WASHINGTON - Consumer advocates are celebrating the advancement of a California privacy bill as the "first step" in their push for tougher laws nationwide to control the use of customer financial information.
The California Assembly banking committee late Monday voted 8-to-2 in favor of legislation that would exceed federal protections that took effect this month. It would exceed those protections by requiring large financial institutions to get customer permission before sharing confidential data with third parties and by restricting data-sharing among affiliates.
Financial services industry representatives said they were disappointed by the vote results and argued that the legislation was deeply flawed and could have serious consequences. They blamed Gov. Gray Davis' trumpeting the issue and said he did so to placate consumers angry over higher energy costs.
"This is what happens when politics gets in the way of logic," said Washington banking attorney L. Richard Fischer, a partner at the law firm of Morrison & Foerster. "It's a bad bill and a big mistake."
For their part, privacy advocates said they were excited about the prospects for the bill - which must still clear two other committees and the full chamber - as well as for tougher national laws.
"Certainly as the fifth-largest economy in the world, what happens in California has a tidal-wave effect for the rest of the country," said Daniel L. Jacobson, legislative advocate for the California Public Interest Research Group. "This takes it a step in the right direction. Clearly the federal government should be going even further in closing the loopholes left by the Gramm-Leach-Bliley Act. We hope to be using this as a benchmark."
Under federal privacy protections, financial companies have to give customers the chance to block, or "opt out" of, the sharing of confidential information with third parties. Privacy advocates have long held that those provisions did not go far enough, while industry representatives have claimed that the law has only just gone into effect and should be given more time to work.
The California bill would require that customers "opt in" to, or explicitly authorize, transfers of confidential information to third parties, but would allow institutions to share that information with affiliates unless consumers opted out.
Industry representatives are worried that if the bill is enacted, it could build momentum for similar legislation in other states or serve as a blueprint for national legislation.
Though they remain adamantly opposed to the bill, community bank lobbyists were successful in pushing some amendments that created some exceptions for smaller institutions. The amendments would exempt banks with under $1 billion of assets from the opt-in requirement for sharing with third parties, and institutions with fewer than six affiliates from the opt-out requirements for affiliates.
Community bank officials said it made the bill better, but that is it is a poorly crafted piece of legislation.
"The bill is still very much a mess," said Craig Hudson, executive director of California Independent Bankers. "It has been very quickly composed on an ad hoc basis and no one is 100% sure what is in the legislation. So clearly no one knows what the unintended consequences of it will be."
Mr. Fischer said that if the bill becomes law, the industry might ultimately try to win a federal preemption. Gramm-Leach-Bliley set a national standard, but allows states to go further.
"It may be an impetus to look at a situation like this and say, 'This is not something that should be left to states. Maybe this is something that this is too complicated to deal with there,' " he said.
The bill, sponsored by state Sen. Jackie Speier, passed the state Senate on June 4. The legislature is scheduled to adjourn for summer recess on Friday. In September the bill is expected to go to the Assembly Judiciary Committee, and then to the Appropriations Committee before passing to the full Assembly. Gov. Davis has indicated that he would support this type of bill.