WASHINGTON - Legislation that would require credit card issuers to let customers block having their information shared with affiliates or third parties is awaiting the signature of California Gov. Gray Davis.
The California Assembly passed the bill Aug. 31, a day after the state Senate did likewise.
Though limited to credit card companies, it is the only bill a state legislature has passed this year that would prohibit a financial company from sharing information among affiliates or with any third party without giving customers a chance to opt out. It would add to the Gramm-Leach-Bliley Act of 1999, which requires banks and other financial institutions to let customers block data transfers with most third parties.
Separately, U.S. Bancorp agreed to pay $3.5 million Friday to settle charges that it illegally shared customer information with a telemarketing firm, which allegedly charged customer accounts for merchandise they had not ordered.
A U.S. Bancorp spokeswoman said U.S. District Court in Minnesota has given preliminary approval to the deal, which settles a group of class actions brought against the company in the scandal's wake. It is the second settlement the $86 billion-asset company has agreed to since the charges were raised last year.
The U.S. Bancorp case in large part spurred lawmakers to include privacy provisions in Gramm-Leach-Bliley last year. Industry lobbyists had spent much of their time since then trying to prevent states from passing tougher laws; they had been largely successful until the votes in California last week.
Whether the bill will become law remains uncertain. Gov. Davis has until Sept. 30 to either sign or veto it, or he could take no action, which would result in the bill's enactment without his signature. Gov. Davis has taken no public position on the bill, his spokesman said Friday.
If signed into law, the bill would require credit card issuers after Jan. 1 to give cardholders a form they could fill out and a toll-free number they could call to block the sharing of information on their shopping patterns, spending history, or behavioral characteristics with affiliates or outside marketers. However, the bill would let issuers share consumer information needed for day-to-day operations such as the processing or acquisition of credit card accounts, or to prevent fraud.
Under the bill, issuers after April 1, 2002, would have to give cardholders at least 60 days' notice before an initial disclosure of marketing information. Once a cardholder tells an issuer to stop sharing information, the issuers has 30 days to comply. Once a year, issuers would have to send cardholders a statement notifying them of their right to block marketers from getting their information.
Meanwhile, in the U.S. Bancorp case, the company's chief privacy officer, Patricia Bauer, said that a preliminary settlement was reached Friday with the plaintiffs in several class actions, which were combined by the court. The settlement will not become final until a fairness hearing in December, she said.
A statement from U.S. Bancorp said the company has agreed to establish a settlement fund of $3 million to cover potential claims, as well as $500,000 for plaintiffs' attorney fees. If any of the settlement money is left over, the balance is to go the University of Minnesota Law School or nonprofit human service agencies, the company said. Under the preliminary agreement, claim amounts will range from $25 to $400 per person or per account.
The Minnesota attorney general's office, joined by 30 other states' attorneys general, sued U.S. Bancorp in June 1999. That case was settled in less than a month, after the company agreed to pay $3 million. Under the agreement, U.S. Bancorp was to pay $500,000 for legal and research expenses and contribute $2.5 million to charitable causes. At the time, U.S. Bancorp also agreed to let customers opt out of any cross-marketing deal with a holding company affiliate of its bank.
Related Content Online: