California Gov. Gray Davis has signed into law a tough "opt-in" privacy bill that was passed by the legislature last week.
The law, partially crafted by the credit union lobby, will require users of confidential financial information to obtain a consumer's permission before sharing the information with third-party telemarketers, except for those entities that are at least two-thirds owned by credit unions, among other exceptions.
"We all know that when California leads, America follows," said Davis, while signing one of the toughest privacy laws in the nation. "We're putting consumers in control of their intimate financial DNA."
The signing of SB 1, the California Financial Information Privacy Act, marked a quick resurrection of a bill that has languished in the legislature for four years. Strongly opposed by banks, insurance companies and other providers, those opponents switched their official positions to "neutral" in an attempt to head off an even more restrictive privacy- related ballot initiative that was to go before voters if the bill didn't pass. Advocates for a stricter privacy initiative, which had already collected 600,000 signatures to qualify it for the March 2004 ballot, had announced they would abandon the initiative if the legislature passed SB 1 by Aug. 20. The California league had been alone in supporting the bill, after initially also opposing it.
SB1 was sponsored by Sen. Jackie Speier. The privacy initiative began with the prodding of a San Mateo County commissioner who objected to his own personal financial information being sold.
"For more than a year, we have worked hard with Sen. Speier to craft legislation that would protect both consumer privacy and consumer choice, and to ensure that it reached the governor's desk," said David L. Chatfield, League president and CEO. "California consumers have made it clear that they want their privacy and personal information protected."
The California league said that because the state's banking industry was "neutral" and not officially supportive of the measure, the possibility remains open that the banks may sue to block some or all of the new law before it takes effect July 1, 2004. Sen. Spier acknowledged during an earlier press conference that the banks could head to court over the bill.
"If they do not stand by this agreement, it would be my suggestion to every Californian that they take their money out of the banks, and put their money into the credit unions in California," Speier said.
Under the provisions of SB 1, financial institutions can share information about their customers with affiliates and subsidiaries that have a different regulator from the main company, and with financial third parties, unless consumers tell them not to, or "opt out." Financial institutions can share information about customers with non-financial third- parties only if their customers give their advance permission, or "opt in."
SB 1 also pre-empts a number of local privacy ordinances that restrict information sharing by financial institutions. The ordinances had been adopted primarily by cities and counties in the Bay Area.
