Bill Text: NY S03263 | 2013-2014 | General Assembly | Introduced
Bill Title: Makes provisions for privacy in banking, insurance, and other financial transactions, forbidding disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information; provides for enforcement by the attorney general and authorizes private actions.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2014-01-08 - REFERRED TO CONSUMER PROTECTION [S03263 Detail]
Download: New_York-2013-S03263-Introduced.html
S T A T E O F N E W Y O R K
________________________________________________________________________
3263
2013-2014 Regular Sessions
I N S E N A T E
January 31, 2013
___________
Introduced by Sen. PARKER -- read twice and ordered printed, and when
printed to be committed to the Committee on Consumer Protection
AN ACT to amend the general business law, in relation to privacy in
banking, insurance, and other financial transactions
THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:
1 Section 1. The general business law is amended by adding a new article
2 29-AAAA to read as follows:
3 ARTICLE 29-AAAA
4 PRIVACY IN FINANCIAL SERVICES
5 SECTION 522. LEGISLATIVE PURPOSE AND FINDINGS.
6 522-A. DEFINITIONS.
7 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES.
8 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS.
9 522-D. LIMITATIONS.
10 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR
11 MARKETING PURPOSES.
12 522-F. RECORD RETENTION.
13 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL.
14 522-H. PRIVATE RIGHT OF ACTION.
15 522-I. SEVERABILITY.
16 S 522. LEGISLATIVE PURPOSE AND FINDINGS. THE LEGISLATURE HEREBY FINDS
17 AND DECLARES THAT THE RIGHT TO PRIVACY IS A FUNDAMENTAL RIGHT THAT IS
18 THREATENED BY THE ROUTINE TRANSFER OF INDIVIDUALS' PRIVATE INFORMATION,
19 WHICH IS OCCURRING IN TODAY'S COMPUTERIZED MARKETPLACE. PERSONAL FINAN-
20 CIAL INFORMATION, OFTEN ASSUMED TO BE PROTECTED FROM DISCLOSURE, IS
21 FREQUENTLY SOLD OR DISCLOSED TO THIRD PARTIES FOR COMMERCIAL AND OTHER
22 PURPOSES WITHOUT THE INDIVIDUAL'S CONSENT.
23 THE LEGISLATURE FURTHER FINDS AND DECLARES THAT THE UNAUTHORIZED
24 DISCLOSURE OF PERSONAL FINANCIAL INFORMATION BY FINANCIAL INSTITUTIONS
25 IS OF PARTICULAR CONCERN BECAUSE IT INCREASES THE LIKELIHOOD OF: IDENTI-
26 TY FRAUD CRIMES; OFFENSIVE AND DECEPTIVE SOLICITATIONS BY TELEPHONE,
27 POSTAL MAIL, AND ELECTRONIC MAIL; DENIAL OF SERVICES, INCLUDING INSUR-
28 ANCE, EMPLOYMENT, AND HOUSING BASED UPON AN INDIVIDUAL'S FINANCIAL
EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
[ ] is old law to be omitted.
LBD06876-01-3
S. 3263 2
1 STATUS, INFORMATION ABOUT WHICH MAY NOT OTHERWISE HAVE BEEN KNOWN; AND
2 LOSS OF CONFIDENCE IN FINANCIAL INSTITUTIONS GENERALLY.
3 THE LEGISLATURE THEREFORE FINDS AND DECLARES THAT IT IS IN THE PUBLIC
4 AND STATE'S INTEREST TO PROHIBIT THE DISCLOSURE OF AN INDIVIDUAL'S
5 PERSONAL FINANCIAL INFORMATION WITHOUT THE EXPRESS CONSENT OF THAT INDI-
6 VIDUAL BEFORE SUCH INFORMATION IS DISCLOSED.
7 S 522-A. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS
8 SHALL HAVE THE FOLLOWING MEANINGS:
9 (A) "FINANCIAL INSTITUTION" SHALL MEAN:
10 (1) ANY FINANCIAL HOLDING COMPANY WITHIN THE MEANING OF SECTION 103 OF
11 THE FEDERAL GRAMM-LEACH-BLILEY ACT;
12 (2) ANY PERSON OR ENTITY TO WHICH THE BANKING LAW APPLIES AND ANY
13 BANK, TRUST COMPANY, SAVINGS BANK, SAVINGS AND LOAN ASSOCIATION, CREDIT
14 UNION, MORTGAGE BROKER, MORTGAGE BANKER, LICENSED LENDER, AND FOREIGN
15 BANKING CORPORATION INCORPORATED, CHARTERED, ORGANIZED, OR LICENSED
16 UNDER THE LAWS OF THIS STATE, ANY OTHER STATE, OR THE UNITED STATES,
17 WHETHER HEADQUARTERED WITHIN OR OUTSIDE OF THIS STATE;
18 (3) ANY INSURANCE COMPANY OR OTHER ENTITY AUTHORIZED TO DO INSURANCE
19 BUSINESS IN THIS STATE; AND
20 (4) ANY BROKER OR DEALER REGISTERED UNDER THE SECURITIES EXCHANGE ACT
21 OF NINETEEN HUNDRED THIRTY-FOUR, AS AMENDED.
22 (B) "AFFILIATE" SHALL MEAN ANY COMPANY THAT CONTROLS, IS CONTROLLED
23 BY, OR IS UNDER COMMON CONTROL WITH ANOTHER COMPANY.
24 (C) "CUSTOMER" SHALL MEAN ANY INDIVIDUAL WHO OBTAINS FROM A FINANCIAL
25 INSTITUTION A PRODUCT OR SERVICE WHICH IS INTENDED TO BE USED PRIMARILY
26 FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES, AND ALSO MEANS THE LEGAL
27 REPRESENTATIVE OF THAT INDIVIDUAL.
28 (D) "COMPANY" SHALL MEAN ANY CORPORATION, LIMITED LIABILITY COMPANY,
29 LIMITED LIABILITY PARTNERSHIP, BUSINESS TRUST, GENERAL OR LIMITED PART-
30 NERSHIP, ASSOCIATION, OR SIMILAR ORGANIZATION.
31 (E) "CONTROL" OF A COMPANY SHALL MEAN:
32 (1) OWNERSHIP, CONTROL, OR POWER TO VOTE TWENTY-FIVE PERCENT OR MORE
33 OF THE OUTSTANDING SHARES OF ANY CLASS OF VOTING SECURITY OF THE COMPA-
34 NY, DIRECTLY OR INDIRECTLY, OR ACTING THROUGH ONE OR MORE OTHER PERSONS;
35 (2) CONTROL IN ANY MANNER OVER THE ELECTION OF A MAJORITY OF THE
36 DIRECTORS, TRUSTEES, OR GENERAL PARTNERS (OR INDIVIDUALS EXERCISING
37 SIMILAR FUNCTIONS) OF THE COMPANY; OR
38 (3) THE POWER TO EXERCISE, DIRECTLY OR INDIRECTLY, A CONTROLLING
39 INFLUENCE OVER THE MANAGEMENT OR POLICIES OF THE COMPANY.
40 (F) "NONAFFILIATED THIRD PARTY" SHALL MEAN ANY ENTITY OR INDIVIDUAL
41 THAT IS NOT AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFIL-
42 IATED BY CORPORATE CONTROL WITH, THE FINANCIAL INSTITUTION, BUT DOES NOT
43 INCLUDE A PERSON EMPLOYED JOINTLY BY A FINANCIAL INSTITUTION AND ANY
44 COMPANY THAT IS NOT SUCH FINANCIAL INSTITUTION'S AFFILIATE.
45 (G) "NONPUBLIC PERSONAL INFORMATION" SHALL MEAN NON-MEDICAL PERSONALLY
46 IDENTIFIABLE INFORMATION:
47 (1) PROVIDED BY A CUSTOMER TO A FINANCIAL INSTITUTION;
48 (2) RESULTING FROM ANY TRANSACTION WITH A CUSTOMER OR SERVICE
49 PERFORMED FOR THE CUSTOMER; OR
50 (3) OTHERWISE OBTAINED DIRECTLY OR INDIRECTLY BY THE FINANCIAL INSTI-
51 TUTION, OTHER THAN PUBLICLY AVAILABLE INFORMATION.
52 (H) "PUBLICLY AVAILABLE INFORMATION" SHALL MEAN INFORMATION MADE
53 AVAILABLE TO THE GENERAL PUBLIC THAT IS OBTAINED FROM:
54 (1) FEDERAL, STATE, AND LOCAL GOVERNMENT RECORDS;
55 (2) WIDELY DISTRIBUTED MEDIA;
S. 3263 3
1 (3) DISCLOSURES TO THE GENERAL PUBLIC THAT ARE REQUIRED TO BE MADE BY
2 FEDERAL, STATE, OR LOCAL LAW.
3 S 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES. (A) A FINANCIAL
4 INSTITUTION MUST PROVIDE A CLEAR AND CONSPICUOUS WRITTEN NOTICE, ENTI-
5 TLED "FINANCIAL PRIVACY NOTICE", WRITTEN IN ACCORDANCE WITH SECTION
6 5-702 OF THE GENERAL OBLIGATIONS LAW, TO ANY INDIVIDUAL, UPON REQUEST,
7 AND TO ANY INDIVIDUAL WITH WHOM THE FINANCIAL INSTITUTION ESTABLISHES A
8 CUSTOMER RELATIONSHIP AT THE TIME A CUSTOMER RELATIONSHIP IS ESTAB-
9 LISHED, AND AT LEAST ANNUALLY THEREAFTER. SUCH NOTICE SHALL BE GIVEN AT
10 THE TIME AN ACCOUNT IS OPENED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT
11 APPLICATION IS MADE, REGARDLESS OF WHETHER THE LOAN, MORTGAGE, OR CREDIT
12 IS EXTENDED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT IS GRANTED; AT THE
13 TIME AN APPLICATION IS MADE FOR INSURANCE OR INVESTMENT SERVICES,
14 REGARDLESS OF WHETHER SUCH INSURANCE OR INVESTMENT SERVICES ARE
15 EXTENDED; AT THE TIME INSURANCE OR INVESTMENT SERVICES ARE EXTENDED; OR
16 AT THE TIME THE INDIVIDUAL ENTERS INTO ANY OTHER FORM OF FINANCIAL TRAN-
17 SACTION WITH THE FINANCIAL INSTITUTION.
18 (B) THE NOTICE SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE:
19 (1) THE SPECIFIC TYPES OF NONPUBLIC PERSONAL INFORMATION THAT THE
20 FINANCIAL INSTITUTION MAY DISCLOSE;
21 (2) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY OR WILL BE MADE;
22 (3) THE SPECIFIC TYPES OF NONAFFILIATED THIRD PARTIES TO WHICH DISCLO-
23 SURE MAY OR WILL BE MADE;
24 (4) THE PROBABLE USES THAT WILL BE MADE OF THE INFORMATION AFTER IT IS
25 DISCLOSED;
26 (5) THAT DISCLOSURE WILL BE LIMITED TO THE CONDITIONS SET FORTH IN THE
27 NOTICE;
28 (6) THAT THE CUSTOMER HAS THE RIGHT TO REVOKE THE CONSENT TO DISCLO-
29 SURE OF SUCH INFORMATION AT ANY TIME;
30 (7) THAT A NEW AUTHORIZATION WILL BE SOUGHT FROM THE CUSTOMER PRIOR TO
31 THE DISCLOSURE OF ANY NONPUBLIC PERSONAL INFORMATION RELATING TO A
32 CUSTOMER OTHER THAN UNDER THE CONDITION SET FORTH IN THE NOTICE OR
33 FOLLOWING REVOCATION OF THE CONSENT;
34 (8) WHETHER OR NOT THE FINANCIAL INSTITUTION WILL RECEIVE COMPENSATION
35 FOR THE DISCLOSURE;
36 (9) THAT A DENIAL OF APPROVAL WILL NOT ADVERSELY AFFECT THE CUSTOMER'S
37 FINANCIAL RELATIONSHIP WITH THE INSTITUTION;
38 (10) AN EXPIRATION DATE OF NO MORE THAN TWO YEARS FROM THE DATE OF
39 EXECUTION OF THE FORM; AND
40 (11) A SPACE FOR THE CUSTOMER'S SIGNATURE AND THE DATE OF EXECUTION OF
41 THE FORM.
42 S 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS. (A)
43 EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS ARTICLE, A FINANCIAL
44 INSTITUTION SHALL NOT DIRECTLY OR THROUGH AN AFFILIATE DISCLOSE NONPUB-
45 LIC PERSONAL INFORMATION ABOUT A CUSTOMER TO A NONAFFILIATED THIRD PARTY
46 UNLESS THE FINANCIAL INSTITUTION HAS FIRST GIVEN WRITTEN NOTICE COMPLY-
47 ING WITH THIS ARTICLE TO THE CUSTOMER TO WHOM THE INFORMATION RELATES,
48 AND HAS OBTAINED THE SIGNED AND DATED, WRITTEN OR ELECTRONIC CONSENT OF
49 THAT CUSTOMER FOR SUCH DISCLOSURE, WHICH CONSENT IS EFFECTIVE AS OF THE
50 TIME OF THE DISCLOSURE. IN ADDITION, NO DISCLOSURE OF SUCH INFORMATION
51 SHALL BE MADE AFTER RECEIPT BY THE FINANCIAL INSTITUTION OF REVOCATION
52 OF ANY CONSENT PREVIOUSLY GIVEN, UNLESS AND UNTIL THE CUSTOMER EXECUTES
53 A NEW CONSENT FORM. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR
54 THROUGH AN AFFILIATE, DISCLOSE NONPUBLIC PERSONAL INFORMATION RELATING
55 TO AN INDIVIDUAL WHO APPLIES FOR A LOAN, MORTGAGE, CREDIT, INSURANCE,
56 INVESTMENT SERVICE, OR ANY OTHER PRODUCT OR SERVICE OFFERED BY A FINAN-
S. 3263 4
1 CIAL INSTITUTION, REGARDLESS OF WHETHER OR NOT SUCH INDIVIDUAL PURCHASES
2 SUCH PRODUCT OR SERVICE, UNLESS THE FINANCIAL INSTITUTION HAS FIRST
3 GIVEN WRITTEN NOTICE COMPLYING WITH THIS ARTICLE TO SUCH INDIVIDUAL AND
4 HAS OBTAINED SUCH INDIVIDUAL'S SIGNED AND DATED WRITTEN OR ELECTRONIC
5 CONSENT.
6 (B) NO FINANCIAL INSTITUTION SHALL DISCRIMINATE AGAINST ANY CUSTOMER
7 ON THE BASIS OF THE CUSTOMER'S DENIAL OF CONSENT TO THE DISCLOSURE OF
8 HIS OR HER NONPUBLIC PERSONAL INFORMATION.
9 (C) EVERY FINANCIAL INSTITUTION SHALL ESTABLISH APPROPRIATE SAFEGUARDS
10 TO ENSURE THE SECURITY AND CONFIDENTIALITY OF RECORDS CONTAINING NONPUB-
11 LIC PERSONAL INFORMATION AND TO PROTECT AGAINST ANY ANTICIPATED THREATS
12 OR HAZARDS TO THEIR SECURITY OR INTEGRITY THAT COULD RESULT IN SIGNIF-
13 ICANT HARM, EMBARRASSMENT, OR INCONVENIENCE TO ANY DATA SUBJECT ABOUT
14 WHOM INFORMATION IS MAINTAINED.
15 S 522-D. LIMITATIONS. (A) NOTWITHSTANDING THE PROVISIONS OF SECTION
16 FIVE HUNDRED TWENTY-TWO-C OF THIS ARTICLE, A FINANCIAL INSTITUTION SHALL
17 NOT BE PROHIBITED FROM DISCLOSING NONPUBLIC PERSONAL INFORMATION RELAT-
18 ING TO A CUSTOMER UNDER THE FOLLOWING CIRCUMSTANCES:
19 (1) WHEN SPECIFICALLY AUTHORIZED BY THE CUSTOMER;
20 (2) WHEN NECESSARY TO MAINTAIN OR SERVICE THE CUSTOMER'S ACCOUNT WITH
21 THE FINANCIAL INSTITUTION;
22 (3) TO ANY PERSON OR ORGANIZATION PROVIDING PROFESSIONAL SERVICES TO
23 THE FINANCIAL INSTITUTION, INCLUDING, BUT NOT LIMITED TO, AN ACCOUNTANT
24 ENGAGED BY THE FINANCIAL INSTITUTION TO PREPARE AN INDEPENDENT AUDIT, AN
25 ATTORNEY PERFORMING A SERVICE ON BEHALF OF THE FINANCIAL INSTITUTION, OR
26 AN AGENT OR OTHER PERSON REPRESENTING THE FINANCIAL INSTITUTION IN
27 COLLECTING A DEBT OR OTHERWISE SECURING PAYMENT OF A LOAN OR ADVANCE;
28 (4) WHEN THE FINANCIAL INSTITUTION ENTERS INTO A WRITTEN CONTRACT WITH
29 A NONAFFILIATED THIRD PARTY TO MARKET THE FINANCIAL INSTITUTION'S
30 PRODUCTS OR SERVICES;
31 (5) TO PROTECT THE CONFIDENTIALITY OR SECURITY OF ITS RECORDS PERTAIN-
32 ING TO THE CUSTOMER, THE SERVICE OR PRODUCT, OR THE TRANSACTION THEREIN,
33 OR TO PROTECT AGAINST OR PREVENT ACTUAL OR POTENTIAL FRAUD, UNAUTHORIZED
34 TRANSACTIONS, CLAIMS, OR OTHER LIABILITY;
35 (6) TO PROVIDE INFORMATION TO APPLICABLE RATING AGENCIES OF THE FINAN-
36 CIAL INSTITUTION AND PERSONS ASSESSING THE INSTITUTION'S COMPLIANCE WITH
37 INDUSTRY STANDARDS;
38 (7) WHEN THE FINANCIAL INSTITUTION IS COMPELLED TO DISCLOSE THE
39 CONTENTS OF THE INFORMATION PURSUANT TO LAWFUL SUBPOENA, SUMMONS,
40 WARRANT, OR COURT ORDER;
41 (8) WHEN DISCLOSURE IS REQUIRED BY FEDERAL OR STATE LAW OR REGULATION;
42 (9) TO A CREDIT-REPORTING AGENCY, AS DEFINED BY SECTION SIX HUNDRED
43 THREE OF THE FEDERAL FAIR CREDIT REPORTING ACT, FOR INCLUSION IN A
44 CONSUMER REPORT THAT MAY BE RELEASED TO A THIRD PARTY FOR A PURPOSE
45 PERMISSIBLE UNDER SECTION SIX HUNDRED FOUR OF SUCH ACT;
46 (10) TO GOVERNMENT ENTITIES; OR
47 (11) TO THE FINANCIAL INSTITUTION'S BOND OR INSURANCE COMPANIES WHEN
48 THE FINANCIAL INSTITUTION HAS INFORMATION RELATIVE TO A CLAIM PURSUANT
49 TO ITS BOND OR DIRECTOR'S AND OFFICER'S LIABILITY INSURANCE POLICY OR
50 OTHER INSURANCE COVERAGE.
51 (B) PRIOR TO RELEASE OF NONPUBLIC PERSONAL INFORMATION RELATING TO A
52 CUSTOMER AUTHORIZED BY SUBDIVISION (A) OF SECTION FIVE HUNDRED
53 TWENTY-TWO-C OF THIS ARTICLE, OR AUTHORIZED BY PARAGRAPHS TWO, THREE,
54 FOUR, FIVE, SIX, TEN, OR ELEVEN OF SUBDIVISION (A) OF THIS SECTION, THE
55 FINANCIAL INSTITUTION SHALL ENTER INTO A CONTRACTUAL AGREEMENT WITH ANY
56 THIRD PARTY RECEIVING SUCH NONPUBLIC PERSONAL CUSTOMER INFORMATION
S. 3263 5
1 PROHIBITING SUCH THIRD PARTY FROM DISCLOSING SUCH INFORMATION AND LIMIT-
2 ING THE THIRD PARTY'S USE OF SUCH INFORMATION SOLELY TO THE PURPOSES FOR
3 WHICH THE INFORMATION IS DISCLOSED OR OTHERWISE PERMITTED BY SUBDIVISION
4 (A) OF THIS SECTION.
5 S 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR MARKETING
6 PURPOSES. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR THROUGH AN
7 AFFILIATE, DISCLOSE, OTHER THAN TO A CONSUMER REPORTING AGENCY, AN
8 ACCOUNT NUMBER OR SIMILAR FORM OF ACCESS NUMBER OR ACCESS CODE FOR A
9 CREDIT ACCOUNT, DEPOSIT ACCOUNT, OR TRANSACTION ACCOUNT OF A CUSTOMER TO
10 ANY NONAFFILIATED THIRD PARTY FOR USE IN TELEMARKETING, DIRECT MAIL
11 MARKETING, OR OTHER MARKETING THROUGH ELECTRONIC MAIL TO THE CUSTOMER.
12 S 522-F. RECORD RETENTION. (A) A FINANCIAL INSTITUTION SHALL MAINTAIN
13 RECORDS OF FINANCIAL PRIVACY NOTIFICATION, AS REQUIRED IN THIS ARTICLE,
14 AND RETAIN COPIES OF EACH CUSTOMER'S APPROVAL OF DISCLOSURE OF CONFIDEN-
15 TIAL CUSTOMER INFORMATION OR WITHDRAWAL OF SUCH APPROVAL FOR AT LEAST
16 FOUR YEARS.
17 (B) A FINANCIAL INSTITUTION SHALL MAINTAIN RECORDS OF ALL COMPLAINTS
18 UNDER THIS ARTICLE, IF ANY, AND THEIR DISPOSITION FOR AT LEAST SEVEN
19 YEARS.
20 S 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. IN ADDITION TO ANY OTHER
21 REMEDIES PROVIDED, WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE,
22 APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF THE
23 PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDIC-
24 TION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO
25 THE DEFENDANT OF NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE
26 CONTINUANCE OF SUCH VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFAC-
27 TION OF THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED
28 THIS ARTICLE, AN INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE,
29 ENJOINING THE RESTRAINING OF ANY FURTHER VIOLATION, WITHOUT REQUIRING
30 PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN
31 ANY SUCH PROCEEDINGS, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY
32 GENERAL AS PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION
33 EIGHTY-THREE HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND
34 DIRECT RESTITUTION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION
35 OF THIS ARTICLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF
36 NOT MORE THAN ONE THOUSAND DOLLARS FOR EACH VIOLATION. IN CONNECTION
37 WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED
38 TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS AND TO
39 ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE LAW AND RULES.
40 S 522-H. PRIVATE RIGHT OF ACTION. IN THE EVENT THAT AN INDIVIDUAL'S
41 NONPUBLIC PERSONAL INFORMATION IS DISCLOSED BY A FINANCIAL INSTITUTION
42 IN VIOLATION OF THIS ARTICLE, SUCH INDIVIDUAL MAY BRING AN ACTION FOR
43 RECOVERY OF DAMAGES. JUDGMENT SHALL BE ENTERED IN AN AMOUNT NOT TO
44 EXCEED THREE TIMES THE ACTUAL DAMAGES OR FIVE HUNDRED DOLLARS, WHICHEVER
45 IS GREATER. THE COURT MAY AWARD REASONABLE ATTORNEY'S FEES TO A PREVAIL-
46 ING PLAINTIFF.
47 S 522-I. SEVERABILITY. IF ANY CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR
48 PART OF THIS ARTICLE SHALL BE ADJUDGED BY ANY COURT OF COMPETENT JURIS-
49 DICTION TO BE INVALID, SUCH JUDGMENT SHALL NOT AFFECT, IMPAIR, OR INVAL-
50 IDATE THE REMAINDER THEREOF, BUT SHALL BE CONFINED IN ITS OPERATION TO
51 THE CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR PART THEREOF DIRECTLY
52 INVOLVED IN THE CONTROVERSY IN WHICH SUCH JUDGMENT SHALL HAVE BEEN
53 RENDERED.
54 S 2. This act shall take effect on the first of November next succeed-
55 ing the date on which it shall have become a law.
