THIS SEARCH THIS DOCUMENT GO TO
Next Hit Forward New Bills Search
Prev Hit Back HomePage
Hit List Best Sections Help
Doc Contents
H.R.4332
Financial Consumers' Bill of Rights Act (Introduced in the
House)
`TITLE V--PRIVACY OF
CONSUMER INFORMATION
`Subtitle A--Disclosure of Nonpublic Personal Information
`SEC. 501. PROTECTION OF NONPUBLIC PERSONAL INFORMATION .
`(a) PRIVACY OBLIGATION
POLICY- It is the policy of the Congress that each financial institution has
an affirmative and continuing obligation to respect the privacy of its customers and to
protect the security and confidentiality of those customers' nonpublic personal information .
`(b) FINANCIAL INSTITUTIONS SAFEGUARDS- In furtherance of the policy in
subsection (a), each agency or authority described in section 504(a) shall
establish by rule or order appropriate standards for the financial
institutions subject to their jurisdiction, and the Commission shall establish
such standards for any financial institutions not subject to such
jurisdiction, relating to administrative, technical, and physical
safeguards--
`(1) to insure the security and confidentiality of customer records and
information ;
`(2) to protect against any anticipated threats or hazards to the
security or integrity of such records; and
`(3) to protect against unauthorized access to or use of such records or
information which could result
in substantial harm or inconvenience to any customer.
`SEC. 502. OBLIGATIONS WITH RESPECT TO PERSONAL INFORMATION .
`(a) GENERAL REQUIREMENTS- Except as otherwise provided in this subtitle,
a financial institution may not, directly or through any affiliate, disclose
or make an unrelated use of any nonpublic personal information collected by the financial
institution in connection with any transaction with a consumer in any
financial product or any financial service, unless such financial institution
provides or has provided to the consumer a notice that complies with section
503 and the rules thereunder.
`(b) OPT-IN REQUIRED FOR INFORMATION TRANSFERS-
`(1) AFFIRMATIVE CONSENT REQUIRED- Each agency or authority described in
section 504(a) shall by rule prohibit a financial institution that is
subject to its jurisdiction from making available any nonpublic personal information to any affiliate or
other person that is not an employee or agent of the institution, unless the
consumer to whom the information pertains--
`(A) has affirmatively consented in accordance with such rule to the
transfer of such information
; and
`(B) has not withdrawn the consent.
`(2) FLEXIBILITY OF FORM- A financial institution may, in complying with
paragraph (1), present the opportunity to consent in a clear and conspicuous
manner that permits the consumer to consent--
`(A)(i) with respect to both affiliates and nonaffiliated
persons;
`(ii) separately with respect to affiliates generally and
nonaffiliated persons generally; or
`(iii) separately with respect to specified affiliates and
nonaffiliated persons; and
`(B) separately with respect to specified financial and nonfinancial
products and services that may be offered to the consumer.
`(3) DENIAL OF SERVICE PROHIBITED- The rule prescribed pursuant to
paragraph (1) shall prohibit a financial institution from denying any
consumer a financial product or a financial service for the refusal by the
consumer to grant the consent required by such rule.
`(c) ACCESS TO AND CORRECTION OF INFORMATION VENDED TO THIRD
PARTIES-
`(1) RULE REQUIRED- Each agency or authority described in section 504(a)
shall by rule require a financial institution that is subject to its
jurisdiction and that makes available nonpublic personal information collected by the
financial institution to any person or entity other than an employee or
agent of such institution to afford that consumer--
`(A) the opportunity to examine, upon request, all nonpublic personal information that was so made
available; and
`(B) the opportunity to dispute the accuracy of any of such information , and to present
evidence thereon.
`(d) LIMITATIONS ON THE SHARING OF ACCOUNT NUMBER INFORMATION FOR MARKETING PURPOSES- A
financial institution shall not disclose an account number or similar form of
access number or access code for a credit card account, deposit account, or
transaction account of a consumer to any affiliate or any nonaffiliated third
party for use in telemarketing, direct mail marketing, or other marketing
through electronic mail or other electronic means to the consumer.
`(e) LIMITS ON REUSE OF INFORMATION - Except as otherwise
provided in this subtitle, an affiliate or a nonaffiliated third party that
receives from a financial institution nonpublic personal information under this section shall
not, directly or through an affiliate of such receiving third party, disclose
such information to any other
person that is an affiliate or a nonaffiliated third party of both the
financial institution and such receiving third party, unless such disclosure
would be lawful if made directly to such other person by the financial
institution.
`(f) GENERAL EXCEPTIONS- Subsections (a) and (b) shall not prohibit the
disclosure of nonpublic personal
information --
`(1) as necessary to effect, administer, or enforce a transaction
requested or authorized by the consumer, or in connection with--
`(A) servicing or processing a financial product or service requested
or authorized by the consumer;
`(B) maintaining or servicing the consumer's account with the
financial institution; or
`(C) a proposed or actual securitization, secondary market sale
(including sales of servicing rights), or similar transaction related to a
transaction of the consumer;
`(2) with the consent or at the direction of the consumer;
`(3)(A) to protect the confidentiality or security of the financial
institution's records pertaining to the consumer, the service or product, or
the transaction therein; (B) to protect against or prevent actual or
potential fraud, unauthorized transactions, claims, or other liability; (C)
for required institutional risk control, or for resolving customer disputes
or inquiries; (D) to persons holding a legal or beneficial interest relating
to the consumer; or (E) to persons acting in a fiduciary or representative
capacity on behalf of the consumer;
`(4) to provide information to insurance rate
advisory organizations, guaranty funds or agencies, applicable rating
agencies of the financial institution, and the institution's attorneys,
accountants, and auditors;
`(5) to the extent specifically permitted or required under other
provisions of law and in accordance with the Right to Financial Privacy Act of 1978, to law
enforcement agencies (including a Federal functional regulator, the
Secretary of the Treasury with respect to subchapter II of chapter 53 of
title 31, United States Code, and chapter 2 of title I of Public Law 91-508
(12 U.S.C. 1951-1959), a State insurance authority, or the Federal Trade
Commission), self-regulatory organizations, or for an investigation on a
matter related to public safety;
`(6)(A) to a consumer reporting agency in accordance with the Fair
Credit Reporting Act, or (B) from a consumer report reported by a consumer
reporting agency in accordance with the Fair Credit Reporting Act;
`(7) in connection with a proposed or actual sale, merger, transfer, or
exchange of all or a portion of a business or operating unit if the
disclosure of nonpublic personal information concerns solely
consumers of such business or unit; or
`(8) to comply with Federal, State, or local laws, rules, and other
applicable legal requirements; to comply with a properly authorized civil,
criminal, or regulatory investigation or subpoena or summons by Federal,
State, or local authorities; or to respond to judicial process or government
regulatory authorities having jurisdiction over the financial institution
for examination, compliance, or other purposes as authorized by law.
`SEC. 503. NOTICE CONCERNING DISCLOSING INFORMATION .
`(a) RULE REQUIRED- Each agency or authority described in section 504(a)
shall prescribe rules in accordance with this section to prohibit unfair and
deceptive acts or practices in connection with the disclosing of nonpublic
personal information or with making unrelated
uses of such information . Such
rules shall require any financial institution, through the use of a form that
complies with the rules prescribed under subsection (b), to clearly and
conspicuously disclose to the consumer at the time of establishing a customer
relationship with a consumer and not less than annually during the
continuation of such relationship--
`(1) the categories of nonpublic personal information that are collected by
the financial institution;
`(2) the practices and policies of the financial institution with
respect to disclosing nonpublic personal information , or making unrelated
uses of such information ,
including--
`(A) the categories of persons to whom the information is or may be disclosed
or who may be permitted to make unrelated uses of such information , other than the
persons to whom the information must be provided to
effect, administer, or enforce the transaction; and
`(B) the practices and policies of the institution with respect to
disclosing or making unrelated uses of nonpublic personal information of persons who have
ceased to be customers of the financial institution;
`(3) the policies that the institution maintains to protect the
confidentiality and security of nonpublic personal information ;
`(4) the practices and policies of the institution with respect to
providing consumers the opportunity to examine and dispute information pursuant to the rule
prescribed under section 502(c); and
`(5) the right of the consumer under such section to examine, upon
request, the nonpublic personal information , to dispute the
accuracy of any of such information , and to present
evidence thereon.
`(b) DESIGN OF NOTICE REQUIREMENTS- In prescribing the form of a notice
for purposes of subsection (a), each agency or authority described in section
504(a) shall ensure that consumers are provided a clear and conspicuous
disclosure that permits them to compare differences in the measures that the
financial institution takes, and the policies that the institution has
established, to protect the consumer's privacy as compared to the measures
taken and the policies established by other financial institutions. Such form
shall specifically identify the rights the institution affords consumers to
grant or deny consent to (1) the disclosing of nonpublic personal information for any purpose other than
as required in order to effect, administer, or enforce the consumer's
transaction, or (2) the making of an unrelated use of such information .
`(c) ADDITIONAL CONTENTS OF RULES; EXEMPTIVE RULES- Each agency or
authority described in section 504(a) shall, by rule, and may by order--
`(1) specify the disclosures and uses of information which, for purposes of
this subtitle and the rules prescribed thereunder, may be treated as
necessary to effect, administer, or enforce a consumer's transaction with
respect to a variety of financial services and financial products;
`(2) specify timing requirements with respect to notices to new and
existing customers, which shall not require notices more frequently than
annually unless there has been a change in the information required to be disclosed
pursuant to subsection (a); and
`(3) provide, consistent with the purposes of this subtitle, exemptions
or temporary waivers to, or delayed effective dates for, any requirement of
this subtitle or the rules prescribed thereunder.
`SEC. 504. ENFORCEMENT.
`(a) IN GENERAL- This subtitle and the rules prescribed thereunder shall
be enforced by the Federal functional regulators, the State insurance
authorities, and the Federal Trade Commission with respect to financial
institutions and other persons subject to their jurisdiction under applicable
law, as follows:
`(1) Under section 8 of the Federal Deposit Insurance Act, in the case
of--
`(A) national banks, Federal branches and Federal agencies of foreign
banks by the Office of the Comptroller of the Currency;
`(B) member banks of the Federal Reserve System (other than national
banks), branches and agencies of foreign banks (other than Federal
branches, Federal agencies, and insured State branches of foreign banks),
commercial lending companies owned or controlled by foreign banks,
organizations operating under section 25 or 25A of the Federal Reserve
Act, bank holding companies by the Board of Governors of the Federal
Reserve System;
`(C) banks insured by the Federal Deposit Insurance Corporation (other
than members of the Federal Reserve System), insured State branches of
foreign banks by the Board of Directors of the Federal Deposit Insurance
Corporation; and
`(D) savings association the deposits of which are insured by the
Federal Deposit Insurance Corporation by the Director of the Office of
Thrift Supervision.
`(2) Under the Federal Credit Union Act, by the Administrator of the
National Credit Union Administration with respect to any Federal or state
chartered credit union.
`(3) Under the Securities Exchange Act of 1934, by the Securities and
Exchange Commission with respect to any broker-dealer.
`(4) Under the Investment Company Act of 1940, by the Securities and
Exchange Commission with respect to investment companies.
`(5) Under the Investment Advisers Act of 1940, by the Securities and
Exchange Commission with respect to investment advisers registered with the
Commission under such Act.
`(6) Under the Federal Home Loan Bank Act, by the Federal Housing
Finance Board with respect to Federal home loan banks.
`(7) In the case of any person engaged in providing insurance, by the
State insurance authority, if that State has elected to become a
participating State, notwithstanding any of the limitations of section 104
of the Gramm-Leach-Bliley Act.
`(8) Under the Federal Trade Commission Act, by the Federal Trade
Commission for--
`(A) any other financial institution (other than a person engaged in
providing insurance) or any other person that is not subject to the
jurisdiction of any agency or authority under paragraphs (1) through (6)
of this subsection; and
`(B) any person engaged in providing insurance who is domiciled in a
State that does not elect to become a participating State.
`(b) ENFORCEMENT OF SECTION 501-
`(1) IN GENERAL- Except as provided in paragraph (2), the agencies and
authorities described in subsection (a) shall implement the standards
prescribed under section 501(b) in the same manner, to the extent
practicable, as standards prescribed pursuant to subsection (a) of section
39 of the Federal Deposit Insurance Act are implemented pursuant to such
section.
`(2) EXCEPTION- The agencies and authorities described in paragraphs
(3), (4), (5), (7), and (8) of subsection (a) shall implement the standards
prescribed under section 501(b) by rule with respect to the financial
institutions subject to their respective jurisdictions under subsection
(a).
`(c) STATE ACTION FOR VIOLATIONS-
`(1) AUTHORITY OF STATES- In addition to such other remedies as are
provided under State law, if the chief law enforcement officer of a State,
or an official or agency designated by a State, has reason to believe that
any person has violated or is violating this subtitle or a rule prescribed
under this subtitle, other than section 501 or a rule prescribed under such
section, the State--
`(A) may bring an action to enjoin such violation in any appropriate
United States district court or in any other court of competent
jurisdiction; and
`(B) may bring an action on behalf of the residents of the State to
enforce compliance with such rule, to obtain damages, restitution, or
other compensation on behalf of residents of such State, or to obtain such
further and other relief as the court may deem appropriate.
`(2) RIGHTS OF FEDERAL REGULATORS-
`(A) PRIOR NOTICE- The State shall serve prior written notice of any
action under paragraph (1) upon the Federal Trade Commission and provide
the Federal Trade Commission with a copy of its complaint, except in any
case in which such prior notice is not feasible, in which case the State
shall serve such notice immediately upon instituting such action.
`(B) RIGHT TO INTERVENE- The Federal Trade Commission shall transmit
the notice received under subparagraph (A) to the agency or authority that
has jurisdiction of the subject of the complaint, and such agency or
authority shall have the right--
`(i) to intervene in an action under paragraph (1);
`(ii) upon so intervening, to be heard on all matters arising
therein;
`(iii) to remove the action to the appropriate United States
district court; and
`(iv) to file petitions for appeal.
`(3) INVESTIGATORY POWERS- For purposes of bringing any action under
this subsection, no provision of this subsection shall be construed as
preventing the chief law enforcement officer, or an official or agency
designated by a State, from exercising the powers conferred on the chief law
enforcement officer or such official by the laws of such State to conduct
investigations or to administer oaths or affirmations or to compel the
attendance of witnesses or the production of documentary and other
evidence.
`(4) LIMITATION ON STATE ACTION WHILE FEDERAL ACTION PENDING- If a
Federal agency or authority has instituted a civil action for a violation of
this subtitle, no State may, during the pendency of such action, bring an
action under this section against any defendant named in the complaint of
the Federal agency or authority or such agency for any violation of this
subtitle that is alleged in that complaint.
`(d) DEFINITIONS- The terms used in subsection (a)(1) that are not defined
in this subtitle or otherwise defined in section 3(s) of the Federal Deposit
Insurance Act shall have the meaning given to them in section 1(b) of the
International Banking Act of 1978.
`SEC. 505. FAIR CREDIT REPORTING ACT AMENDMENT.
`(a) AMENDMENT- Section 621 of the Fair Credit Reporting Act (15 U.S.C.
1681s) is amended--
`(1) in subsection (d), by striking everything following the end of the
second sentence; and
THIS SEARCH THIS DOCUMENT GO TO
Next Hit Forward New Bills Search
Prev Hit Back HomePage
Hit List Best Sections Help
Doc Contents