Bill Text: NY A00944 | 2009-2010 | General Assembly | Introduced
Bill Title: An act to amend the banking law, in relation to regulating the use and dissemination of confidential customer information by financial institutions
Spectrum: Partisan Bill (Republican 2-0)
Status: (Introduced - Dead) 2010-04-27 - held for consideration in banks [A00944 Detail]
Download: New_York-2009-A00944-Introduced.html
S T A T E O F N E W Y O R K
________________________________________________________________________
944
2009-2010 Regular Sessions
I N A S S E M B L Y
(PREFILED)
January 7, 2009
___________
Introduced by M. of A. McDONOUGH -- Multi-Sponsored by -- M. of A.
BUTLER -- read once and referred to the Committee on Banks
AN ACT to amend the banking law, in relation to regulating the use and
dissemination of confidential customer information by financial insti-
tutions
THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:
1 Section 1. The banking law is amended by adding a new article 17 to
2 read as follows:
3 ARTICLE 17
4 PROTECTION OF CUSTOMER FINANCIAL INFORMATION
5 SECTION 9020. DEFINITIONS.
6 9021. PRIVACY OF CONFIDENTIAL CUSTOMER INFORMATION.
7 9022. LIMITATIONS.
8 9023. RECORD RETENTION.
9 9024. ENFORCEMENT BY THE ATTORNEY GENERAL.
10 9025. PRIVATE RIGHT OF ACTION.
11 S 9020. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS
12 SHALL HAVE THE FOLLOWING MEANINGS:
13 1. "FINANCIAL INSTITUTION" MEANS ANY INSTITUTION THE BUSINESS OF WHICH
14 IS ENGAGING IN FINANCIAL ACTIVITIES AS DESCRIBED IN SECTION 4(K) OF THE
15 FEDERAL BANK HOLDING COMPANY ACT OF 1956.
16 2. "CONFIDENTIAL CUSTOMER INFORMATION" SHALL MEAN PERSONALLY IDENTIFI-
17 ABLE INFORMATION:
18 (A) PROVIDED BY A CUSTOMER TO A FINANCIAL INSTITUTION;
19 (B) RESULTING FROM ANY TRANSACTION WITH THE CUSTOMER OR THE SERVICE
20 PERFORMED FOR THE CUSTOMER; OR
21 (C) OTHERWISE OBTAINED BY THE FINANCIAL INSTITUTION.
EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
[ ] is old law to be omitted.
LBD01380-01-9
A. 944 2
1 3. "CUSTOMER" SHALL MEAN ANY INDIVIDUAL WHO OBTAINS, FROM A FINANCIAL
2 INSTITUTION, A PRODUCT OR SERVICE WHICH IS INTENDED TO BE USED PRIMARILY
3 FOR PERSONAL, FAMILY OR HOUSEHOLD PURPOSES, AND ALSO MEANS THE LEGAL
4 REPRESENTATIVE OF SUCH AN INDIVIDUAL, AND SHALL INCLUDE AN INDIVIDUAL
5 WHOSE APPLICATION FOR SUCH PRODUCT OR SERVICE HAS BEEN DENIED.
6 4. "UNAFFILIATED THIRD PARTY" SHALL MEAN ANY ENTITY OR PERSON THAT IS
7 NOT AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFILIATED BY
8 CORPORATE CONTROL WITH, THE FINANCIAL INSTITUTION, BUT DOES NOT INCLUDE
9 A JOINT EMPLOYEE OF SUCH INSTITUTION.
10 5. "AFFILIATE" SHALL MEAN ANY COMPANY THAT CONTROLS, IS CONTROLLED BY,
11 OR IS UNDER COMMON CONTROL WITH ANOTHER COMPANY.
12 S 9021. PRIVACY OF CONFIDENTIAL CUSTOMER INFORMATION. 1. EXCEPT AS
13 OTHERWISE EXPRESSLY PROVIDED IN THIS ARTICLE, A FINANCIAL INSTITUTION
14 SHALL NOT DIRECTLY OR THROUGH AN AFFILIATE DISCLOSE CONFIDENTIAL CUSTOM-
15 ER INFORMATION TO AN UNAFFILIATED THIRD PARTY UNLESS THE FINANCIAL
16 INSTITUTION HAS FIRST GIVEN WRITTEN NOTICE MEETING THE REQUIREMENTS OF
17 THIS SECTION TO THE CUSTOMER TO WHOM THE INFORMATION RELATES, AND HAS
18 OBTAINED THE INFORMED WRITTEN OR ELECTRONIC CONSENT OF THAT CUSTOMER FOR
19 SUCH DISCLOSURE, AND SUCH CONSENT HAS NOT BEEN WITHDRAWN.
20 2. ANY FINANCIAL INSTITUTION THAT SEEKS TO DISCLOSE CONFIDENTIAL
21 CUSTOMER INFORMATION SHALL FIRST PROVIDE A WRITTEN NOTICE, ENTITLED
22 "FINANCIAL PRIVACY NOTICE," WRITTEN IN ACCORDANCE WITH SECTION 5-702 OF
23 THE GENERAL OBLIGATIONS LAW, TO EACH OF ITS CUSTOMERS AT THE TIME AT
24 WHICH A FINANCIAL RELATIONSHIP IS INITIATED AND AT LEAST ANNUALLY THERE-
25 AFTER. SUCH NOTICE SHALL BE GIVEN AT THE TIME AN ACCOUNT IS OPENED, AT
26 THE TIME A LOAN OR MORTGAGE APPLICATION IS MADE, AT THE TIME A LOAN OR
27 MORTGAGE IS GRANTED, OR AT THE TIME THE CUSTOMER ENTERS INTO ANOTHER
28 FORM OF FINANCIAL TRANSACTION WITH THE FINANCIAL INSTITUTION.
29 3. THE NOTICE SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE:
30 (A) THE SPECIFIC TYPES OF CONFIDENTIAL CUSTOMER INFORMATION THAT THE
31 FINANCIAL INSTITUTION SEEKS TO DISCLOSE;
32 (B) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE WILL BE MADE;
33 (C) THE SPECIFIC TYPES OF UNAFFILIATED THIRD PARTIES TO WHICH DISCLO-
34 SURE WILL BE MADE;
35 (D) THE SPECIFIC USES THAT WILL BE MADE OF THE INFORMATION AFTER IT IS
36 DISCLOSED;
37 (E) ALL DISCLOSURES REQUIRED UNDER SECTION 603(D)(2)(A)(III) OF THE
38 FEDERAL FAIR CREDIT REPORTING ACT AND COMPARABLE DISCLOSURES UNDER ARTI-
39 CLE TWENTY-FIVE OF THE GENERAL BUSINESS LAW;
40 (F) THAT DISCLOSURE WILL BE LIMITED TO THE CONDITIONS SET FORTH IN THE
41 NOTICE;
42 (G) THAT THE CUSTOMER HAS THE RIGHT TO REVOKE THE CONSENT AT ANY TIME;
43 (H) THAT A NEW AUTHORIZATION WILL BE SOUGHT FROM THE CUSTOMER PRIOR TO
44 THE DISCLOSURE OF ANY CONFIDENTIAL CUSTOMER INFORMATION OTHER THAN UNDER
45 THE CONDITIONS SET FORTH IN THE NOTICE OR FOLLOWING REVOCATION OF THE
46 CONSENT;
47 (I) WHETHER THE FINANCIAL INSTITUTION WILL RECEIVE COMPENSATION FOR
48 THE DISCLOSURE;
49 (J) THAT A DENIAL OF APPROVAL WILL NOT ADVERSELY AFFECT THE CUSTOMER'S
50 FINANCIAL RELATIONSHIP WITH THE INSTITUTION;
51 (K) AN EXPIRATION DATE OF NO MORE THAN TWO YEARS FROM THE DATE OF
52 EXECUTION OF THE FORM; AND
53 (L) A SPACE FOR THE CUSTOMER'S SIGNATURE AND THE DATE OF EXECUTION OF
54 THE FORM.
55 4. NO DISCLOSURE OF CONFIDENTIAL CUSTOMER INFORMATION SHALL BE MADE
56 PRIOR TO RECEIPT BY THE FINANCIAL INSTITUTION OF A SIGNED AND DATED
A. 944 3
1 CONSENT FORM FROM THE CUSTOMER. IN ADDITION, NO DISCLOSURE OF CONFIDEN-
2 TIAL CUSTOMER INFORMATION SHALL BE MADE AFTER RECEIPT BY THE FINANCIAL
3 INSTITUTION OF A REVOCATION OF ANY CONSENT PREVIOUSLY GIVEN, UNLESS AND
4 UNTIL THE CUSTOMER EXECUTES A NEW INFORMED CONSENT FORM.
5 5. EVERY FINANCIAL INSTITUTION SHALL ESTABLISH APPROPRIATE ADMINISTRA-
6 TIVE, TECHNICAL AND PHYSICAL SAFEGUARDS TO ENSURE THE SECURITY AND
7 CONFIDENTIALITY OF RECORDS CONTAINING CONFIDENTIAL CONSUMER INFORMATION
8 AND TO PROTECT AGAINST ANY ANTICIPATED THREATS OR HAZARDS TO THEIR SECU-
9 RITY OR INTEGRITY THAT COULD RESULT IN SUBSTANTIAL HARM, EMBARRASSMENT,
10 INCONVENIENCE OR UNFAIRNESS TO ANY DATA SUBJECT ABOUT WHOM INFORMATION
11 IS MAINTAINED.
12 S 9022. LIMITATIONS. 1. NOTWITHSTANDING SECTION NINE THOUSAND TWENTY-
13 ONE OF THIS ARTICLE, A FINANCIAL INSTITUTION SHALL NOT BE PROHIBITED
14 FROM DISCLOSING CONFIDENTIAL CUSTOMER INFORMATION UNDER THE FOLLOWING
15 CIRCUMSTANCES:
16 (A) WHEN SPECIFICALLY AUTHORIZED BY THE CUSTOMER;
17 (B) WHEN NECESSARY TO MAINTAIN OR SERVICE THE CUSTOMER'S ACCOUNT WITH
18 THE FINANCIAL INSTITUTION;
19 (C) TO ANY PERSON OR ORGANIZATION PROVIDING PROFESSIONAL SERVICES TO
20 THE FINANCIAL INSTITUTION, INCLUDING, BUT NOT LIMITED TO, AN ACCOUNTANT
21 ENGAGED BY THE FINANCIAL INSTITUTION TO PREPARE AN INDEPENDENT AUDIT, AN
22 ATTORNEY PERFORMING A SERVICE ON BEHALF OF THE FINANCIAL INSTITUTION, OR
23 AN AGENT OR OTHER PERSON REPRESENTING THE FINANCIAL INSTITUTION IN
24 COLLECTING A DEBT OR OTHERWISE SECURING PAYMENT OF A LOAN OR ADVANCE;
25 (D) TO PROTECT THE CONFIDENTIALITY OR SECURITY OF ITS RECORDS PERTAIN-
26 ING TO THE CUSTOMER, THE SERVICE OR PRODUCT, OR THE TRANSACTION THEREIN,
27 OR TO PROTECT AGAINST OR PREVENT ACTUAL OR POTENTIAL FRAUD, UNAUTHORIZED
28 TRANSACTIONS, CLAIMS OR OTHER LIABILITY;
29 (E) TO PROVIDE INFORMATION TO APPLICABLE RATING AGENCIES OF THE FINAN-
30 CIAL INSTITUTION AND PERSONS ASSESSING THE INSTITUTION'S COMPLIANCE WITH
31 INDUSTRY STANDARDS;
32 (F) WHEN THE FINANCIAL INSTITUTION IS COMPELLED TO DISCLOSE THE
33 CONTENTS OF THE INFORMATION PURSUANT TO A LAWFUL SUBPOENA, SUMMONS,
34 WARRANT, OR COURT ORDER;
35 (G) WHEN DISCLOSURE IS REQUIRED BY FEDERAL OR STATE LAW OR REGULATION;
36 (H) TO A CREDIT-REPORTING AGENCY AS DEFINED BY SECTION SIX HUNDRED
37 THREE OF THE FEDERAL FAIR CREDIT REPORTING ACT FOR INCLUSION IN A
38 CONSUMER REPORT THAT MAY BE RELEASED TO A THIRD PARTY FOR A PURPOSE
39 PERMISSIBLE UNDER SECTION SIX HUNDRED FOUR OF SUCH ACT;
40 (I) TO GOVERNMENT ENTITIES;
41 (J) TO THE FINANCIAL INSTITUTION'S BOND OR INSURANCE COMPANIES WHEN
42 THE FINANCIAL INSTITUTION HAS INFORMATION RELATIVE TO A CLAIM PURSUANT
43 TO ITS BOND OR DIRECTOR'S AND OFFICER'S LIABILITY INSURANCE POLICY OR
44 OTHER INSURANCE COVERAGE; OR
45 (K) IN CONNECTION WITH AN ACTUAL SALE, MERGER, TRANSFER OR EXCHANGE OF
46 ALL OR A PORTION OR UNIT OF THE FINANCIAL INSTITUTION IF THE DISCLOSURE
47 CONCERNS SOLELY CUSTOMERS OF SUCH FINANCIAL INSTITUTION OR PORTION OR
48 UNIT.
49 2. PRIOR TO RELEASE OF CONFIDENTIAL CUSTOMER INFORMATION AUTHORIZED BY
50 SUBDIVISION ONE OF SECTION NINE THOUSAND TWENTY-ONE OF THIS ARTICLE, OR
51 AUTHORIZED BY PARAGRAPHS (B), (C), (D), (E) AND (J) OF SUBDIVISION ONE
52 OF THIS SECTION, THE FINANCIAL INSTITUTION SHALL ENTER INTO A CONTRACTU-
53 AL AGREEMENT WITH ANY THIRD PARTY RECEIVING SUCH CONFIDENTIAL CUSTOMER
54 INFORMATION, PROHIBITING SUCH THIRD PARTY FROM DISCLOSING SUCH INFORMA-
55 TION.
A. 944 4
1 S 9023. RECORD RETENTION. 1. A FINANCIAL INSTITUTION SHALL MAINTAIN
2 RECORDS OF FINANCIAL PRIVACY NOTIFICATION, AS REQUIRED IN THIS ARTICLE,
3 AND RETAIN COPIES OF EACH CUSTOMER'S APPROVAL OF DISCLOSURE OF CONFIDEN-
4 TIAL CUSTOMER INFORMATION OR WITHDRAWAL OF SUCH APPROVAL FOR AT LEAST
5 FIVE YEARS.
6 2. A FINANCIAL INSTITUTION SHALL MAINTAIN RECORDS OF ALL COMPLAINTS
7 UNDER THIS ARTICLE AND THEIR DISPOSITION, IF ANY, FOR AT LEAST TEN
8 YEARS.
9 S 9024. ENFORCEMENT BY THE ATTORNEY GENERAL. IN ADDITION TO THE OTHER
10 REMEDIES PROVIDED, WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE,
11 APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF THE
12 PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDIC-
13 TION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO
14 THE DEFENDANT OF NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE
15 CONTINUANCE OF SUCH VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFAC-
16 TION OF THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED
17 THIS ARTICLE, AN INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE,
18 ENJOINING THE RESTRAINING OF ANY FURTHER VIOLATION, WITHOUT REQUIRING
19 PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN
20 ANY SUCH PROCEEDINGS, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY
21 GENERAL AS PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION
22 EIGHTY-THREE HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND
23 DIRECT RESTITUTION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION
24 OF THIS ARTICLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF
25 NOT MORE THAN TWO THOUSAND DOLLARS FOR EACH VIOLATION. IN CONNECTION
26 WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED
27 TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS AND TO
28 ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE LAW AND RULES.
29 S 9025. PRIVATE RIGHT OF ACTION. IN THE EVENT THAT CONFIDENTIAL
30 CUSTOMER INFORMATION IS DISCLOSED BY A FINANCIAL INSTITUTION ABOUT ANY
31 CUSTOMER IN VIOLATION OF THIS ARTICLE, SUCH CUSTOMER MAY BRING AN ACTION
32 FOR RECOVERY OF DAMAGES. JUDGMENT SHALL BE ENTERED IN FAVOR OF A CONSUM-
33 ER IN AN AMOUNT NOT TO EXCEED THREE TIMES THE ACTUAL DAMAGES OR ONE
34 THOUSAND DOLLARS, WHICHEVER IS GREATER. THE COURT MAY AWARD REASONABLE
35 ATTORNEY'S FEES TO A PREVAILING PLAINTIFF.
36 S 2. Severability. If any clause, sentence, paragraph, section or part
37 of this act shall be adjudged by any court of competent jurisdiction to
38 be invalid, such judgment shall not affect, impair or invalidate the
39 remainder thereof, but shall be confined in its operation to the clause,
40 sentence, paragraph, section or part thereof directly involved in the
41 controversy in which such judgment shall have been rendered.
42 S 3. This act shall take effect on the ninetieth day after it shall
43 have become a law.
