Bill Text: NY A01438 | 2011-2012 | General Assembly | Introduced
Bill Title: Provides protection from disclosure of confidential information by telephone corporations and wireless phone services; requires a covered entity to abide by a written policy regarding the privacy of customer information; sets forth civil enforcement provisions.
Spectrum: Moderate Partisan Bill (Democrat 46-10)
Status: (Introduced - Dead) 2012-01-04 - referred to consumer affairs and protection [A01438 Detail]
Download: New_York-2011-A01438-Introduced.html
S T A T E O F N E W Y O R K ________________________________________________________________________ 1438 2011-2012 Regular Sessions I N A S S E M B L Y January 10, 2011 ___________ Introduced by M. of A. DINOWITZ, PHEFFER, GALEF, MILLMAN, BENEDETTO, AUBRY, PAULIN, COLTON, GABRYSZAK, JAFFEE -- Multi-Sponsored by -- M. of A. BOYLAND, BRENNAN, CAHILL, COOK, CROUCH, CUSICK, CYMBROWITZ, DESTITO, ENGLEBRIGHT, FARRELL, FINCH, GANTT, GIGLIO, GLICK, GOTTFRIED, GUNTHER, HEASTIE, HIKIND, HOOPER, HOYT, JACOBS, LATIMER, LAVINE, V. LOPEZ, LUPARDO, MAGEE, MAGNARELLI, MARKEY, MAYERSOHN, McDONOUGH, McENENY, J. MILLER, MORELLE, OAKS, PEOPLES-STOKES, PERRY, PRETLOW, RAIA, REILLY, J. RIVERA, P. RIVERA, ROBINSON, SAYWARD, SCARBOROUGH, SCHIMMINGER, THIELE, WEISENBERG, WRIGHT -- read once and referred to the Committee on Consumer Affairs and Protection AN ACT to amend the general business law, in relation to the dissem- ination of confidential information by telephone corporations and wireless phone services providers THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: 1 Section 1. Legislative findings and declaration. The legislature here- 2 by finds that unauthorized third parties are able to obtain, procure, 3 purchase or sell a person's telephone or wireless phone records related 4 to any given period of time. Access to this information can sometimes be 5 useful to law enforcement personnel. Such information, however, can be 6 dangerous if the confidential information released is that of an under- 7 cover officer, other authorized law enforcement personnel or government 8 employee. Unauthorized release of call records also can be damaging to 9 commerce by revealing private business relationships. The unauthorized 10 release of the phone records of counselors, including clergy, physi- 11 cians, psychotherapists, financial consultants and non-profit organiza- 12 tions, can undermine these relationships of trust and in some instances 13 jeopardize the well being of these counselors and their clients. In 14 addition, most private individuals expect that their phone call logs or 15 their information related to their telephone account is confidential and 16 will not be disseminated to unauthorized persons. EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD04453-01-1 A. 1438 2 1 The legislature further finds that, despite the strong interest that 2 authorized personnel and private citizens have in protecting access to 3 this information, such information is sometimes obtained fraudulently or 4 without authorization, and subsequently sold or otherwise released for 5 commercial or other purposes. As a result, confidential phone records 6 that are obtained and released without authorization or otherwise have 7 had adverse consequences including: (1) the exposure of undercover law 8 enforcement personnel; (2) an increase in identity fraud crimes; (3) an 9 increase in intrusive and deceptive telephone, direct mail and internet 10 solicitations; (4) an invasion of privacy for individuals who have had 11 personal information revealed without their consent; (5) revealing 12 confidential business communications; (6) harmful to counselors and 13 their clients; (7) a disruption to telecommunications service providers 14 and their provision of service to their legitimate customers; and (8) 15 the dissemination of false and spurious information which has led to 16 denial or refusal of housing, employment, insurance and other services 17 and opportunities. 18 The legislature, therefore, finds and declares that it is in the 19 public's and state's interest to protect against the release of confi- 20 dential information and limit the release of confidential information 21 from telephone corporation and wireless service providers to instances 22 where such a release of information is requested by or authorized by the 23 telecommunications service customer and where release procedures have 24 been established and followed; or where a subpoena, search warrant or 25 court-ordered request for customer records is issued. Such limitations 26 and requisite penalties will meaningfully and substantially advance the 27 state's interests in protecting personal privacy in a manner that is 28 narrowly tailored to avoid adverse impact on other rights and needs of 29 telecommunication service consumers and the providers of such services. 30 S 2. The general business law is amended by adding a new article 32-A 31 to read as follows: 32 ARTICLE 32-A 33 PROTECTION OF TELEPHONE RECORDS 34 SECTION 676. DEFINITIONS. 35 676-A. PRIVACY OF CONFIDENTIAL INFORMATION. 36 676-B. NOTICE. 37 676-C. CIVIL ENFORCEMENT. 38 S 676. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS SHALL 39 HAVE THE FOLLOWING MEANINGS: 40 1. "TELEPHONE CORPORATION" SHALL HAVE THE SAME MEANING AS PROVIDED IN 41 SECTION TWO OF THE PUBLIC SERVICE LAW. 42 2. "WIRELESS PHONE SERVICE" MEANS ALL COMMERCIAL MOBILE SERVICES, AS 43 THAT TERM IS DEFINED IN SECTION 332(D) OF TITLE 47, UNITED STATES CODE, 44 AS AMENDED FROM TIME TO TIME, INCLUDING, BUT NOT LIMITED TO, ALL BROAD- 45 BAND PERSONAL COMMUNICATIONS SERVICES, WIRELESS RADIO TELEPHONE 46 SERVICES, SATELLITE PROVIDERS, GEOGRAPHIC AREA SPECIALIZED AND ENHANCED 47 SPECIALIZED MOBILE RADIO SERVICES, AND INCUMBENT-WIDE AREAS SPECIALIZED 48 MOBILE RADIO LICENSEES, WHICH OFFER REAL TIME, TWO-WAY VOICE OR DATA 49 SERVICE THAT IS INTERCONNECTED WITH THE PUBLIC SWITCHED TELEPHONE 50 NETWORK OR OTHERWISE PROVIDES ACCESS TO EMERGENCY COMMUNICATIONS 51 SERVICES, OR ANY OTHER TELEPHONE SERVICE. 52 3. "COVERED ENTITY" MEANS A TELEPHONE CORPORATION OR WIRELESS PHONE 53 SERVICE PROVIDER, AND INCLUDES ANY PROVIDER OF IP-ENABLED VOICE SERVICE. 54 4. "CONFIDENTIAL TELECOMMUNICATION RECORDS INFORMATION" OR "CONFIDEN- 55 TIAL INFORMATION" MEANS: A. 1438 3 1 (A) INFORMATION THAT RELATES TO THE QUALITY, TECHNICAL CONFIGURATION, 2 TYPE, DESTINATION, LOCATION, AND AMOUNT OF USE OF A TELECOMMUNICATIONS 3 SERVICE SUBSCRIBED TO BY ANY CUSTOMER OF A COVERED ENTITY; AND 4 (B) INFORMATION CONTAINED IN CUSTOMERS' BILLING STATEMENTS PERTAINING 5 TO TELEPHONE EXCHANGE SERVICE OR TELEPHONE TOLL SERVICE RECEIVED BY A 6 CUSTOMER OF A COVERED ENTITY; PROVIDED, HOWEVER, CONFIDENTIAL TELECOMMU- 7 NICATION RECORDS INFORMATION SHALL NOT INCLUDE INFORMATION REGARDING A 8 CONSUMER'S PAYMENT HISTORY PURSUANT TO ARTICLE TWENTY-FIVE OF THIS CHAP- 9 TER. 10 5. "UNAFFILIATED THIRD PARTY" MEANS ANY ENTITY OR PERSON THAT IS NOT 11 AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFILIATED BY CORPO- 12 RATE CONTROL WITH THE COVERED ENTITY, BUT DOES NOT INCLUDE A JOINT 13 EMPLOYEE OF SUCH INSTITUTION. 14 6. "AFFILIATE" SHALL HAVE THE SAME MEANING AS PROVIDED IN SECTION NINE 15 HUNDRED TWELVE OF THE BUSINESS CORPORATION LAW. 16 7. "PERSON" MEANS ANY NATURAL PERSON AND ANY FIRM, ORGANIZATION, PART- 17 NERSHIP, ASSOCIATION, CORPORATION, NOT-FOR-PROFIT ORGANIZATION, OR OTHER 18 ENTITY. 19 8. "IP-ENABLED VOICE SERVICE" MEANS: 20 (A) THE SERVICE ENABLES REAL-TIME, TWO-WAY VOICE COMMUNICATIONS; 21 (B) THE SERVICE REQUIRES A BROADBAND CONNECTION FROM THE USERS' 22 LOCATION; 23 (C) THE SERVICE REQUIRES IP-COMPATIBLE END-USER EQUIPMENT; AND 24 (D) THE SERVICE OFFERING PERMITS USERS GENERALLY TO RECEIVE CALLS THAT 25 ORIGINATE ON THE PUBLIC SWITCHED TELEPHONE NETWORK (PSTN) AND TO TERMI- 26 NATE CALLS TO THE PSTN. 27 9. "CUSTOMER" MEANS, WITH RESPECT TO A COVERED ENTITY, ANY PERSON OR 28 AUTHORIZED REPRESENTATIVE OF A PERSON TO WHOM THE COVERED ENTITY 29 PROVIDES A PRODUCT OR SERVICE. 30 10. "PROCURE" MEANS TO OBTAIN CONFIDENTIAL TELECOMMUNICATION RECORDS 31 INFORMATION BY ANY MEANS, WHETHER ELECTRONICALLY, IN WRITING OR ORAL 32 FORM, WITH OR WITHOUT CONSIDERATION. 33 S 676-A. PRIVACY OF CONFIDENTIAL INFORMATION. 1. EXCEPT AS OTHERWISE 34 EXPRESSLY PROVIDED IN THIS ARTICLE, A COVERED ENTITY SHALL NOT DIRECTLY 35 OR THROUGH AN AFFILIATE DISCLOSE CONFIDENTIAL TELECOMMUNICATION RECORDS 36 INFORMATION TO AN UNAFFILIATED THIRD PARTY, UNLESS: 37 (A) THE COVERED ENTITY SHALL HAVE FIRST AFFIRMATIVELY OBTAINED VIA 38 VERIFIABLE MEANS INFORMED CONSENT FOR SUCH DISCLOSURE FROM THE PERSON 39 WHOSE CONFIDENTIAL TELECOMMUNICATION RECORDS INFORMATION IS SOUGHT, AND 40 SUCH CONSENT HAS NOT BEEN WITHDRAWN; THE COVERED ENTITY SHALL HAVE FIRST 41 RECEIVED FROM THE PERSON REQUESTING DISCLOSURE POSITIVE AND VERIFIABLE 42 IDENTIFICATION THAT SUCH PERSON IS AUTHORIZED PURSUANT TO THIS ARTICLE 43 TO RECEIVE SUCH CONFIDENTIAL INFORMATION IN ACCORD WITH THE PROCEDURES 44 ESTABLISHED BY THE COVERED ENTITY; 45 (B) THE COVERED ENTITY IS AUTHORIZED PURSUANT TO COURT ORDER OR 46 SUBPOENA TO RELEASE SUCH CONFIDENTIAL INFORMATION OR IS OTHERWISE 47 REQUIRED TO DO SO BY LAW; 48 (C) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS NECESSARY TO THE 49 RENDITION OF THE SERVICE OR TO THE PROTECTION OF THE RIGHTS OR PROPERTY 50 OF THE COVERED ENTITY, OR TO PROTECT THE CUSTOMER OF THOSE SERVICES FROM 51 FRAUDULENT, ABUSIVE, OR UNLAWFUL USE OF, OR SUBSCRIPTION TO, SUCH 52 SERVICES; 53 (D) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS MADE TO A LAW 54 ENFORCEMENT OR OTHER GOVERNMENTAL AGENCY UPON THE REASONABLE BELIEF THAT 55 EXIGENT CIRCUMSTANCES INVOLVING THE IMMEDIATE DANGER OF DEATH OR SERIOUS 56 PHYSICAL INJURY TO ANY PERSON EXIST; OR A. 1438 4 1 (E) DISCLOSURE OF SUCH CONFIDENTIAL INFORMATION IS MADE TO THE 2 NATIONAL CENTER OF MISSING AND EXPLOITED CHILDREN IN CONNECTION WITH A 3 REPORT SUBMITTED THERETO PURSUANT TO SECTION 227 OF THE FEDERAL "VICTIMS 4 OF CHILD ABUSE ACT OF 1990." 5 2. NO UNAFFILIATED THIRD PARTY WHO MAY BE IN RECEIPT OF CONFIDENTIAL 6 TELECOMMUNICATION RECORDS INFORMATION RETAINED BY A COVERED ENTITY OR 7 ANY OF ITS AFFILIATES SHALL RELEASE SUCH CONFIDENTIAL INFORMATION TO 8 ANOTHER PERSON, EXCEPT THAT SUCH CONFIDENTIAL INFORMATION MAY BE 9 DISCLOSED BY A LAW ENFORCEMENT AGENCY IN THE FURTHERANCE OF THE LAW 10 ENFORCEMENT PURPOSE. 11 S 676-B. NOTICE. 1. A COVERED ENTITY SHALL ABIDE BY A WRITTEN POLICY 12 REGARDING THE PRIVACY OF CUSTOMER INFORMATION IN ACCORDANCE WITH THIS 13 ARTICLE AND APPLICABLE FEDERAL AND STATE LAW AND WILL MAKE SUCH PRIVACY 14 POLICY AVAILABLE TO ITS CUSTOMERS, AND TO PROSPECTIVE CUSTOMERS PRIOR TO 15 THEIR ENTERING INTO AN AGREEMENT OR CONTRACT WITH A COVERED ENTITY, 16 EITHER BY POSTING SUCH PRIVACY POLICY CONSPICUOUSLY ON ITS WEBSITE OR BY 17 MAKING IT AVAILABLE THROUGH OTHER VERIFIABLE MEANS. SUCH PRIVACY POLICY 18 SHALL BE SET FORTH IN ACCORDANCE WITH THE PROVISIONS OF SECTION 5-702 OF 19 THE GENERAL OBLIGATIONS LAW. 20 2. THE WRITTEN PRIVACY POLICY REQUIRED PURSUANT TO SUBDIVISION ONE OF 21 THIS SECTION SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE: 22 (A) THE TYPES OF CONFIDENTIAL INFORMATION THAT THE COVERED ENTITY MAY 23 SEEK TO DISCLOSE; 24 (B) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY BE MADE; 25 (C) THE TYPES OF UNAFFILIATED THIRD PARTIES TO WHICH DISCLOSURE MAY BE 26 MADE; AND 27 (D) WHETHER AND HOW CUSTOMER CONSENT WILL BE OBTAINED, WHEN APPLICA- 28 BLE. 29 S 676-C. CIVIL ENFORCEMENT. 1. WHENEVER THERE SHALL BE A VIOLATION OF 30 THIS ARTICLE OR ANY RULES OR REGULATIONS PROMULGATED PURSUANT TO THIS 31 ARTICLE, AN APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME 32 OF THE PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING 33 JURISDICTION TO ISSUE AN INJUNCTION, AND UPON NOTICE TO THE DEFENDANT OF 34 NOT FEWER THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUANCE OF SUCH 35 VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR 36 JUSTICE, THAT THE DEFENDANT HAS, IN FACT, VIOLATED THIS ARTICLE AN 37 INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE ENJOINING AND 38 RESTRAINING ANY FURTHER VIOLATION, WITHOUT REQUIRING PROOF THAT ANY 39 PERSON HAS IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN ANY SUCH 40 PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY GENERAL AS 41 PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION EIGHTY-THREE 42 HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND DIRECT RESTITU- 43 TION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION OF THIS ARTI- 44 CLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF NOT MORE THAN 45 ONE THOUSAND DOLLARS PER VIOLATION. IN CONNECTION WITH ANY SUCH PROPOSED 46 APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED TO TAKE PROOF AND MAKE A 47 DETERMINATION OF THE RELEVANT FACTS AND TO ISSUE SUBPOENAS IN ACCORDANCE 48 WITH THE CIVIL PRACTICE LAW AND RULES. AN ACTION BROUGHT BY THE ATTORNEY 49 GENERAL MAY ALSO INCLUDE OTHER CAUSES OF ACTION. 50 2. THE REMEDIES, DUTIES, PROHIBITIONS AND PENALTIES PROVIDED IN THIS 51 ARTICLE ARE NOT EXCLUSIVE AND ARE IN ADDITION TO ALL OTHER CAUSES OF 52 ACTION, REMEDIES, AND PENALTIES PROVIDED BY LAW. 53 S 3. Every covered entity doing business in the state shall have in 54 place and enforce internal procedures designed to prevent the unauthor- 55 ized procurement, sale or release of confidential telecommunication 56 records information, including, but not limited to, procedures to ensure A. 1438 5 1 the identity of a customer and procedures for authorizing consent for 2 the release of any such confidential information. No confidential 3 information shall be released except pursuant to these procedures. The 4 procedures required by this provision shall be available to the attorney 5 general upon written request. 6 S 4. This act shall take effect on the one hundred eightieth day after 7 it shall have become a law; provided however that effective immediately, 8 the addition, amendment and/or repeal of any rule or regulation neces- 9 sary for the implementation of this act on its effective date are 10 authorized and directed to be made and completed by the secretary of 11 state, in consultation with the attorney general and the public service 12 commission, on or before such effective date.