed to be related to financial crime.

Immunity from legal liability
Financial institutions and merchants are granted broad legal immunity from civil liability stemming from their participation in the network, provided their participation is consistent with the requirements of the Act. This immunity does not apply with respect to violations of Washington statutes.

Exceptions to immunity provisions
A participant will not be immune from legal liability if he or she:

knowingly provides false information to the network;
fails to maintain procedures to ensure that information provided to the network is reliable and current;
fails to maintain procedures to ensure that only properly designated individuals have access to the information from the network;
improperly uses the information for the purpose of evaluating a person's credit worthiness or other commercial purpose;
uses information derived from the network for any purpose other than that related to the prevention, deterrence, or prosecution of financial crimes; and
improperly shares or sells access to the network.

However, immunity from civil liability applies only if the provider of the information "reasonably believes" the information to be true, unless an emergency exists and the provider notes that the information may not be reliable.

Fair Credit Reporting Act
The bill states the intent that the provisions of the Act will not apply to the fraud alert network, provided the participants are in compliance with the other provisions of the bill.

Appropriation: None.

Fiscal Note: Preliminary fiscal note available.

Effective Date: The bill takes effect 90 days after adjournment of session in which bill is passed.