Bill Text: NY A01438 | 2011-2012 | General Assembly | Introduced
Bill Title: Provides protection from disclosure of confidential information by telephone corporations and wireless phone services; requires a covered entity to abide by a written policy regarding the privacy of customer information; sets forth civil enforcement provisions.
Spectrum: Moderate Partisan Bill (Democrat 46-10)
Status: (Introduced - Dead) 2012-01-04 - referred to consumer affairs and protection [A01438 Detail]
Download: New_York-2011-A01438-Introduced.html
S T A T E O F N E W Y O R K
________________________________________________________________________
1438
2011-2012 Regular Sessions
I N A S S E M B L Y
January 10, 2011
___________
Introduced by M. of A. DINOWITZ, PHEFFER, GALEF, MILLMAN, BENEDETTO,
AUBRY, PAULIN, COLTON, GABRYSZAK, JAFFEE -- Multi-Sponsored by -- M.
of A. BOYLAND, BRENNAN, CAHILL, COOK, CROUCH, CUSICK, CYMBROWITZ,
DESTITO, ENGLEBRIGHT, FARRELL, FINCH, GANTT, GIGLIO, GLICK, GOTTFRIED,
GUNTHER, HEASTIE, HIKIND, HOOPER, HOYT, JACOBS, LATIMER, LAVINE,
V. LOPEZ, LUPARDO, MAGEE, MAGNARELLI, MARKEY, MAYERSOHN, McDONOUGH,
McENENY, J. MILLER, MORELLE, OAKS, PEOPLES-STOKES, PERRY, PRETLOW,
RAIA, REILLY, J. RIVERA, P. RIVERA, ROBINSON, SAYWARD, SCARBOROUGH,
SCHIMMINGER, THIELE, WEISENBERG, WRIGHT -- read once and referred to
the Committee on Consumer Affairs and Protection
AN ACT to amend the general business law, in relation to the dissem-
ination of confidential information by telephone corporations and
wireless phone services providers
THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:
1 Section 1. Legislative findings and declaration. The legislature here-
2 by finds that unauthorized third parties are able to obtain, procure,
3 purchase or sell a person's telephone or wireless phone records related
4 to any given period of time. Access to this information can sometimes be
5 useful to law enforcement personnel. Such information, however, can be
6 dangerous if the confidential information released is that of an under-
7 cover officer, other authorized law enforcement personnel or government
8 employee. Unauthorized release of call records also can be damaging to
9 commerce by revealing private business relationships. The unauthorized
10 release of the phone records of counselors, including clergy, physi-
11 cians, psychotherapists, financial consultants and non-profit organiza-
12 tions, can undermine these relationships of trust and in some instances
13 jeopardize the well being of these counselors and their clients. In
14 addition, most private individuals expect that their phone call logs or
15 their information related to their telephone account is confidential and
16 will not be disseminated to unauthorized persons.
EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
[ ] is old law to be omitted.
LBD04453-01-1
A. 1438 2
1 The legislature further finds that, despite the strong interest that
2 authorized personnel and private citizens have in protecting access to
3 this information, such information is sometimes obtained fraudulently or
4 without authorization, and subsequently sold or otherwise released for
5 commercial or other purposes. As a result, confidential phone records
6 that are obtained and released without authorization or otherwise have
7 had adverse consequences including: (1) the exposure of undercover law
8 enforcement personnel; (2) an increase in identity fraud crimes; (3) an
9 increase in intrusive and deceptive telephone, direct mail and internet
10 solicitations; (4) an invasion of privacy for individuals who have had
11 personal information revealed without their consent; (5) revealing
12 confidential business communications; (6) harmful to counselors and
13 their clients; (7) a disruption to telecommunications service providers
14 and their provision of service to their legitimate customers; and (8)
15 the dissemination of false and spurious information which has led to
16 denial or refusal of housing, employment, insurance and other services
17 and opportunities.
18 The legislature, therefore, finds and declares that it is in the
19 public's and state's interest to protect against the release of confi-
20 dential information and limit the release of confidential information
21 from telephone corporation and wireless service providers to instances
22 where such a release of information is requested by or authorized by the
23 telecommunications service customer and where release procedures have
24 been established and followed; or where a subpoena, search warrant or
25 court-ordered request for customer records is issued. Such limitations
26 and requisite penalties will meaningfully and substantially advance the
27 state's interests in protecting personal privacy in a manner that is
28 narrowly tailored to avoid adverse impact on other rights and needs of
29 telecommunication service consumers and the providers of such services.
30 S 2. The general business law is amended by adding a new article 32-A
31 to read as follows:
32 ARTICLE 32-A
33 PROTECTION OF TELEPHONE RECORDS
34 SECTION 676. DEFINITIONS.
35 676-A. PRIVACY OF CONFIDENTIAL INFORMATION.
36 676-B. NOTICE.
37 676-C. CIVIL ENFORCEMENT.
38 S 676. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS SHALL
39 HAVE THE FOLLOWING MEANINGS:
40 1. "TELEPHONE CORPORATION" SHALL HAVE THE SAME MEANING AS PROVIDED IN
41 SECTION TWO OF THE PUBLIC SERVICE LAW.
42 2. "WIRELESS PHONE SERVICE" MEANS ALL COMMERCIAL MOBILE SERVICES, AS
43 THAT TERM IS DEFINED IN SECTION 332(D) OF TITLE 47, UNITED STATES CODE,
44 AS AMENDED FROM TIME TO TIME, INCLUDING, BUT NOT LIMITED TO, ALL BROAD-
45 BAND PERSONAL COMMUNICATIONS SERVICES, WIRELESS RADIO TELEPHONE
46 SERVICES, SATELLITE PROVIDERS, GEOGRAPHIC AREA SPECIALIZED AND ENHANCED
47 SPECIALIZED MOBILE RADIO SERVICES, AND INCUMBENT-WIDE AREAS SPECIALIZED
48 MOBILE RADIO LICENSEES, WHICH OFFER REAL TIME, TWO-WAY VOICE OR DATA
49 SERVICE THAT IS INTERCONNECTED WITH THE PUBLIC SWITCHED TELEPHONE
50 NETWORK OR OTHERWISE PROVIDES ACCESS TO EMERGENCY COMMUNICATIONS
51 SERVICES, OR ANY OTHER TELEPHONE SERVICE.
52 3. "COVERED ENTITY" MEANS A TELEPHONE CORPORATION OR WIRELESS PHONE
53 SERVICE PROVIDER, AND INCLUDES ANY PROVIDER OF IP-ENABLED VOICE SERVICE.
54 4. "CONFIDENTIAL TELECOMMUNICATION RECORDS INFORMATION" OR "CONFIDEN-
55 TIAL INFORMATION" MEANS:
A. 1438 3
1 (A) INFORMATION THAT RELATES TO THE QUALITY, TECHNICAL CONFIGURATION,
2 TYPE, DESTINATION, LOCATION, AND AMOUNT OF USE OF A TELECOMMUNICATIONS
3 SERVICE SUBSCRIBED TO BY ANY CUSTOMER OF A COVERED ENTITY; AND
4 (B) INFORMATION CONTAINED IN CUSTOMERS' BILLING STATEMENTS PERTAINING
5 TO TELEPHONE EXCHANGE SERVICE OR TELEPHONE TOLL SERVICE RECEIVED BY A
6 CUSTOMER OF A COVERED ENTITY; PROVIDED, HOWEVER, CONFIDENTIAL TELECOMMU-
7 NICATION RECORDS INFORMATION SHALL NOT INCLUDE INFORMATION REGARDING A
8 CONSUMER'S PAYMENT HISTORY PURSUANT TO ARTICLE TWENTY-FIVE OF THIS CHAP-
9 TER.
10 5. "UNAFFILIATED THIRD PARTY" MEANS ANY ENTITY OR PERSON THAT IS NOT
11 AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFILIATED BY CORPO-
12 RATE CONTROL WITH THE COVERED ENTITY, BUT DOES NOT INCLUDE A JOINT
13 EMPLOYEE OF SUCH INSTITUTION.
14 6. "AFFILIATE" SHALL HAVE THE SAME MEANING AS PROVIDED IN SECTION NINE
15 HUNDRED TWELVE OF THE BUSINESS CORPORATION LAW.
16 7. "PERSON" MEANS ANY NATURAL PERSON AND ANY FIRM, ORGANIZATION, PART-
17 NERSHIP, ASSOCIATION, CORPORATION, NOT-FOR-PROFIT ORGANIZATION, OR OTHER
18 ENTITY.
19 8. "IP-ENABLED VOICE SERVICE" MEANS:
20 (A) THE SERVICE ENABLES REAL-TIME, TWO-WAY VOICE COMMUNICATIONS;
21 (B) THE SERVICE REQUIRES A BROADBAND CONNECTION FROM THE USERS'
22 LOCATION;
23 (C) THE SERVICE REQUIRES IP-COMPATIBLE END-USER EQUIPMENT; AND
24 (D) THE SERVICE OFFERING PERMITS USERS GENERALLY TO RECEIVE CALLS THAT
25 ORIGINATE ON THE PUBLIC SWITCHED TELEPHONE NETWORK (PSTN) AND TO TERMI-
26 NATE CALLS TO THE PSTN.
27 9. "CUSTOMER" MEANS, WITH RESPECT TO A COVERED ENTITY, ANY PERSON OR
28 AUTHORIZED REPRESENTATIVE OF A PERSON TO WHOM THE COVERED ENTITY
29 PROVIDES A PRODUCT OR SERVICE.
30 10. "PROCURE" MEANS TO OBTAIN CONFIDENTIAL TELECOMMUNICATION RECORDS
31 INFORMATION BY ANY MEANS, WHETHER ELECTRONICALLY, IN WRITING OR ORAL
32 FORM, WITH OR WITHOUT CONSIDERATION.
33 S 676-A. PRIVACY OF CONFIDENTIAL INFORMATION. 1. EXCEPT AS OTHERWISE
34 EXPRESSLY PROVIDED IN THIS ARTICLE, A COVERED ENTITY SHALL NOT DIRECTLY
35 OR THROUGH AN AFFILIATE DISCLOSE CONFIDENTIAL TELECOMMUNICATION RECORDS
36 INFORMATION TO AN UNAFFILIATED THIRD PARTY, UNLESS:
37 (A) THE COVERED ENTITY SHALL HAVE FIRST AFFIRMATIVELY OBTAINED VIA
38 VERIFIABLE MEANS INFORMED CONSENT FOR SUCH DISCLOSURE FROM THE PERSON
39 WHOSE CONFIDENTIAL TELECOMMUNICATION RECORDS INFORMATION IS SOUGHT, AND
40 SUCH CONSENT HAS NOT BEEN WITHDRAWN; THE COVERED ENTITY SHALL HAVE FIRST
41 RECEIVED FROM THE PERSON REQUESTING DISCLOSURE POSITIVE AND VERIFIABLE
42 IDENTIFICATION THAT SUCH PERSON IS AUTHORIZED PURSUANT TO THIS ARTICLE
43 TO RECEIVE SUCH CONFIDENTIAL INFORMATION IN ACCORD WITH THE PROCEDURES
44 ESTABLISHED BY THE COVERED ENTITY;
45 (B) THE COVERED ENTITY IS AUTHORIZED PURSUANT TO COURT ORDER OR
46 SUBPOENA TO RELEASE SUCH CONFIDENTIAL INFORMATION OR IS OTHERWISE
47 REQUIRED TO DO SO BY LAW;
48 (C) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS NECESSARY TO THE
49 RENDITION OF THE SERVICE OR TO THE PROTECTION OF THE RIGHTS OR PROPERTY
50 OF THE COVERED ENTITY, OR TO PROTECT THE CUSTOMER OF THOSE SERVICES FROM
51 FRAUDULENT, ABUSIVE, OR UNLAWFUL USE OF, OR SUBSCRIPTION TO, SUCH
52 SERVICES;
53 (D) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS MADE TO A LAW
54 ENFORCEMENT OR OTHER GOVERNMENTAL AGENCY UPON THE REASONABLE BELIEF THAT
55 EXIGENT CIRCUMSTANCES INVOLVING THE IMMEDIATE DANGER OF DEATH OR SERIOUS
56 PHYSICAL INJURY TO ANY PERSON EXIST; OR
A. 1438 4
1 (E) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS MADE TO THE
2 NATIONAL CENTER OF MISSING AND EXPLOITED CHILDREN IN CONNECTION WITH A
3 REPORT SUBMITTED THERETO PURSUANT TO SECTION 227 OF THE FEDERAL "VICTIMS
4 OF CHILD ABUSE ACT OF 1990."
5 2. NO UNAFFILIATED THIRD PARTY WHO MAY BE IN RECEIPT OF CONFIDENTIAL
6 TELECOMMUNICATION RECORDS INFORMATION RETAINED BY A COVERED ENTITY OR
7 ANY OF ITS AFFILIATES SHALL RELEASE SUCH CONFIDENTIAL INFORMATION TO
8 ANOTHER PERSON, EXCEPT THAT SUCH CONFIDENTIAL INFORMATION MAY BE
9 DISCLOSED BY A LAW ENFORCEMENT AGENCY IN THE FURTHERANCE OF THE LAW
10 ENFORCEMENT PURPOSE.
11 S 676-B. NOTICE. 1. A COVERED ENTITY SHALL ABIDE BY A WRITTEN POLICY
12 REGARDING THE PRIVACY OF CUSTOMER INFORMATION IN ACCORDANCE WITH THIS
13 ARTICLE AND APPLICABLE FEDERAL AND STATE LAW AND WILL MAKE SUCH PRIVACY
14 POLICY AVAILABLE TO ITS CUSTOMERS, AND TO PROSPECTIVE CUSTOMERS PRIOR TO
15 THEIR ENTERING INTO AN AGREEMENT OR CONTRACT WITH A COVERED ENTITY,
16 EITHER BY POSTING SUCH PRIVACY POLICY CONSPICUOUSLY ON ITS WEBSITE OR BY
17 MAKING IT AVAILABLE THROUGH OTHER VERIFIABLE MEANS. SUCH PRIVACY POLICY
18 SHALL BE SET FORTH IN ACCORDANCE WITH THE PROVISIONS OF SECTION 5-702 OF
19 THE GENERAL OBLIGATIONS LAW.
20 2. THE WRITTEN PRIVACY POLICY REQUIRED PURSUANT TO SUBDIVISION ONE OF
21 THIS SECTION SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE:
22 (A) THE TYPES OF CONFIDENTIAL INFORMATION THAT THE COVERED ENTITY MAY
23 SEEK TO DISCLOSE;
24 (B) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY BE MADE;
25 (C) THE TYPES OF UNAFFILIATED THIRD PARTIES TO WHICH DISCLOSURE MAY BE
26 MADE; AND
27 (D) WHETHER AND HOW CUSTOMER CONSENT WILL BE OBTAINED, WHEN APPLICA-
28 BLE.
29 S 676-C. CIVIL ENFORCEMENT. 1. WHENEVER THERE SHALL BE A VIOLATION OF
30 THIS ARTICLE OR ANY RULES OR REGULATIONS PROMULGATED PURSUANT TO THIS
31 ARTICLE, AN APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME
32 OF THE PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING
33 JURISDICTION TO ISSUE AN INJUNCTION, AND UPON NOTICE TO THE DEFENDANT OF
34 NOT FEWER THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUANCE OF SUCH
35 VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR
36 JUSTICE, THAT THE DEFENDANT HAS, IN FACT, VIOLATED THIS ARTICLE AN
37 INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE ENJOINING AND
38 RESTRAINING ANY FURTHER VIOLATION, WITHOUT REQUIRING PROOF THAT ANY
39 PERSON HAS IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN ANY SUCH
40 PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY GENERAL AS
41 PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION EIGHTY-THREE
42 HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND DIRECT RESTITU-
43 TION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION OF THIS ARTI-
44 CLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF NOT MORE THAN
45 ONE THOUSAND DOLLARS PER VIOLATION. IN CONNECTION WITH ANY SUCH PROPOSED
46 APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED TO TAKE PROOF AND MAKE A
47 DETERMINATION OF THE RELEVANT FACTS AND TO ISSUE SUBPOENAS IN ACCORDANCE
48 WITH THE CIVIL PRACTICE LAW AND RULES. AN ACTION BROUGHT BY THE ATTORNEY
49 GENERAL MAY ALSO INCLUDE OTHER CAUSES OF ACTION.
50 2. THE REMEDIES, DUTIES, PROHIBITIONS AND PENALTIES PROVIDED IN THIS
51 ARTICLE ARE NOT EXCLUSIVE AND ARE IN ADDITION TO ALL OTHER CAUSES OF
52 ACTION, REMEDIES, AND PENALTIES PROVIDED BY LAW.
53 S 3. Every covered entity doing business in the state shall have in
54 place and enforce internal procedures designed to prevent the unauthor-
55 ized procurement, sale or release of confidential telecommunication
56 records information, including, but not limited to, procedures to ensure
A. 1438 5
1 the identity of a customer and procedures for authorizing consent for
2 the release of any such confidential information. No confidential
3 information shall be released except pursuant to these procedures. The
4 procedures required by this provision shall be available to the attorney
5 general upon written request.
6 S 4. This act shall take effect on the one hundred eightieth day after
7 it shall have become a law; provided however that effective immediately,
8 the addition, amendment and/or repeal of any rule or regulation neces-
9 sary for the implementation of this act on its effective date are
10 authorized and directed to be made and completed by the secretary of
11 state, in consultation with the attorney general and the public service
12 commission, on or before such effective date.
