Bill Text: NY S04618 | 2009-2010 | General Assembly | Introduced
Bill Title: Makes provisions for privacy in banking, insurance, and other financial transactions, forbidding disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information; provides for enforcement by the attorney general and authorizes private actions.
Spectrum: Partisan Bill (Democrat 7-0)
Status: (Introduced - Dead) 2010-01-06 - REFERRED TO CONSUMER PROTECTION [S04618 Detail]
Download: New_York-2009-S04618-Introduced.html
S T A T E O F N E W Y O R K ________________________________________________________________________ 4618 2009-2010 Regular Sessions I N S E N A T E April 24, 2009 ___________ Introduced by Sens. ONORATO, HASSELL-THOMPSON, C. JOHNSON, KRUEGER, PARKER, SAMPSON, THOMPSON -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to privacy in banking, insurance, and other financial transactions THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: 1 Section 1. The general business law is amended by adding a new article 2 29-AAAA to read as follows: 3 ARTICLE 29-AAAA 4 PRIVACY IN FINANCIAL SERVICES 5 SECTION 522. LEGISLATIVE PURPOSE AND FINDINGS. 6 522-A. DEFINITIONS. 7 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES. 8 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS. 9 522-D. LIMITATIONS. 10 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR 11 MARKETING PURPOSES. 12 522-F. RECORD RETENTION. 13 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. 14 522-H. PRIVATE RIGHT OF ACTION. 15 522-I. SEVERABILITY. 16 S 522. LEGISLATIVE PURPOSE AND FINDINGS. THE LEGISLATURE HEREBY FINDS 17 AND DECLARES THAT THE RIGHT TO PRIVACY IS A FUNDAMENTAL RIGHT THAT IS 18 THREATENED BY THE ROUTINE TRANSFER OF INDIVIDUALS' PRIVATE INFORMATION, 19 WHICH IS OCCURRING IN TODAY'S COMPUTERIZED MARKETPLACE. PERSONAL FINAN- 20 CIAL INFORMATION, OFTEN ASSUMED TO BE PROTECTED FROM DISCLOSURE, IS 21 FREQUENTLY SOLD OR DISCLOSED TO THIRD PARTIES FOR COMMERCIAL AND OTHER 22 PURPOSES WITHOUT THE INDIVIDUAL'S CONSENT. 23 THE LEGISLATURE FURTHER FINDS AND DECLARES THAT THE UNAUTHORIZED 24 DISCLOSURE OF PERSONAL FINANCIAL INFORMATION BY FINANCIAL INSTITUTIONS EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD03755-01-9 S. 4618 2 1 IS OF PARTICULAR CONCERN BECAUSE IT INCREASES THE LIKELIHOOD OF: IDENTI- 2 TY FRAUD CRIMES; OFFENSIVE AND DECEPTIVE SOLICITATIONS BY TELEPHONE, 3 POSTAL MAIL, AND ELECTRONIC MAIL; DENIAL OF SERVICES, INCLUDING INSUR- 4 ANCE, EMPLOYMENT, AND HOUSING BASED UPON AN INDIVIDUAL'S FINANCIAL 5 STATUS, INFORMATION ABOUT WHICH MAY NOT OTHERWISE HAVE BEEN KNOWN; AND 6 LOSS OF CONFIDENCE IN FINANCIAL INSTITUTIONS GENERALLY. 7 THE LEGISLATURE THEREFORE FINDS AND DECLARES THAT IT IS IN THE PUBLIC 8 AND STATE'S INTEREST TO PROHIBIT THE DISCLOSURE OF AN INDIVIDUAL'S 9 PERSONAL FINANCIAL INFORMATION WITHOUT THE EXPRESS CONSENT OF THAT INDI- 10 VIDUAL BEFORE SUCH INFORMATION IS DISCLOSED. 11 S 522-A. DEFINITIONS. AS USED IN THIS ARTICLE, THE FOLLOWING TERMS 12 SHALL HAVE THE FOLLOWING MEANINGS: 13 (A) "FINANCIAL INSTITUTION" SHALL MEAN: 14 (1) ANY FINANCIAL HOLDING COMPANY WITHIN THE MEANING OF SECTION 103 OF 15 THE FEDERAL GRAMM-LEACH-BLILEY ACT; 16 (2) ANY PERSON OR ENTITY TO WHICH THE BANKING LAW APPLIES AND ANY 17 BANK, TRUST COMPANY, SAVINGS BANK, SAVINGS AND LOAN ASSOCIATION, CREDIT 18 UNION, MORTGAGE BROKER, MORTGAGE BANKER, LICENSED LENDER, AND FOREIGN 19 BANKING CORPORATION INCORPORATED, CHARTERED, ORGANIZED, OR LICENSED 20 UNDER THE LAWS OF THIS STATE, ANY OTHER STATE, OR THE UNITED STATES, 21 WHETHER HEADQUARTERED WITHIN OR OUTSIDE OF THIS STATE; 22 (3) ANY INSURANCE COMPANY OR OTHER ENTITY AUTHORIZED TO DO INSURANCE 23 BUSINESS IN THIS STATE; AND 24 (4) ANY BROKER OR DEALER REGISTERED UNDER THE SECURITIES EXCHANGE ACT 25 OF NINETEEN HUNDRED THIRTY-FOUR, AS AMENDED. 26 (B) "AFFILIATE" SHALL MEAN ANY COMPANY THAT CONTROLS, IS CONTROLLED 27 BY, OR IS UNDER COMMON CONTROL WITH ANOTHER COMPANY. 28 (C) "CUSTOMER" SHALL MEAN ANY INDIVIDUAL WHO OBTAINS FROM A FINANCIAL 29 INSTITUTION A PRODUCT OR SERVICE WHICH IS INTENDED TO BE USED PRIMARILY 30 FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES, AND ALSO MEANS THE LEGAL 31 REPRESENTATIVE OF THAT INDIVIDUAL. 32 (D) "COMPANY" SHALL MEAN ANY CORPORATION, LIMITED LIABILITY COMPANY, 33 LIMITED LIABILITY PARTNERSHIP, BUSINESS TRUST, GENERAL OR LIMITED PART- 34 NERSHIP, ASSOCIATION, OR SIMILAR ORGANIZATION. 35 (E) "CONTROL" OF A COMPANY SHALL MEAN: 36 (1) OWNERSHIP, CONTROL, OR POWER TO VOTE TWENTY-FIVE PERCENT OR MORE 37 OF THE OUTSTANDING SHARES OF ANY CLASS OF VOTING SECURITY OF THE COMPA- 38 NY, DIRECTLY OR INDIRECTLY, OR ACTING THROUGH ONE OR MORE OTHER PERSONS; 39 (2) CONTROL IN ANY MANNER OVER THE ELECTION OF A MAJORITY OF THE 40 DIRECTORS, TRUSTEES, OR GENERAL PARTNERS (OR INDIVIDUALS EXERCISING 41 SIMILAR FUNCTIONS) OF THE COMPANY; OR 42 (3) THE POWER TO EXERCISE, DIRECTLY OR INDIRECTLY, A CONTROLLING 43 INFLUENCE OVER THE MANAGEMENT OR POLICIES OF THE COMPANY. 44 (F) "NONAFFILIATED THIRD PARTY" SHALL MEAN ANY ENTITY OR INDIVIDUAL 45 THAT IS NOT AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFIL- 46 IATED BY CORPORATE CONTROL WITH, THE FINANCIAL INSTITUTION, BUT DOES NOT 47 INCLUDE A PERSON EMPLOYED JOINTLY BY A FINANCIAL INSTITUTION AND ANY 48 COMPANY THAT IS NOT SUCH FINANCIAL INSTITUTION'S AFFILIATE. 49 (G) "NONPUBLIC PERSONAL INFORMATION" SHALL MEAN NON-MEDICAL PERSONALLY 50 IDENTIFIABLE INFORMATION: 51 (1) PROVIDED BY A CUSTOMER TO A FINANCIAL INSTITUTION; 52 (2) RESULTING FROM ANY TRANSACTION WITH A CUSTOMER OR SERVICE 53 PERFORMED FOR THE CUSTOMER; OR 54 (3) OTHERWISE OBTAINED DIRECTLY OR INDIRECTLY BY THE FINANCIAL INSTI- 55 TUTION, OTHER THAN PUBLICLY AVAILABLE INFORMATION. S. 4618 3 1 (H) "PUBLICLY AVAILABLE INFORMATION" SHALL MEAN INFORMATION MADE 2 AVAILABLE TO THE GENERAL PUBLIC THAT IS OBTAINED FROM: 3 (1) FEDERAL, STATE, AND LOCAL GOVERNMENT RECORDS; 4 (2) WIDELY DISTRIBUTED MEDIA; 5 (3) DISCLOSURES TO THE GENERAL PUBLIC THAT ARE REQUIRED TO BE MADE BY 6 FEDERAL, STATE, OR LOCAL LAW. 7 S 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES. (A) A FINANCIAL 8 INSTITUTION MUST PROVIDE A CLEAR AND CONSPICUOUS WRITTEN NOTICE, ENTI- 9 TLED "FINANCIAL PRIVACY NOTICE", WRITTEN IN ACCORDANCE WITH SECTION 10 5-702 OF THE GENERAL OBLIGATIONS LAW, TO ANY INDIVIDUAL, UPON REQUEST, 11 AND TO ANY INDIVIDUAL WITH WHOM THE FINANCIAL INSTITUTION ESTABLISHES A 12 CUSTOMER RELATIONSHIP AT THE TIME A CUSTOMER RELATIONSHIP IS ESTAB- 13 LISHED, AND AT LEAST ANNUALLY THEREAFTER. SUCH NOTICE SHALL BE GIVEN AT 14 THE TIME AN ACCOUNT IS OPENED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT 15 APPLICATION IS MADE, REGARDLESS OF WHETHER THE LOAN, MORTGAGE, OR CREDIT 16 IS EXTENDED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT IS GRANTED; AT THE 17 TIME AN APPLICATION IS MADE FOR INSURANCE OR INVESTMENT SERVICES, 18 REGARDLESS OF WHETHER SUCH INSURANCE OR INVESTMENT SERVICES ARE 19 EXTENDED; AT THE TIME INSURANCE OR INVESTMENT SERVICES ARE EXTENDED; OR 20 AT THE TIME THE INDIVIDUAL ENTERS INTO ANY OTHER FORM OF FINANCIAL TRAN- 21 SACTION WITH THE FINANCIAL INSTITUTION. 22 (B) THE NOTICE SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE: 23 (1) THE SPECIFIC TYPES OF NONPUBLIC PERSONAL INFORMATION THAT THE 24 FINANCIAL INSTITUTION MAY DISCLOSE; 25 (2) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY OR WILL BE MADE; 26 (3) THE SPECIFIC TYPES OF NONAFFILIATED THIRD PARTIES TO WHICH DISCLO- 27 SURE MAY OR WILL BE MADE; 28 (4) THE PROBABLE USES THAT WILL BE MADE OF THE INFORMATION AFTER IT IS 29 DISCLOSED; 30 (5) THAT DISCLOSURE WILL BE LIMITED TO THE CONDITIONS SET FORTH IN THE 31 NOTICE; 32 (6) THAT THE CUSTOMER HAS THE RIGHT TO REVOKE THE CONSENT TO DISCLO- 33 SURE OF SUCH INFORMATION AT ANY TIME; 34 (7) THAT A NEW AUTHORIZATION WILL BE SOUGHT FROM THE CUSTOMER PRIOR TO 35 THE DISCLOSURE OF ANY NONPUBLIC PERSONAL INFORMATION RELATING TO A 36 CUSTOMER OTHER THAN UNDER THE CONDITION SET FORTH IN THE NOTICE OR 37 FOLLOWING REVOCATION OF THE CONSENT; 38 (8) WHETHER OR NOT THE FINANCIAL INSTITUTION WILL RECEIVE COMPENSATION 39 FOR THE DISCLOSURE; 40 (9) THAT A DENIAL OF APPROVAL WILL NOT ADVERSELY AFFECT THE CUSTOMER'S 41 FINANCIAL RELATIONSHIP WITH THE INSTITUTION; 42 (10) AN EXPIRATION DATE OF NO MORE THAN TWO YEARS FROM THE DATE OF 43 EXECUTION OF THE FORM; AND 44 (11) A SPACE FOR THE CUSTOMER'S SIGNATURE AND THE DATE OF EXECUTION OF 45 THE FORM. 46 S 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS. (A) 47 EXCEPT AS OTHERWISE EXPRESSLY PROVIDED IN THIS ARTICLE, A FINANCIAL 48 INSTITUTION SHALL NOT DIRECTLY OR THROUGH AN AFFILIATE DISCLOSE NONPUB- 49 LIC PERSONAL INFORMATION ABOUT A CUSTOMER TO A NONAFFILIATED THIRD PARTY 50 UNLESS THE FINANCIAL INSTITUTION HAS FIRST GIVEN WRITTEN NOTICE COMPLY- 51 ING WITH THIS ARTICLE TO THE CUSTOMER TO WHOM THE INFORMATION RELATES, 52 AND HAS OBTAINED THE SIGNED AND DATED, WRITTEN OR ELECTRONIC CONSENT OF 53 THAT CUSTOMER FOR SUCH DISCLOSURE, WHICH CONSENT IS EFFECTIVE AS OF THE 54 TIME OF THE DISCLOSURE. IN ADDITION, NO DISCLOSURE OF SUCH INFORMATION 55 SHALL BE MADE AFTER RECEIPT BY THE FINANCIAL INSTITUTION OF REVOCATION 56 OF ANY CONSENT PREVIOUSLY GIVEN, UNLESS AND UNTIL THE CUSTOMER EXECUTES S. 4618 4 1 A NEW CONSENT FORM. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR 2 THROUGH AN AFFILIATE, DISCLOSE NONPUBLIC PERSONAL INFORMATION RELATING 3 TO AN INDIVIDUAL WHO APPLIES FOR A LOAN, MORTGAGE, CREDIT, INSURANCE, 4 INVESTMENT SERVICE, OR ANY OTHER PRODUCT OR SERVICE OFFERED BY A FINAN- 5 CIAL INSTITUTION, REGARDLESS OF WHETHER OR NOT SUCH INDIVIDUAL PURCHASES 6 SUCH PRODUCT OR SERVICE, UNLESS THE FINANCIAL INSTITUTION HAS FIRST 7 GIVEN WRITTEN NOTICE COMPLYING WITH THIS ARTICLE TO SUCH INDIVIDUAL AND 8 HAS OBTAINED SUCH INDIVIDUAL'S SIGNED AND DATED WRITTEN OR ELECTRONIC 9 CONSENT. 10 (B) NO FINANCIAL INSTITUTION SHALL DISCRIMINATE AGAINST ANY CUSTOMER 11 ON THE BASIS OF THE CUSTOMER'S DENIAL OF CONSENT TO THE DISCLOSURE OF 12 HIS OR HER NONPUBLIC PERSONAL INFORMATION. 13 (C) EVERY FINANCIAL INSTITUTION SHALL ESTABLISH APPROPRIATE SAFEGUARDS 14 TO ENSURE THE SECURITY AND CONFIDENTIALITY OF RECORDS CONTAINING NONPUB- 15 LIC PERSONAL INFORMATION AND TO PROTECT AGAINST ANY ANTICIPATED THREATS 16 OR HAZARDS TO THEIR SECURITY OR INTEGRITY THAT COULD RESULT IN SIGNIF- 17 ICANT HARM, EMBARRASSMENT, OR INCONVENIENCE TO ANY DATA SUBJECT ABOUT 18 WHOM INFORMATION IS MAINTAINED. 19 S 522-D. LIMITATIONS. (A) NOTWITHSTANDING THE PROVISIONS OF SECTION 20 FIVE HUNDRED TWENTY-TWO-C OF THIS ARTICLE, A FINANCIAL INSTITUTION SHALL 21 NOT BE PROHIBITED FROM DISCLOSING NONPUBLIC PERSONAL INFORMATION RELAT- 22 ING TO A CUSTOMER UNDER THE FOLLOWING CIRCUMSTANCES: 23 (1) WHEN SPECIFICALLY AUTHORIZED BY THE CUSTOMER; 24 (2) WHEN NECESSARY TO MAINTAIN OR SERVICE THE CUSTOMER'S ACCOUNT WITH 25 THE FINANCIAL INSTITUTION; 26 (3) TO ANY PERSON OR ORGANIZATION PROVIDING PROFESSIONAL SERVICES TO 27 THE FINANCIAL INSTITUTION, INCLUDING, BUT NOT LIMITED TO, AN ACCOUNTANT 28 ENGAGED BY THE FINANCIAL INSTITUTION TO PREPARE AN INDEPENDENT AUDIT, AN 29 ATTORNEY PERFORMING A SERVICE ON BEHALF OF THE FINANCIAL INSTITUTION, OR 30 AN AGENT OR OTHER PERSON REPRESENTING THE FINANCIAL INSTITUTION IN 31 COLLECTING A DEBT OR OTHERWISE SECURING PAYMENT OF A LOAN OR ADVANCE; 32 (4) WHEN THE FINANCIAL INSTITUTION ENTERS INTO A WRITTEN CONTRACT WITH 33 A NONAFFILIATED THIRD PARTY TO MARKET THE FINANCIAL INSTITUTION'S 34 PRODUCTS OR SERVICES; 35 (5) TO PROTECT THE CONFIDENTIALITY OR SECURITY OF ITS RECORDS PERTAIN- 36 ING TO THE CUSTOMER, THE SERVICE OR PRODUCT, OR THE TRANSACTION THEREIN, 37 OR TO PROTECT AGAINST OR PREVENT ACTUAL OR POTENTIAL FRAUD, UNAUTHORIZED 38 TRANSACTIONS, CLAIMS, OR OTHER LIABILITY; 39 (6) TO PROVIDE INFORMATION TO APPLICABLE RATING AGENCIES OF THE FINAN- 40 CIAL INSTITUTION AND PERSONS ASSESSING THE INSTITUTION'S COMPLIANCE WITH 41 INDUSTRY STANDARDS; 42 (7) WHEN THE FINANCIAL INSTITUTION IS COMPELLED TO DISCLOSE THE 43 CONTENTS OF THE INFORMATION PURSUANT TO LAWFUL SUBPOENA, SUMMONS, 44 WARRANT, OR COURT ORDER; 45 (8) WHEN DISCLOSURE IS REQUIRED BY FEDERAL OR STATE LAW OR REGULATION; 46 (9) TO A CREDIT-REPORTING AGENCY, AS DEFINED BY SECTION SIX HUNDRED 47 THREE OF THE FEDERAL FAIR CREDIT REPORTING ACT, FOR INCLUSION IN A 48 CONSUMER REPORT THAT MAY BE RELEASED TO A THIRD PARTY FOR A PURPOSE 49 PERMISSIBLE UNDER SECTION SIX HUNDRED FOUR OF SUCH ACT; 50 (10) TO GOVERNMENT ENTITIES; OR 51 (11) TO THE FINANCIAL INSTITUTION'S BOND OR INSURANCE COMPANIES WHEN 52 THE FINANCIAL INSTITUTION HAS INFORMATION RELATIVE TO A CLAIM PURSUANT 53 TO ITS BOND OR DIRECTOR'S AND OFFICER'S LIABILITY INSURANCE POLICY OR 54 OTHER INSURANCE COVERAGE. 55 (B) PRIOR TO RELEASE OF NONPUBLIC PERSONAL INFORMATION RELATING TO A 56 CUSTOMER AUTHORIZED BY SUBDIVISION (A) OF SECTION FIVE HUNDRED S. 4618 5 1 TWENTY-TWO-C OF THIS ARTICLE, OR AUTHORIZED BY PARAGRAPHS TWO, THREE, 2 FOUR, FIVE, SIX, TEN, OR ELEVEN OF SUBDIVISION (A) OF THIS SECTION, THE 3 FINANCIAL INSTITUTION SHALL ENTER INTO A CONTRACTUAL AGREEMENT WITH ANY 4 THIRD PARTY RECEIVING SUCH NONPUBLIC PERSONAL CUSTOMER INFORMATION 5 PROHIBITING SUCH THIRD PARTY FROM DISCLOSING SUCH INFORMATION AND LIMIT- 6 ING THE THIRD PARTY'S USE OF SUCH INFORMATION SOLELY TO THE PURPOSES FOR 7 WHICH THE INFORMATION IS DISCLOSED OR OTHERWISE PERMITTED BY SUBDIVISION 8 (A) OF THIS SECTION. 9 S 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR MARKETING 10 PURPOSES. A FINANCIAL INSTITUTION SHALL NOT, DIRECTLY OR THROUGH AN 11 AFFILIATE, DISCLOSE, OTHER THAN TO A CONSUMER REPORTING AGENCY, AN 12 ACCOUNT NUMBER OR SIMILAR FORM OF ACCESS NUMBER OR ACCESS CODE FOR A 13 CREDIT ACCOUNT, DEPOSIT ACCOUNT, OR TRANSACTION ACCOUNT OF A CUSTOMER TO 14 ANY NONAFFILIATED THIRD PARTY FOR USE IN TELEMARKETING, DIRECT MAIL 15 MARKETING, OR OTHER MARKETING THROUGH ELECTRONIC MAIL TO THE CUSTOMER. 16 S 522-F. RECORD RETENTION. (A) A FINANCIAL INSTITUTION SHALL MAINTAIN 17 RECORDS OF FINANCIAL PRIVACY NOTIFICATION, AS REQUIRED IN THIS ARTICLE, 18 AND RETAIN COPIES OF EACH CUSTOMER'S APPROVAL OF DISCLOSURE OF CONFIDEN- 19 TIAL CUSTOMER INFORMATION OR WITHDRAWAL OF SUCH APPROVAL FOR AT LEAST 20 FOUR YEARS. 21 (B) A FINANCIAL INSTITUTION SHALL MAINTAIN RECORDS OF ALL COMPLAINTS 22 UNDER THIS ARTICLE, IF ANY, AND THEIR DISPOSITION FOR AT LEAST SEVEN 23 YEARS. 24 S 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. IN ADDITION TO ANY OTHER 25 REMEDIES PROVIDED, WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE, 26 APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF THE 27 PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDIC- 28 TION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO 29 THE DEFENDANT OF NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE 30 CONTINUANCE OF SUCH VIOLATIONS; AND IF IT SHALL APPEAR TO THE SATISFAC- 31 TION OF THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED 32 THIS ARTICLE, AN INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE, 33 ENJOINING THE RESTRAINING OF ANY FURTHER VIOLATION, WITHOUT REQUIRING 34 PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN 35 ANY SUCH PROCEEDINGS, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY 36 GENERAL AS PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION 37 EIGHTY-THREE HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND 38 DIRECT RESTITUTION. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION 39 OF THIS ARTICLE HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF 40 NOT MORE THAN ONE THOUSAND DOLLARS FOR EACH VIOLATION. IN CONNECTION 41 WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED 42 TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS AND TO 43 ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE LAW AND RULES. 44 S 522-H. PRIVATE RIGHT OF ACTION. IN THE EVENT THAT AN INDIVIDUAL'S 45 NONPUBLIC PERSONAL INFORMATION IS DISCLOSED BY A FINANCIAL INSTITUTION 46 IN VIOLATION OF THIS ARTICLE, SUCH INDIVIDUAL MAY BRING AN ACTION FOR 47 RECOVERY OF DAMAGES. JUDGMENT SHALL BE ENTERED IN AN AMOUNT NOT TO 48 EXCEED THREE TIMES THE ACTUAL DAMAGES OR FIVE HUNDRED DOLLARS, WHICHEVER 49 IS GREATER. THE COURT MAY AWARD REASONABLE ATTORNEY'S FEES TO A PREVAIL- 50 ING PLAINTIFF. 51 S 522-I. SEVERABILITY. IF ANY CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR 52 PART OF THIS ARTICLE SHALL BE ADJUDGED BY ANY COURT OF COMPETENT JURIS- 53 DICTION TO BE INVALID, SUCH JUDGMENT SHALL NOT AFFECT, IMPAIR, OR INVAL- 54 IDATE THE REMAINDER THEREOF, BUT SHALL BE CONFINED IN ITS OPERATION TO 55 THE CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR PART THEREOF DIRECTLY S. 4618 6 1 INVOLVED IN THE CONTROVERSY IN WHICH SUCH JUDGMENT SHALL HAVE BEEN 2 RENDERED. 3 S 2. This act shall take effect on the first of November next succeed- 4 ing the date on which it shall have become a law.