WASHINGTON State lawmakers interest in passing stricter privacy legislation has cooled in the face of strong industry opposition and more pressing issues, such as skyrocketing energy prices and slowing economic growth nationwide.
Forty-six privacy bills were introduced in 25 states last year. But so far this year only 24 bills have been offered in 16 states, according to a review of the legislation by American Banker.
Industry officials say they will continue to argue vigorously that the privacy protections in the Gramm-Leach-Bliley Act of 1999, which take effect July 1, should be given time to work before tougher state laws are considered.
Their vigilance is justified, they say, because half the pending bills would impose harsher restrictions on the use of customer data than Gramm-Leach-Bliley does. For example, bills in six states, including New York and Virginia, would require financial companies to get explicit permission from customers before sharing information with affiliates or third parties.
And if one large state passes a strict privacy bill, copycat legislation could crop up nationwide, lobbyists said.
Anything can be a template that other states could look to and start to apply, said Jim Pitts, executive director of the Financial Services Coordinating Councils privacy project. He said that he expects the number of bills to grow before state legislatures adjourn.
Consumer advocates hope that state activism will also spur broad action on Capitol Hill. Congress never does anything unless the states do it first, said Ed Mierzwinski, consumer program director of the U.S. Public Interest Research Group. The question is how far will they go.
Mr. Mierzwinskis remarks came after a press conference Monday at which 16 consumer, civil rights, and other groups including the Consumer Federation of America, Consumers Union, American Civil Liberties Union, and U.S. PIRG unveiled a privacy coalition to urge House and Senate members to defend privacy rights.
Industry lobbyists are reacting to such measures more calmly than in 2000, when leaders of the banking, insurance, and securities industries locked arms and girded for a state-by-state fight against privacy laws.
Last year, industry officials rushed to establish the Financial Services Coordinating Councils privacy project and to take other preemptive steps out of fear that a key amendment to Gramm-Leach-Bliley would invite action. The amendment, inserted by Sen. Paul S. Sarbanes, D-Md., explicitly says that states may pass tougher consumer privacy protections than in the federal law.
Gramm-Leach-Bliley requires financial companies to send annual notices explaining how they use customer data, and offer customers a chance to block, or opt out of, the sharing of their information with third-party marketers. Some Democrats in Washington and in some states have sought tougher protections, such as applying the opt-out requirement to data transfers among affiliates in a holding company, or requiring companies to get explicit permission an opt-in from consumers before sharing their data.
The financial services industry dodged a bullet last year when no significant state bill passed. Just a few months ago a tougher fight seemed inevitable, but this year has been quieter than expected.
Lobbyists said their pleas for restraint have more clout now than a year ago because federal regulators have completed the rules to enforce Gramm-Leach-Blileys privacy provisions.
Mr. Pitts said the regulations give us the opportunity to prove that we are complying and help officials argue that lawmakers should not go out and search for a solution unless it is proven that problems persist.
We would hope that since our industries are spending billions of dollars to now come into compliance with Gramm-Leach-Bliley the states would recognize this does have some pretty tough restrictions, Mr. Pitts said.
And crises have left some statehouses with little time to worry about privacy.
Lawmakers in California a traditionally activist state and among the few that enacted any privacy legislation last year have been dealing with power outages and the near bankruptcy of the states electricity utilities.
As a result, as Californias Feb. 23 deadline for filing bills nears, few privacy measures have been offered.
Its very hard to compare whats going to go on this year with privacy legislation, said Greg Wilhelm, senior vice president of government relations at the California Bankers Association. This whole electrical power crisis has completely captured all legislative attention. Normally we would see a lot of bills being introduced every day up until the deadline. The number of bills that have been introduced so far is very small.
But at least one key California lawmaker has not given up hope of passing privacy legislation.
Assemblyman Tim Leslie, who failed last year to enact an opt-out covering both affiliates and third parties, is trying again. An aide said that Rep. Leslie has introduced legislation that would require financial companies to give customers the chance to decline data sharing with affiliates and third parties.
We feel opt-out is a substantial compromise, said Jedd Medifind, an aide to Mr. Leslie. Financial institutions have latitude, but ultimate control is with consumers. Our hope is, this will be a reasonable compromise and well be able to move forward.
Mr. Medifind said Mr. Leslie will try to rally his colleagues to act soon.
The assemblyman feels, once the cows are out, its too late to shut the barn door, he said. If we delay on protecting privacy theres hardly any reason to pass a bill at all.
Bills pending in Massachusetts, Minnesota, New York, and Virginia would require opt-ins. The Minnesota bill would apply only to transactions with third parties, but the remaining three would also affect data transfers to affiliates.
New Yorks bill, like Gramm-Leach-Bliley, would require financial companies to tell customers what information could be disclosed and to whom, how the information would be used, and the circumstances of disclosure. But it would go beyond federal law by requiring companies to obtain customers consent before sharing information with affiliates or third parties. The law also gives consumers the right to sue if information is illegally disclosed.
Michael Smith, president of the New York Bankers Association, predicted the bill would have little chance of passing because lawmakers in Albany want to review the effectiveness of the federal rules first.
The mood in New York is that the financial services sector has been very responsive to the inquiries of the state government, but there is a sense that things are proceeding well to let the federal law go into effect, Mr. Smith said.
Mississippi, Nebraska, Oregon, South Dakota, Utah, Indiana, and Virginia have bills pending that would focus only on the handling of insurance information. (Insurance information, unlike banking or securities data, is regulated solely by the states.)
The National Association of Insurance Commissioners developed a model bill that lawmakers in several states have adapted and introduced. A Nebraska bill, backed by the states insurance department and introduced by state Sen. David Landis, would prohibit disclosure of policy numbers or other data to third parties unless customers have an opportunity to opt out.
The South Dakota bill would go further barring the release of insurance account data or medical information to affiliates or third parties unless consumers are given the chance to opt out.
The Mississippi and Utah bills would require an opt-in before insurance information could be shared.
Deadlocked on whether to pass stricter privacy legislation, some states have chosen a time-honored way of dealing with a tough issue: punt it to a committee for further study.
Last spring, Alabama, Colorado, and South Carolina enacted legislation to create committees comprising state officials and financial services and other executives to study privacy issues and recommend solutions within the next two years. A similar bill is pending in New York.
California enacted legislation in September to create a privacy office to monitor consumer complaints and help raise public awareness. Similar bills are under consideration in Arizona, Maryland, and New Hampshire.
From Our Archive
- States Expected to Tighten Reform's Privacy Provisions - November 19, 1999
- Chase Pact In N.Y. Shows How States Could Set Privacy Rules - January 27, 2000
- Backers Hope Privacy Laws Get a Second Wind - May 15, 2000