[Congressional Record Volume 145, Number 162 (Tuesday, November 16, 1999)]
[Senate]
[Pages S14614-S14615]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. LEAHY (for himself, Mr. Bryan, Mr. Harkin, Mr. Durbin, Mr. 
        Feingold, and Mr. Robb):
  S. 1924. A bill to ensure personal privacy with respect to financial 
information, to provide customers notice and choice about how their 
financial institutions share or sell their personally identifiable 
sensitive financial information, to provide for strong enforcement of 
these rights, and to protect States' rights; to the Committee on 
Banking, Housing, and Urban Affairs.


           the financial information privacy and security act

  Mr. LEAHY. Mr. President, I rise today to introduce the Financial 
Information Privacy and Security Act of 1999. I am pleased that 
Senators Bryan, Harkin, Durbin, and Feingold are original cosponsors of 
this legislation to protect the financial privacy of all Americans.
  The right of privacy is a personal and fundamental right protected by 
the Constitution of the United States. But today, the American people 
are growing more and more concerned over encroachments on their 
personal privacy.
  New technologies, new communications media, and new business services 
created with the best of intentions and highest of expectations also 
pose a threat to our ability to keep our lives to ourselves, and to 
live, work and think without having personal information about us 
collected without our knowledge or consent.
  This incremental invasion of our privacy has happened through the 
lack of safeguards on personal, financial and medical information, 
which can be stolen, sold or mishandled and find its way into the wrong 
hands with the push of a button or click of a mouse.
  Our right of privacy has become one of the most vulnerable rights in 
the information age. The digitalization of information and the 
explosion in the growth of computing and electronic networking offer 
tremendous potential benefits to the way Americans live, work, conduct 
commerce, and interact with their government.
  It makes it possible for me, sitting in my farmhouse in Vermont, to 
connect with any Member of Congress or friends around the world, to get 
information with the click of a mouse on my computer.
  But the new technology also presents new threats to our individual 
privacy and security, in particular, our ability to control the terms 
under which our personal information is acquired, disclosed, and used.
  Just last week, President Clinton signed into law the landmark 
Financial Modernization Act of 1999, which updates our financial laws 
and opens up the financial services industry to become more 
competitive, both at home and abroad. I supported this legislation 
because I believe it will benefit businesses and consumers. It will 
make it easier for banking, securities, and insurance firms to 
consolidate their services, cut expenses and offer more products at a 
lower cost to all. But it also raises new concerns about our financial 
privacy.
  New conglomerates in the financial services industry may now offer a 
widening variety of services, each of which may require a customer to 
provide financial, medical or other personal information. Nothing in 
the new law prevents these new subsidiaries or affiliates of financial 
conglomerates from sharing this information for uses beyond those the 
customer thought he or she was providing it.
  For example, the new law has no requirement for the consumer to 
consent before these new financial subsidiaries or affiliates sell, 
share, or publish information on savings account balances, certificates 
of deposit maturity dates and balances, stock and mutual fund purchases 
and sales, life insurance payouts or health insurance claims.
  That is wrong. You shouldn't be able to have that information and go 
around to anybody who wants to use it to pitch you some new product or 
scare you into cashing in life savings or anything else.
  As President Clinton recently warned:

       Although consumers put a great value on privacy of their 
     financial records, our laws have not caught up to 
     technological developments that make it possible and 
     potentially profitable for companies to share financial data 
     in new ways. Consumers who undergo physical exams to obtain 
     insurance, for example, should not have to fear the 
     information will be used to lower their credit card limits or 
     deny them mortgages.

  I strongly agree. If we had this information in a desk drawer at 
home, nobody could come in and just take it. Instead, it is in the 
electronic desk drawer of one of the companies we have given it to, and 
they can share it with anybody they want within their organization.
  Mr. President, the Financial Information Privacy and Security Act of 
1999 offers this Congress the historic opportunity to provide 
fundamental privacy of every American's personal financial information. 
This bill would protect the privacy of this financial information by 
directing the Federal Reserve Board, Office of Thrift Supervision, 
Federal Deposit Insurance Corporation, Office of the Comptroller of the 
Currency, and the Securities and Exchange Commission jointly to 
promulgate rules requiring the financial

[[Page S14615]]

institutions they regulate to: (1) inform their customers about what 
information may be disclosed, and under what circumstances, including 
when, to whom and for what purposes; (2) allow customers to review the 
information for accuracy; (3) establish safeguards to protect the 
confidentiality of personally identifiable customer information and 
records to prevent unauthorized disclosure; and (4) for new customers, 
obtain the customers' consent to disclosure, and for existing 
customers, give the customers a reasonable opportunity to object to 
disclosure. These financial institutions could use confidential 
customer information from other entities only if the entities provides 
their customers with similar privacy protections.
  In addition, this bill provides individuals the civil right of action 
to enforce their financial privacy rights and to recover punitive 
damages, reasonable attorneys fees, and other litigation costs. Privacy 
rights must be enforceable in a court of law to be truly effective.
  To be sure, this legislation would not affect any state law which 
provides greater financial privacy protections to its citizens. Some 
states have already recognized the growing need for financial privacy 
protections. For example, I am proud to say that Vermont instituted 
cutting edge financial privacy laws five years ago. This bill is 
intended to provide the most basic rights of financial privacy to all 
American consumers. They deserve nothing less.
  When President Clinton signed the financial modernization bill last 
week, he directed the National Economic Council to work with the 
Treasury Department and Office of Management and Budget to craft 
legislative proposals to forward to Congress next year to protect 
financial privacy in the new financial services marketplace. I believe 
the Financial Information Privacy and Security Act of 1999, which we 
are introducing today, should serve as the foundation for the 
Administration's financial privacy bill.
  Americans ought to be able to enjoy the exciting innovations of this 
burgeoning information era without losing control over the use of their 
financial information.
  The Financial Information Privacy and Security Act updates United 
States privacy laws to provide these fundamental protections of 
personal financial information in the evolving financial services 
industry.
  I urge my colleagues to support it.
  On privacy, in Vermont we care greatly about this. I have been in 
public life for a long time. During that time, I have only clipped and 
actually saved and framed a couple articles about me from the press.
  My distinguished friend from Nevada, who is on the floor, like me 
lives in a rural area--he in Searchlight, I in Middlesex, VT. I live on 
this dirt road. I look down this valley, 35 miles down a valley, 
mountains on either side. I literally cannot see another house from my 
front yard. It is a beautiful spot, this place my parents got when I 
was a teenager just for a summer home. Marcelle and I have made a year-
round place out of it. There is a neighboring farm family who, for 40 
years, have hayed the fields and done work around there. They have 
known me since I was a teenager. The article I cut from the papers was 
from one of our largest newspapers. It was a sidebar. Here is almost 
verbatim the way it went.
  The out-of-State reporter drives up to a farmer who is sitting on his 
porch along the dirt road. He says to the farmer, ``Does Senator Leahy 
live up this road?'' The farmer said, ``You a relative of his?'' He 
said, ``No, I am not.'' He says, ``You a friend of his?'' He said, 
``Not really.'' He says, ``Is he expecting you?'' The reporter says, 
``No.'' The farmer looks him right in the eye and says, ``Never heard 
of him.''
  Now, we Vermonters like our privacy. This was a Saturday, and the 
farmer wasn't about to tell somebody where I lived and direct him down 
the dirt road to it. It is a humorous story, but I kept that over the 
years because it reminds me of other ways to protect our privacy. By 
the same token, I would not want--whether it is that reporter or 
somebody I never met--to go onto a computer and find my bank 
statements, my medical records, my children's medical records, or my 
spouse's, and find out whether we have applied for a mortgage or not, 
or find out whether we have bought life insurance or cashed in life 
insurance. So I think we have to ask ourselves as we go into the new 
millennium, one where information will flow quicker and in more detail 
than could have even been conceived a generation ago--it could not have 
been conceived at the time my parents purchased that beautiful spot in 
Vermont. Ten years from now, we will move faster and with more 
complexity than we could even think of today.
  So I think the Congress, if it is going to fulfill its responsibility 
to the American people, has to do more and more to protect our privacy 
and allow technology to move as fast as it can, but not at the price of 
our individual privacy. We all know basically what we, our friends, 
neighbors, families, would want to give up of their personal privacy--
not very much. Think to yourself, if this was something you had in the 
top drawer of your desk at home, knowing nobody could get it, they 
would need search warrants or they would break the law by coming in and 
taking it. That is all the more reason why on somebody's computer they 
should not be allowed to take it.
                                 ______