WASHINGTON - The wind is hardly whipping privacy advocates' sails right now, but forecasts call for a fresh gale early next year.
When they enthusiastically accepted Congress' invitation last November to enact stringent privacy laws, legislators and attorneys general in nearly half the states thought they would cruise to victory. Not only did the Gramm-Leach-Bliley Act of 1999 expressly authorize them to craft tougher safeguards than in the federal financial reform law, but public opinion and media coverage about shady bank practices were clearly on their side.
Six months later, though, the advocates' momentum has ebbed. Most state legislatures have adjourned for the year without going further than assigning studies on the impact of the privacy protections mandated by Gramm-Leach-Bliley.
Even the more activist states still in session - namely California, New York, and Minnesota - lack support from one house of their legislature or the other to pass stricter privacy bills that have been introduced.
"What some saw as a real simple slam-dunk just isn't the case at all," said MathewStreet, an associate general counsel at the American Bankers Association.
"No one should be surprised that more than 20 states had strong privacy bills on the table," Mr. Street said. "And no one should be surprised that none of those have passed yet In the end they seemed to be saying to the public, 'We understand your concerns, but now is not the time to act. Let's wait and see what happens.' "
That is exactly the philosophy of Louis Papan, the powerful chairman of the California Assembly Banking and Finance Committee.
"Papan wants to see how federal law and regulations work before he jumps in at the state level," said the Democratic Assemblyman's chief committee consultant, William George. "I see nothing coming out of the committee. I would guess that even if something got out of both houses, the governor would veto it."
Minnesota also started the year with privacy legislation moving full steam ahead. The Democratic-controlled state Senate has passed five tough bills, which have little support in the Republican-dominated House, which is to adjourn this week.
Allen R. Caskie, executive director of the Financial Services Coordinating Council's privacy project, attributed the early failure of state legislation to "poorly thought-through proposals that would have resulted in a lot of unintended, expensive consequences."
This is not to say that the future will be smooth sailing for banks. "Looking ahead, it is clear that this is an issue that is not going away," Mr. Caskie said. "The legislatures are not going to let it go away. They are going to keep watching to see what happens with Gramm-Leach-Bliley."
When consumers start receiving privacy notices by July 1, 2001 - as is mandated by the just-released regulations implementing Gramm-Leach-Bliley - and see the efforts banks are making to protect their personal information, industry officials said public concerns may be assuaged.
Yet some state policymakers may be spurred to act by federal regulators' decision last week to delay implementation until July 2001, or eight months longer than originally planned, because financial firms pleaded for more time to comply.
"It gives some fuel to the proponents of regulation when the Legislature comes back in January," Mr. George said. "Legislators will ask, 'Why should we wait any longer?' The banks got the benefit that they don't have to send out" policy-disclosure forms until summer of next year.
Consumer activists in Washington are already collecting signatures for a 2001 ballot initiative there that would require holding companies to get customers' permission to share information with affiliates.
Another spark could be President Clinton's recent proposal to toughen the provisions of Gramm-Leach-Bliley, which requires that financial institutions once a year disclose privacy policies and give customers the chance to block information sharing with third parties.
Under the White House bill introduced by Democrats on May 4, financial institutions would have to give customers the chance to block information sharing with affiliates, too. Customers also would have to give explicit permission, or "opt in," before medical or detailed spending information could be shared.
"While there are tremendous problems with the administration's bill," Mr. Caskie said, "it is something that, for better or worse, is likely to be a template for what states might propose the next time around."
