[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[S. 187 Introduced in Senate (IS)]







106th CONGRESS
  1st Session
                                 S. 187

     To give customers notice and choice about how their financial 
  institutions share or sell their personally identifiable sensitive 
             financial information, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            January 19, 1999

Mr. Sarbanes (for himself, Mr. Dodd, Mr. Bryan, Mr. Leahy, Mr. Edwards, 
 and Mr. Hollings) introduced the following bill; which was read twice 
  and referred to the Committee on Banking, Housing, and Urban Affairs

_______________________________________________________________________

                                 A BILL


 
     To give customers notice and choice about how their financial 
  institutions share or sell their personally identifiable sensitive 
             financial information, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Financial Information Privacy Act of 
1999''.

SEC. 2. DEFINITIONS.

    In this Act--
            (1) the term ``covered person'' means a person that is 
        subject to the jurisdiction of any of the Federal financial 
        regulatory authorities; and
            (2) the term ``Federal financial regulatory authorities'' 
        means--
                    (A) each of the Federal banking agencies, as that 
                term is defined in section 3(z) of the Federal Deposit 
                Insurance Act; and
                    (B) the Securities and Exchange Commission.

SEC. 3. PRIVACY OF CONFIDENTIAL CUSTOMER INFORMATION.

    (a) Rulemaking.--The Federal financial regulatory authorities shall 
jointly issue final rules to protect the privacy of confidential 
customer information relating to the customers of covered persons, not 
later than 270 days after the date of enactment of this Act (and shall 
issue a notice of proposed rulemaking not later than 150 days after the 
date of enactment of this Act), which rules shall--
            (1) define the term ``confidential customer information'' 
        to be personally identifiable data that includes transactions, 
        balances, maturity dates, payouts, and payout dates, of--
                    (A) deposit and trust accounts;
                    (B) certificates of deposit;
                    (C) securities holdings; and
                    (D) insurance policies;
            (2) require that a covered person may not disclose or share 
        any confidential customer information to or with any affiliate 
        or agent of that covered person if the customer to whom the 
        information relates has provided written notice, as described 
        in paragraphs (4) and (5), to the covered person prohibiting 
        such disclosure or sharing--
                    (A) with respect to an individual that became a 
                customer on or after the effective date of such rules, 
                at the time at which the business relationship between 
                the customer and the covered person is initiated and at 
                least annually thereafter; and
                    (B) with respect to an individual that was a 
                customer before the effective date of such rules, at 
                such time thereafter that provides a reasonable and 
                informed opportunity to the customer to prohibit such 
                disclosure or sharing and at least annually thereafter;
            (3) require that a covered person may not disclose or share 
        any confidential customer information to or with any person 
        that is not an affiliate or agent of that covered person unless 
        the covered person has first--
                    (A) given written notice to the customer to whom 
                the information relates, as described in paragraphs (4) 
                and (5); and
                    (B) obtained the informed written or electronic 
                consent of that customer for such disclosures or 
                sharing;
            (4) require that the covered person provide notices and 
        consent acknowledgments to customers, as required by this 
        section, in separate and easily identifiable and 
        distinguishable form;
            (5) require that the covered person provide notice as 
        required by this section to the customer to whom the 
        information relates that describes what specific types of 
        information would be disclosed or shared, and under what 
        general circumstances, to what specific types of businesses or 
        persons, and for what specific types of purposes such 
        information could be disclosed or shared;
            (6) require that the customer to whom the information 
        relates be provided with access to the confidential customer 
        information that could be disclosed or shared so that the 
        information may be reviewed for accuracy and corrected or 
        supplemented;
            (7) require that, before a covered person may use any 
        confidential customer information provided by a third party 
        that engages, directly or indirectly, in activities that are 
        financial in nature, as determined by the Federal financial 
        regulatory authorities, the covered person shall take 
        reasonable steps to assure that procedures that are 
        substantially similar to those described in paragraphs (2) 
        through (6) have been followed by the provider of the 
        information (or an affiliate or agent of that provider); and
            (8) establish a means of examination for compliance and 
        enforcement of such rules and resolving consumer complaints.
    (b) Limitation.--The rules prescribed pursuant to subsection (a) 
may not prohibit the release of confidential customer information--
            (1) that is essential to processing a specific financial 
        transaction that the customer to whom the information relates 
        has authorized;
            (2) to a governmental, regulatory, or self-regulatory 
        authority having jurisdiction over the covered financial entity 
        for examination, compliance, or other authorized purposes;
            (3) to a court of competent jurisdiction;
            (4) to a consumer reporting agency, as defined in section 
        603 of the Fair Credit Reporting Act for inclusion in a 
        consumer report that may be released to a third party only for 
        a purpose permissible under section 604 of that Act; or
            (5) that is not personally identifiable.
    (c) Construction.--Nothing in this section or the rules prescribed 
under this section shall be construed to amend or alter any provision 
of the Fair Credit Reporting Act.
                                 <all>