[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1929 Introduced in House (IH)]







106th CONGRESS
  1st Session
                                H. R. 1929

To amend the Federal Deposit Insurance Act to control the disclosure by 
 financial institutions of personal financial information of customers 
              of the institutions, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 25, 1999

  Mr. Inslee (for himself, Mr. Capuano, Mr. Filner, Mr. Hinchey, Mr. 
    Hoeffel, Mr. Kanjorski, Ms. Lee, Mr. McDermott, Ms. Rivers, Mr. 
Sanders, Ms. Schakowsky, and Mr. Stark) introduced the following bill; 
 which was referred to the Committee on Banking and Financial Services

_______________________________________________________________________

                                 A BILL


 
To amend the Federal Deposit Insurance Act to control the disclosure by 
 financial institutions of personal financial information of customers 
              of the institutions, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Banking Privacy Act of 1999''.

SEC. 2. PERSONAL INFORMATION SHARING.

    (a) Depository Institutions and Subsidiaries of Depository 
Institutions.--Section 18 of the Federal Deposit Insurance Act (12 
U.S.C. 1828) is amended by adding at the end the following new 
subsection:
    ``(t) Personal Information Sharing Requirements.--
            ``(1) Information sharing prohibited if customer opts 
        out.--Notwithstanding any other provision of law and except as 
        permitted under paragraph (5), an insured depository 
        institution and a subsidiary of a depository institution may 
        not disclose or transfer customer information relating to any 
        customer to any other person, including an affiliate of the 
        depository institution, unless--
                    ``(A) the customer to whom such information relates 
                has been provided with notice in accordance with 
                paragraph (2); and
                    ``(B) the customer has not provided a written 
                directive (including a transmission by e-mail, 
                facsimile, or other form of electronic communication) 
                to the insured depository institution or subsidiary, at 
                any time before the close of business on the 6th 
                business day before such disclosure or transfer, that 
                such information shall not be disclosed or transferred, 
                except when specifically authorized by the customer in 
                connection with and pertaining to a specific 
                transaction with the depository institution or 
                subsidiary.
            ``(2) Notice.--
                    ``(A) In general.--The notice referred to in 
                paragraph (1)(A) shall fully and fairly disclose, in 
                accordance with regulations which the Federal banking 
                agencies shall jointly prescribe, what information is 
                being disclosed or transferred, the policy of the 
                insured depository institution or subsidiary of an 
                insured depository institution with regard to 
                information sharing, and the right of the customer to 
                prohibit the disclosure or transfer of such 
                information.
                    ``(B) Form of notice.--
                            ``(i) In general.--The regulations 
                        prescribed pursuant to subparagraph (A) shall 
                        require that the notice required under such 
                        subparagraph--
                                    ``(I) be prominently displayed on a 
                                document which is separate from any 
                                other document;
                                    ``(II) have the term `Privacy 
                                Notice' in prominent typeface at the 
                                top of the notice.
                            ``(ii) Notice requirements.--
                                    ``(I) Mailing.--If the notice 
                                required under subparagraph (A) is 
                                mailed to the customer, the notice 
                                shall be mailed separately from any 
                                other statement, document, or notice 
                                mailed to the customer.
                                    ``(II) In person.--If the notice 
                                required under subparagraph (A) is 
                                disclosed to the customer in person by 
                                an officer, director, or agent of the 
                                depository institution or subsidiary 
                                thereof, the officer, employee, or 
                                agent shall obtain the written 
                                acknowledgement of the customer of the 
                                receipt of such notice separately from 
                                any other signature or written 
                                acknowledgment of the customer.
            ``(3) Customer information defined.--For purposes of this 
        subsection, the term `customer information' means any 
        information acquired from a customer of the insured depository 
        institution that is personally identifiable to the customer, 
        including information relating to transactions, balances, 
        maturity dates, payouts, and payout dates, and transaction or 
        experience information.
            ``(4) Reasonable opportunity to respond to notice.--In 
        order to provide any customer of an insured depository 
        institution or any subsidiary of an insured depository 
        institution with reasonable opportunity to respond to any 
        notice referred to in paragraph (1)(A), the prohibition 
        contained in paragraph (1) on the disclosure or transfer of any 
        customer information relating to such customer to any other 
        person, including an affiliate, shall continue during the 30-
        day period beginning on the date the notice referred to in such 
        paragraph was sent or delivered to such customer, unless the 
        customer has authorized such disclosure or transfer.
            ``(5) Exceptions.--Paragraph (1) shall not apply to the 
        disclosure or transfer of customer information--
                    ``(A) in connection with processing a specific 
                financial transaction that the customer to whom the 
                information relates has authorized, if--
                            ``(i) the customer has been informed that 
                        any such transaction will necessarily involve 
                        the disclosure or transfer of such information; 
                        and
                            ``(ii) the person to whom such information 
                        is transferred or disclosed is subject to a 
                        legal or contractual obligation not to use such 
                        information for any purpose other than in 
                        connection with facilitating the transaction;
                    ``(B) in connection with any routine financial 
                transaction which does not involve marketing of 
                services or the sale of customer information, if the 
                person to whom such information is transferred or 
                disclosed is subject to a legal or contractual 
                obligation not to use such information for any purpose 
                other than in connection with effectuating the 
                transaction;
                    ``(C) in connection with clearing checks, 
                processing credit transactions or electronic fund 
                transfers, or providing mailing services, if the person 
                to whom such information is transferred or disclosed is 
                subject to a legal or contractual obligation not to use 
                such information for any purpose other than in 
                connection with clearing or processing the transaction 
                or providing the service;
                    ``(D) to a governmental, regulatory, or self-
                regulatory authority having jurisdiction over the 
                insured depository institution for examination, 
                compliance, or other authorized purposes;
                    ``(E) to a court of competent jurisdiction;
                    ``(F) to a consumer reporting agency, as defined in 
                section 603(f) of the Fair Credit Reporting Act, for 
                use solely in accordance with such Act;
                    ``(G) in the case of a default by the customer on 
                an obligation to the depository institution or 
                subsidiary, to a debt collector, as defined in section 
                803(6) of the Fair Debt Collection Practices Act, 
                counsel, or other entity involved in debt collection, 
                for use solely in accordance with such Act;
                    ``(H) in the case of any claim or litigation 
                between the customer and a depository institution or 
                subsidiary, to a counsel or other person involved in 
                the resolution of the dispute;
                    ``(I) that is not personally identifiable to the 
                customer or is public information; or
                    ``(J) that is necessary to prevent or investigate 
                fraudulent or unlawful acts which the depository 
                institution or subsidiary has a good faith belief may 
                occur or may have occurred.''.
    (b) Bank Holding Companies and Affiliates of Bank Holding 
Companies.--Section 5 of the Bank Holding Company Act of 1956 (12 
U.S.C. 1844) is amended by adding at the end the following new 
subsection:
    ``(g) Personal Information Sharing Requirements.--
            ``(1) Information sharing prohibited if customer opts 
        out.--Notwithstanding any other provision of law and except as 
        permitted under paragraph (5), a bank holding company and an 
        affiliate of a bank holding company (other than a depository 
        institution subsidiary or subsidiary of such depository 
        institution) may not disclose or transfer customer information 
        relating to any customer to any other person, including another 
        affiliate of the bank holding company, unless--
                    ``(A) the customer to whom such information relates 
                has been provided with notice in accordance with 
                paragraph (2); and
                    ``(B) the customer has not provided a written 
                directive (including a transmission by e-mail, 
                facsimile, or other form of electronic communication) 
                to the bank holding company or affiliate, at any time 
                before the close of business on the 6th business day 
                before such disclosure or transfer, that such 
                information shall not be disclosed or transferred, 
                except when specifically authorized by the customer in 
                connection with and pertaining to a specific 
                transaction with the bank holding company or affiliate.
            ``(2) Notice.--
                    ``(A) In general.--The notice referred to in 
                paragraph (1)(A) shall fully and fairly disclose, in 
                accordance with regulations which the Board shall 
                prescribe, what information is being disclosed or 
                transferred, the policy of the bank holding company or 
                affiliate of a bank holding company with regard to 
                information sharing, and the right of the customer to 
                prohibit the disclosure or transfer of such 
                information.
                    ``(B) Form of notice.--
                            ``(i) In general.--The regulations 
                        prescribed pursuant to subparagraph (A) shall 
                        require that the notice required under such 
                        subparagraph--
                                    ``(I) be prominently displayed on a 
                                document which is separate from any 
                                other document:
                                    ``(II) have the term `Privacy 
                                Notice' in prominent typeface at the 
                                top of the notice.
                            ``(ii) Notice requirements.--
                                    ``(I) Mailing.--If the notice 
                                required under subparagraph (A) is 
                                mailed to the customer, the notice 
                                shall be mailed separately from any 
                                other statement, document, or notice 
                                mailed to the customer.
                                    ``(II) In person.--If the notice 
                                required under subparagraph (A) is 
                                disclosed to the customer in person by 
                                an officer, director, or agent of the 
                                bank holding company or affiliate 
                                thereof, the officer, employee, or 
                                agent shall obtain the written 
                                acknowledgement of the customer of the 
                                receipt of such notice separately from 
                                any other signature or written 
acknowledgment of the customer.
            ``(3) Customer information defined.--For purposes of this 
        subsection, the term `customer information' means any 
        information acquired from a customer of the bank holding 
        company or affiliate that is personally identifiable to the 
        customer, including information relating to transactions, 
        balances, maturity dates, payouts, and payout dates, and 
        transaction or experience information.
            ``(4) Reasonable opportunity to respond to notice.--In 
        order to provide any customer of a bank holding company or any 
        affiliate of a bank holding company with reasonable opportunity 
        to respond to any notice referred to in paragraph (1)(A), the 
        prohibition contained in paragraph (1) on the disclosure or 
        transfer of any customer information relating to such customer 
        to any other person, including another affiliate, shall 
        continue during the 30-day period beginning on the date the 
        notice referred to in such paragraph was sent or delivered to 
        such customer, unless the customer has authorized such 
        disclosure or transfer.
            ``(5) Exceptions.--Paragraph (1) shall not apply to the 
        disclosure or transfer of customer information--
                    ``(A) in connection with processing a specific 
                financial transaction that the customer to whom the 
                information relates has authorized, if--
                            ``(i) the customer has been informed that 
                        any such transaction will necessarily involve 
                        the disclosure or transfer of such information; 
                        and
                            ``(ii) the person to whom such information 
                        is transferred or disclosed is subject to a 
                        legal or contractual obligation not to use such 
                        information for any purpose other than in 
                        connection with facilitating the transaction;
                    ``(B) in connection with any routine financial 
                transaction which does not involve marketing of 
                services or the sale of customer information, if the 
                person to whom such information is transferred or 
                disclosed is subject to a legal or contractual 
                obligation not to use such information for any purpose 
                other than in connection with effectuating the 
                transaction;
                    ``(C) in connection with clearing checks, 
                processing financial transactions or electronic fund 
                transfers, or providing mailing services, if the person 
                to whom such information is transferred or disclosed is 
                subject to a legal or contractual obligation not to use 
                such information for any purpose other than in 
                connection with clearing or processing the transaction 
                or providing the service;
                    ``(D) to a governmental, regulatory, or self-
                regulatory authority having jurisdiction over the 
                insured depository institution for examination, 
                compliance, or other authorized purposes;
                    ``(E) to a court of competent jurisdiction;
                    ``(F) to a consumer reporting agency, as defined in 
                section 603(f) of the Fair Credit Reporting Act, for 
                use solely in accordance with such Act;
                    ``(G) in the case of a default by the customer on 
                an obligation to the bank holding company or affiliate, 
                to a debt collector, as defined in section 803(6) of 
                the Fair Debt Collection Practices Act, counsel, or 
                other entity involved in debt collection, for use 
                solely in accordance with such Act;
                    ``(H) in the case of any claim or litigation 
                between the customer and a depository institution or 
                subsidiary, to counsel or any other person involved in 
                the resolution of the dispute;
                    ``(I) that is not personally identifiable to the 
                customer or is public information; or
                    ``(J) that is necessary to prevent or investigate 
                fraudulent or unlawful acts which the bank holding 
                company or affiliate has a good faith belief may occur 
                or may have occurred.''.
                                 <all>