S T A T E O F N E W Y O R K ________________________________________________________________________ 3263 2013-2014 Regular Sessions I N S E N A T E January 31, 2013 ___________ Introduced by Sen. PARKER -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to privacy in banking, insurance, and other financial transactions THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: 1 Section 1. The general business law is amended by adding a new article 2 29-AAAA to read as follows: 3 ARTICLE 29-AAAA 4 PRIVACY IN FINANCIAL SERVICES 5 SECTION 522. LEGISLATIVE PURPOSE AND FINDINGS. 6 522-A. DEFINITIONS. 7 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES. 8 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS. 9 522-D. LIMITATIONS. 10 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR 11 MARKETING PURPOSES. 12 522-F. RECORD RETENTION. 13 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. 14 522-H. PRIVATE RIGHT OF ACTION. 15 522-I. SEVERABILITY. 16 S 522. LEGISLATIVE PURPOSE AND FINDINGS. THE LEGISLATURE HEREBY FINDS 17 AND DECLARES THAT THE RIGHT TO PRIVACY IS A FUNDAMENTAL RIGHT THAT IS 18 THREATENED BY THE ROUTINE TRANSFER OF INDIVIDUALS' PRIVATE INFORMATION, 19 WHICH IS OCCURRING IN TODAY'S COMPUTERIZED MARKETPLACE. PERSONAL FINAN- 20 CIAL INFORMATION, OFTEN ASSUMED TO BE PROTECTED FROM DISCLOSURE, IS 21 FREQUENTLY SOLD OR DISCLOSED TO THIRD PARTIES FOR COMMERCIAL AND OTHER 22 PURPOSES WITHOUT THE INDIVIDUAL'S CONSENT. 23 THE LEGISLATURE FURTHER FINDS AND DECLARES THAT THE UNAUTHORIZED 24 DISCLOSURE OF PERSONAL FINANCIAL INFORMATION BY FINANCIAL INSTITUTIONS 25 IS OF PARTICULAR CONCERN BECAUSE IT INCREASES THE LIKELIHOOD OF: IDENTI- 26 TY FRAUD CRIMES; OFFENSIVE AND DECEPTIVE SOLICITATIONS BY TELEPHONE, 27 POSTAL MAIL, AND ELECTRONIC MAIL; DENIAL OF SERVICES, INCLUDING INSUR- 28 ANCE, EMPLOYMENT, AND HOUSING BASED UPON AN INDIVIDUAL'S FINANCIAL EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD06876-01-3 S. 3263 2 1 STATUS, INFORMATION ABOUT WHICH MAY NOT OTHERWISE HAVE BEEN KNOWN; AND 2 LOSS OF CONFIDENCE IN FINANCIAL INSTITUTIONS GENERALLY. 3 THE LEGISLATURE THEREFORE FINDS AND DECLARES THAT IT IS IN THE PUBLIC 4 AND STATE'S INTEREST TO PROHIBIT THE DISCLOSURE OF AN INDIVIDUAL'S 5 PERSONAL FINANCIAL INFORMATION WITHOUT THE EXPRESS CONSENT OF THAT INDI- 6 VIDUAL BEFORE SUCH INFORMATION IS DISCLOSED. 7 S 522-A. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS 8 SHALL HAVE THE FOLLOWING MEANINGS: 9 (A) "FINANCIAL INSTITUTION" SHALL MEAN: 10 (1) ANY FINANCIAL HOLDING COMPANY WITHIN THE MEANING OF SECTION 103 OF 11 THE FEDERAL GRAMM-LEACH-BLILEY ACT; 12 (2) ANY PERSON OR ENTITY TO WHICH THE BANKING LAW APPLIES AND ANY 13 BANK, TRUST COMPANY, SAVINGS BANK, SAVINGS AND LOAN ASSOCIATION, CREDIT 14 UNION, MORTGAGE BROKER, MORTGAGE BANKER, LICENSED LENDER, AND FOREIGN 15 BANKING CORPORATION INCORPORATED, CHARTERED, ORGANIZED, OR LICENSED 16 UNDER THE LAWS OF THIS STATE, ANY OTHER STATE, OR THE UNITED STATES, 17 WHETHER HEADQUARTERED WITHIN OR OUTSIDE OF THIS STATE; 18 (3) ANY INSURANCE COMPANY OR OTHER ENTITY AUTHORIZED TO DO INSURANCE 19 BUSINESS IN THIS STATE; AND 20 (4) ANY BROKER OR DEALER REGISTERED UNDER THE SECURITIES EXCHANGE ACT 21 OF NINETEEN HUNDRED THIRTY-FOUR, AS AMENDED. 22 (B) "AFFILIATE" SHALL MEAN ANY COMPANY THAT CONTROLS, IS CONTROLLED 23 BY, OR IS UNDER COMMON CONTROL WITH ANOTHER COMPANY. 24 (C) "CUSTOMER" SHALL MEAN ANY INDIVIDUAL WHO OBTAINS FROM A FINANCIAL 25 INSTITUTION A PRODUCT OR SERVICE WHICH IS INTENDED TO BE USED PRIMARILY 26 FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES, AND ALSO MEANS THE LEGAL 27 REPRESENTATIVE OF THAT INDIVIDUAL. 28 (D) "COMPANY" SHALL MEAN ANY CORPORATION, LIMITED LIABILITY COMPANY, 29 LIMITED LIABILITY PARTNERSHIP, BUSINESS TRUST, GENERAL OR LIMITED PART- 30 NERSHIP, ASSOCIATION, OR SIMILAR ORGANIZATION. 31 (E) "CONTROL" OF A COMPANY SHALL MEAN: 32 (1) OWNERSHIP, CONTROL, OR POWER TO VOTE TWENTY-FIVE PERCENT OR MORE 33 OF THE OUTSTANDING SHARES OF ANY CLASS OF VOTING SECURITY OF THE COMPA- 34 NY, DIRECTLY OR INDIRECTLY, OR ACTING THROUGH ONE OR MORE OTHER PERSONS; 35 (2) CONTROL IN ANY MANNER OVER THE ELECTION OF A MAJORITY OF THE 36 DIRECTORS, TRUSTEES, OR GENERAL PARTNERS (OR INDIVIDUALS EXERCISING 37 SIMILAR FUNCTIONS) OF THE COMPANY; OR 38 (3) THE POWER TO EXERCISE, DIRECTLY OR INDIRECTLY, A CONTROLLING 39 INFLUENCE OVER THE MANAGEMENT OR POLICIES OF THE COMPANY. 40 (F) "NONAFFILIATED THIRD PARTY" SHALL MEAN ANY ENTITY OR INDIVIDUAL 41 THAT IS NOT AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFIL- 42 IATED BY CORPORATE CONTROL WITH, THE FINANCIAL INSTITUTION, BUT DOES NOT 43 INCLUDE A PERSON EMPLOYED JOINTLY BY A FINANCIAL INSTITUTION AND ANY 44 COMPANY THAT IS NOT SUCH FINANCIAL INSTITUTION'S AFFILIATE. 45 (G) "NONPUBLIC PERSONAL INFORMATION" SHALL MEAN NON-MEDICAL PERSONALLY 46 IDENTIFIABLE INFORMATION: 47 (1) PROVIDED BY A CUSTOMER TO A FINANCIAL INSTITUTION; 48 (2) RESULTING FROM ANY TRANSACTION WITH A CUSTOMER OR SERVICE 49 PERFORMED FOR THE CUSTOMER; OR 50 (3) OTHERWISE OBTAINED DIRECTLY OR INDIRECTLY BY THE FINANCIAL INSTI- 51 TUTION, OTHER THAN PUBLICLY AVAILABLE INFORMATION. 52 (H) "PUBLICLY AVAILABLE INFORMATION" SHALL MEAN INFORMATION MADE 53 AVAILABLE TO THE GENERAL PUBLIC THAT IS OBTAINED FROM: 54 (1) FEDERAL, STATE, AND LOCAL GOVERNMENT RECORDS; 55 (2) WIDELY DISTRIBUTED MEDIA; S. 3263 3 1 (3) DISCLOSURES TO THE GENERAL PUBLIC THAT ARE REQUIRED TO BE MADE BY 2 FEDERAL, STATE, OR LOCAL LAW. 3 S 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES. (A) A FINANCIAL 4 INSTITUTION MUST PROVIDE A CLEAR AND CONSPICUOUS WRITTEN NOTICE, ENTI- 5 TLED "FINANCIAL PRIVACY NOTICE", WRITTEN IN ACCORDANCE WITH SECTION 6 5-702 OF THE GENERAL OBLIGATIONS LAW, TO ANY INDIVIDUAL, UPON REQUEST, 7 AND TO ANY INDIVIDUAL WITH WHOM THE FINANCIAL INSTITUTION ESTABLISHES A 8 CUSTOMER RELATIONSHIP AT THE TIME A CUSTOMER RELATIONSHIP IS ESTAB- 9 LISHED, AND AT LEAST ANNUALLY THEREAFTER. SUCH NOTICE SHALL BE GIVEN AT 10 THE TIME AN ACCOUNT IS OPENED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT 11 APPLICATION IS MADE, REGARDLESS OF WHETHER THE LOAN, MORTGAGE, OR CREDIT 12 IS EXTENDED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT IS GRANTED; AT THE 13 TIME AN APPLICATION IS MADE FOR INSURANCE OR INVESTMENT SERVICES, 14 REGARDLESS OF WHETHER SUCH INSURANCE OR INVESTMENT SERVICES ARE 15 EXTENDED; AT THE TIME INSURANCE OR INVESTMENT SERVICES ARE EXTENDED; OR 16 AT THE TIME THE INDIVIDUAL ENTERS INTO ANY OTHER FORM OF FINANCIAL TRAN- 17 SACTION WITH THE FINANCIAL INSTITUTION. 18 (B) THE NOTICE SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE: 19 (1) THE SPECIFIC TYPES OF NONPUBLIC PERSONAL INFORMATION THAT THE 20 FINANCIAL INSTITUTION MAY DISCLOSE; 21 (2) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY OR WILL BE MADE; 22 (3) THE SPECIFIC TYPES OF NONAFFILIATED THIRD PARTIES TO WHICH DISCLO- 23 SURE MAY OR WILL BE MADE; 24 (4) THE PROBABLE USES THAT WILL BE MADE OF THE INFORMATION AFTER IT IS 25 DISCLOSED; 26 (5) THAT DISCLOSURE WILL BE LIMITED TO THE CONDITIONS SET FORTH IN THE 27 NOTICE; 28 (6) THAT THE CUSTOMER HAS THE RIGHT TO REVOKE THE CONSENT TO DISCLO- 29 SURE OF SUCH INFORMATION AT ANY TIME; 30 (7) THAT A NEW AUTHORIZATION WILL BE SOUGHT FROM THE CUSTOMER PRIOR TO 31 THE DISCLOSURE OF ANY NONPUBLIC PERSONAL INFORMATION RELATING TO A 32 CUSTOMER OTHER THAN UNDER THE CONDITION SET FORTH IN THE NOTICE OR 33 FOLLOWING REVOCATION OF THE CONSENT; 34 (8) WHETHER OR NOT THE FINANCIAL INSTITUTION WILL RECEIVE COMPENSATION 35 FOR THE DISCLOSURE; 36 (9) THAT A DENIAL OF APPROVAL WILL NOT ADVERSELY AFFECT THE CUSTOMER'S 37 FINANCIAL RELATIONSHIP WITH THE INSTITUTION; 38 (10) AN EXPIRATION DATE OF NO MORE THAN TWO YEARS FROM THE DATE OF 39 EXECUTION OF THE FORM; AND 40 (11) A SPACE FOR THE CUSTOMER'S SIGNATURE AND THE DATE OF EXECUTION OF 41 THE FORM. 42 S 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS. (A) 43 EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS ARTICLE, A FINANCIAL 44 INSTITUTION SHALL NOT DIRECTLY OR THROUGH AN AFFILIATE DISCLOSE NONPUB- 45 LIC PERSONAL INFORMATION ABOUT A CUSTOMER TO A NONAFFILIATED THIRD PARTY 46 UNLESS THE FINANCIAL INSTITUTION HAS FIRST GIVEN WRITTEN NOTICE COMPLY- 47 ING WITH THIS ARTICLE TO THE CUSTOMER TO WHOM THE INFORMATION RELATES, 48 AND HAS OBTAINED THE SIGNED AND DATED, WRITTEN OR ELECTRONIC CONSENT OF 49 THAT CUSTOMER FOR SUCH DISCLOSURE, WHICH CONSENT IS EFFECTIVE AS OF THE 50 TIME OF THE DISCLOSURE. IN ADDITION, NO DISCLOSURE OF SUCH INFORMATION 51 SHALL BE MADE AFTER RECEIPT BY THE FINANCIAL INSTITUTION OF REVOCATION 52 OF ANY CONSENT PREVIOUSLY GIVEN, UNLESS AND UNTIL THE CUSTOMER EXECUTES 53 A NEW CONSENT FORM. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR 54 THROUGH AN AFFILIATE, DISCLOSE NONPUBLIC PERSONAL INFORMATION RELATING 55 TO AN INDIVIDUAL WHO APPLIES FOR A LOAN, MORTGAGE, CREDIT, INSURANCE, 56 INVESTMENT SERVICE, OR ANY OTHER PRODUCT OR SERVICE OFFERED BY A FINAN- S. 3263 4 1 CIAL INSTITUTION, REGARDLESS OF WHETHER OR NOT SUCH INDIVIDUAL PURCHASES 2 SUCH PRODUCT OR SERVICE, UNLESS THE FINANCIAL INSTITUTION HAS FIRST 3 GIVEN WRITTEN NOTICE COMPLYING WITH THIS ARTICLE TO SUCH INDIVIDUAL AND 4 HAS OBTAINED SUCH INDIVIDUAL'S SIGNED AND DATED WRITTEN OR ELECTRONIC 5 CONSENT. 6 (B) NO FINANCIAL INSTITUTION SHALL DISCRIMINATE AGAINST ANY CUSTOMER 7 ON THE BASIS OF THE CUSTOMER'S DENIAL OF CONSENT TO THE DISCLOSURE OF 8 HIS OR HER NONPUBLIC PERSONAL INFORMATION. 9 (C) EVERY FINANCIAL INSTITUTION SHALL ESTABLISH APPROPRIATE SAFEGUARDS 10 TO ENSURE THE SECURITY AND CONFIDENTIALITY OF RECORDS CONTAINING NONPUB- 11 LIC PERSONAL INFORMATION AND TO PROTECT AGAINST ANY ANTICIPATED THREATS 12 OR HAZARDS TO THEIR SECURITY OR INTEGRITY THAT COULD RESULT IN SIGNIF- 13 ICANT HARM, EMBARRASSMENT, OR INCONVENIENCE TO ANY DATA SUBJECT ABOUT 14 WHOM INFORMATION IS MAINTAINED. 15 S 522-D. LIMITATIONS. (A) NOTWITHSTANDING THE PROVISIONS OF SECTION 16 FIVE HUNDRED TWENTY-TWO-C OF THIS ARTICLE, A FINANCIAL INSTITUTION SHALL 17 NOT BE PROHIBITED FROM DISCLOSING NONPUBLIC PERSONAL INFORMATION RELAT- 18 ING TO A CUSTOMER UNDER THE FOLLOWING CIRCUMSTANCES: 19 (1) WHEN SPECIFICALLY AUTHORIZED BY THE CUSTOMER; 20 (2) WHEN NECESSARY TO MAINTAIN OR SERVICE THE CUSTOMER'S ACCOUNT WITH 21 THE FINANCIAL INSTITUTION; 22 (3) TO ANY PERSON OR ORGANIZATION PROVIDING PROFESSIONAL SERVICES TO 23 THE FINANCIAL INSTITUTION, INCLUDING, BUT NOT LIMITED TO, AN ACCOUNTANT 24 ENGAGED BY THE FINANCIAL INSTITUTION TO PREPARE AN INDEPENDENT AUDIT, AN 25 ATTORNEY PERFORMING A SERVICE ON BEHALF OF THE FINANCIAL INSTITUTION, OR 26 AN AGENT OR OTHER PERSON REPRESENTING THE FINANCIAL INSTITUTION IN 27 COLLECTING A DEBT OR OTHERWISE SECURING PAYMENT OF A LOAN OR ADVANCE; 28 (4) WHEN THE FINANCIAL INSTITUTION ENTERS INTO A WRITTEN CONTRACT WITH 29 A NONAFFILIATED THIRD PARTY TO MARKET THE FINANCIAL INSTITUTION'S 30 PRODUCTS OR SERVICES; 31 (5) TO PROTECT THE CONFIDENTIALITY OR SECURITY OF ITS RECORDS PERTAIN- 32 ING TO THE CUSTOMER, THE SERVICE OR PRODUCT, OR THE TRANSACTION THEREIN, 33 OR TO PROTECT AGAINST OR PREVENT ACTUAL OR POTENTIAL FRAUD, UNAUTHORIZED 34 TRANSACTIONS, CLAIMS, OR OTHER LIABILITY; 35 (6) TO PROVIDE INFORMATION TO APPLICABLE RATING AGENCIES OF THE FINAN- 36 CIAL INSTITUTION AND PERSONS ASSESSING THE INSTITUTION'S COMPLIANCE WITH 37 INDUSTRY STANDARDS; 38 (7) WHEN THE FINANCIAL INSTITUTION IS COMPELLED TO DISCLOSE THE 39 CONTENTS OF THE INFORMATION PURSUANT TO LAWFUL SUBPOENA, SUMMONS, 40 WARRANT, OR COURT ORDER; 41 (8) WHEN DISCLOSURE IS REQUIRED BY FEDERAL OR STATE LAW OR REGULATION; 42 (9) TO A CREDIT-REPORTING AGENCY, AS DEFINED BY SECTION SIX HUNDRED 43 THREE OF THE FEDERAL FAIR CREDIT REPORTING ACT, FOR INCLUSION IN A 44 CONSUMER REPORT THAT MAY BE RELEASED TO A THIRD PARTY FOR A PURPOSE 45 PERMISSIBLE UNDER SECTION SIX HUNDRED FOUR OF SUCH ACT; 46 (10) TO GOVERNMENT ENTITIES; OR 47 (11) TO THE FINANCIAL INSTITUTION'S BOND OR INSURANCE COMPANIES WHEN 48 THE FINANCIAL INSTITUTION HAS INFORMATION RELATIVE TO A CLAIM PURSUANT 49 TO ITS BOND OR DIRECTOR'S AND OFFICER'S LIABILITY INSURANCE POLICY OR 50 OTHER INSURANCE COVERAGE. 51 (B) PRIOR TO RELEASE OF NONPUBLIC PERSONAL INFORMATION RELATING TO A 52 CUSTOMER AUTHORIZED BY SUBDIVISION (A) OF SECTION FIVE HUNDRED 53 TWENTY-TWO-C OF THIS ARTICLE, OR AUTHORIZED BY PARAGRAPHS TWO, THREE, 54 FOUR, FIVE, SIX, TEN, OR ELEVEN OF SUBDIVISION (A) OF THIS SECTION, THE 55 FINANCIAL INSTITUTION SHALL ENTER INTO A CONTRACTUAL AGREEMENT WITH ANY 56 THIRD PARTY RECEIVING SUCH NONPUBLIC PERSONAL CUSTOMER INFORMATION S. 3263 5 1 PROHIBITING SUCH THIRD PARTY FROM DISCLOSING SUCH INFORMATION AND LIMIT- 2 ING THE THIRD PARTY'S USE OF SUCH INFORMATION SOLELY TO THE PURPOSES FOR 3 WHICH THE INFORMATION IS DISCLOSED OR OTHERWISE PERMITTED BY SUBDIVISION 4 (A) OF THIS SECTION. 5 S 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR MARKETING 6 PURPOSES. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR THROUGH AN 7 AFFILIATE, DISCLOSE, OTHER THAN TO A CONSUMER REPORTING AGENCY, AN 8 ACCOUNT NUMBER OR SIMILAR FORM OF ACCESS NUMBER OR ACCESS CODE FOR A 9 CREDIT ACCOUNT, DEPOSIT ACCOUNT, OR TRANSACTION ACCOUNT OF A CUSTOMER TO 10 ANY NONAFFILIATED THIRD PARTY FOR USE IN TELEMARKETING, DIRECT MAIL 11 MARKETING, OR OTHER MARKETING THROUGH ELECTRONIC MAIL TO THE CUSTOMER. 12 S 522-F. RECORD RETENTION. (A) A FINANCIAL INSTITUTION SHALL MAINTAIN 13 RECORDS OF FINANCIAL PRIVACY NOTIFICATION, AS REQUIRED IN THIS ARTICLE, 14 AND RETAIN COPIES OF EACH CUSTOMER'S APPROVAL OF DISCLOSURE OF CONFIDEN- 15 TIAL CUSTOMER INFORMATION OR WITHDRAWAL OF SUCH APPROVAL FOR AT LEAST 16 FOUR YEARS. 17 (B) A FINANCIAL INSTITUTION SHALL MAINTAIN RECORDS OF ALL COMPLAINTS 18 UNDER THIS ARTICLE, IF ANY, AND THEIR DISPOSITION FOR AT LEAST SEVEN 19 YEARS. 20 S 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. IN ADDITION TO ANY OTHER 21 REMEDIES PROVIDED, WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE, 22 APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF THE 23 PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDIC- 24 TION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO 25 THE DEFENDANT OF NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE 26 CONTINUANCE OF SUCH VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFAC- 27 TION OF THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED 28 THIS ARTICLE, AN INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE, 29 ENJOINING THE RESTRAINING OF ANY FURTHER VIOLATION, WITHOUT REQUIRING 30 PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN 31 ANY SUCH PROCEEDINGS, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY 32 GENERAL AS PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION 33 EIGHTY-THREE HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND 34 DIRECT RESTITUTION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION 35 OF THIS ARTICLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF 36 NOT MORE THAN ONE THOUSAND DOLLARS FOR EACH VIOLATION. IN CONNECTION 37 WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED 38 TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS AND TO 39 ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE LAW AND RULES. 40 S 522-H. PRIVATE RIGHT OF ACTION. IN THE EVENT THAT AN INDIVIDUAL'S 41 NONPUBLIC PERSONAL INFORMATION IS DISCLOSED BY A FINANCIAL INSTITUTION 42 IN VIOLATION OF THIS ARTICLE, SUCH INDIVIDUAL MAY BRING AN ACTION FOR 43 RECOVERY OF DAMAGES. JUDGMENT SHALL BE ENTERED IN AN AMOUNT NOT TO 44 EXCEED THREE TIMES THE ACTUAL DAMAGES OR FIVE HUNDRED DOLLARS, WHICHEVER 45 IS GREATER. THE COURT MAY AWARD REASONABLE ATTORNEY'S FEES TO A PREVAIL- 46 ING PLAINTIFF. 47 S 522-I. SEVERABILITY. IF ANY CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR 48 PART OF THIS ARTICLE SHALL BE ADJUDGED BY ANY COURT OF COMPETENT JURIS- 49 DICTION TO BE INVALID, SUCH JUDGMENT SHALL NOT AFFECT, IMPAIR, OR INVAL- 50 IDATE THE REMAINDER THEREOF, BUT SHALL BE CONFINED IN ITS OPERATION TO 51 THE CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR PART THEREOF DIRECTLY 52 INVOLVED IN THE CONTROVERSY IN WHICH SUCH JUDGMENT SHALL HAVE BEEN 53 RENDERED. 54 S 2. This act shall take effect on the first of November next succeed- 55 ing the date on which it shall have become a law.