WASHINGTON - For the second time this year, California legislators have killed a bill that would have imposed stricter privacy protection requirements on financial companies.
The defeat, after intense pressure from financial services industry lobbyists, makes it appear unlikely that any state will pass major legislation that goes beyond the privacy requirements of the Gramm-Leach-Bliley Act of 1999. The federal provisions take effect on Sunday. Indeed, a few states, including Florida and North Dakota, have actually rolled back existing requirements to bring themselves in line with the federal law.
Still, the California bill was a dragon the industry had difficulty slaying. Despite several defeats for the measure at the committee level, including one last month, industry representatives said they would be ready in case the bill turns up again this year or next.
"Nothing's dead until the session comes to a close" in September, said Gregory Wilhelm, director of government relations of the California Bankers Association, in an interview Tuesday. "We assume that this issue will remain alive for a while."
Consumer activists said the bill's one-vote margin of defeat in the California Assembly's Business and Finance Committee on Monday shows they are gaining ground. Ed Mierzwinski, a U.S. Public Interest Research Group lobbyist, urged lawmakers in other states to adopt similar legislation.
"The industry expects to win 100 to nothing," Mr. Mierzwinski said. "The fact that we narrowly lost is a sign that we are on our way up."
The bill would have prohibited financial institutions from sharing customers' information with affiliates or third parties unless the customers "opted in" by giving prior, explicit consent.
Gramm-Leach-Bliley requires only that financial institutions give customers a way to block, or "opt out" of, the sharing of confidential information with third parties. It does not inhibit sharing with affiliates.
Mr. Wilhelm said the bill would have interfered with companies' need for a free exchange of information and could have had unintended consequences.
"The sheer number of amendments, which most of us did not see until a couple of hours before the hearing started yesterday, made it very difficult to do as careful analysis as we would have liked," he said. "We were very concerned it was going to pass."
James L. Pitts, the executive director of the Financial Services Coordinating Council, said his group sent lobbyists to California to insure they would be heard in the committee debate. Mr. Pitts said the bill's precedent - "well-meaning legislation with bad unintended consequences" - would have further harmed the already-hurting California economy and the state's citizens.
Though the issue appears to be dead in California for this legislative session, it has come up on the national level. The Privacy Act of 2001, introduced by Sen. Dianne Feinstein, D-Calif., on June 15 would impose an opt-in requirement like that in the California bill, for sensitive data such as Social Security numbers, and a less stringent opt-out requirement for less sensitive information. The legislation would permit business-to-business sharing of Social Security numbers for commercial purposes, as well as bank and affiliate sharing of information.
The bill is expected to be taken up by the Judiciary Committee.
Plans are also underway for Sen. Fritz Hollings, D-S.C., to reintroduce privacy legislation that would give consumers control over personal information they submit to Internet sites.
Sen. Hollings, with other Senate Commerce Committee members, introduced similar legislation last year, but it stalled. The planned bill has a few changes, a spokesman said, but the big component, the opt-in portion, will remain the same.
Mr. Pitts reiterated the industry's longstanding argument that Gramm-Leach-Bliley needs a chance to work before Washington or the states pass any new privacy legislation.