NY State Senate Bill 2009-S4618

Senate Bill S4618

2009-2010 Legislative Session

Makes provisions for privacy in banking, insurance, and other financial transactions, forbidding disclosure of personal information without prior consent

download bill text pdf

Archive: Last Bill Status - In Senate Committee Consumer Protection Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 06, 2010	referred to consumer protection
Apr 24, 2009	referred to consumer protection

co-Sponsors

View additional co-sponsors

2009-S4618 (ACTIVE) - Details

Current Committee:: Senate Consumer Protection
Law Section:: General Business Law
Laws Affected:: Add Art 29-AAAA §§522 - 522-i, Gen Bus L
Versions Introduced in Other Legislative Sessions:: 2011-2012: S3268
2013-2014: S3263

2009-S4618 (ACTIVE) - Summary

Makes provisions for privacy in banking, insurance, and other financial transactions, forbidding disclosure of personal information without prior consent granted by the customer to the financial institution; requires written notice of privacy policies and practices be given to customers; requires security and confidentiality safeguards; prohibits disclosure of account number or access code information

2009-S4618 (ACTIVE) - Sponsor Memo

                                 BILL NUMBER:  S4618

 TITLE OF BILL :
An act to amend the general business law, in relation to privacy in
banking, insurance, and other financial transactions


 PURPOSE :
The intent of this bill is to protect the privacy of individuals'
confidential financial information by prohibiting financial
institutions from disclosing such information without the individual's
consent.

 SUMMARY OF PROVISIONS :
Prohibits financial institutions from disclosing directly or through
an affiliate nonpublic personal information about customers to a
nonaffiliated third party without first obtaining the customer's
permission and requires financial institutions to establish safeguards
to ensure the confidentiality of records and protect against
anticipated threats or hazards to their security or integrity.
Requires financial institutions to provide a clear and conspicuous
written notice to individuals upon request, at the time a customer
relationship is established and annually thereafter, and specifies
what the notice must contain. Prohibits financial institutions from
disclosing an individual's account number or access code for a credit
account, deposit account or similar account to any nonaffiliated third

party for use in telemarketing, direct mail marketings or marketing
through electronic mail. Requires financial institutions to maintain
financial privacy notification records and retain copies of each
customer's approval of disclo- sures of confidential customer
information for at least four years.

 JUSTIFICATION :
Without adequate laws to place restrictions on the transfer of non
public information, information is transferred routinely to the
detriment of individuals' right to privacy. Once disclosed, it is very
difficult to prevent further dissemination of information. The federal
Financial Services Modernization Act of 1999 adopted an "opt-out"
provision for information sharing. This method places the burden on
the consumer to notify financial institution that they do not wish to
share their nonpublic information with third parties. Congress
specifically provided that states could enact more stringent privacy
protections. The "opt-out" approach does not go far enough to protect
personal financial information. Consumers are unaware of the
availability of the opt-out choice or do not know how to exercise it.
The burden of protection should fall on those who seek the benefit
most immediately from its disclosure -the financial institutions. The
opt-in approach is the only way to protect individuals' privacy and
protect against harassment and the illegal use of personal information
that could have devastating results on consumers' financial or credit
history. Personal financial information held by banks, insurance
companies an d securities firms, for example reveals specific details
of an individual's financial status and spending patterns.  The
unauthorized disclosure of such information has resulted in an
increase in identity fraud crimes; subjects unwary individuals to
unnecessary mail, telephone and Internet solicitations; and the loss
of confidence in financial institutions generally.

 LEGISLATIVE HISTORY :
2008 Referred to Consumer Protection.

 FISCAL IMPLICATIONS :
None.

 EFFECTIVE DATE :
November 1, 2010

2009-S4618 (ACTIVE) - Bill Text download pdf

                            
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  4618

                       2009-2010 Regular Sessions

                            I N  S E N A T E

                             April 24, 2009
                               ___________

Introduced  by  Sens.  ONORATO,  HASSELL-THOMPSON,  C. JOHNSON, KRUEGER,
  PARKER, SAMPSON, THOMPSON -- read twice and ordered printed, and  when
  printed to be committed to the Committee on Consumer Protection

AN  ACT  to  amend  the  general business law, in relation to privacy in
  banking, insurance, and other financial transactions

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The general business law is amended by adding a new article
29-AAAA to read as follows:
                             ARTICLE 29-AAAA
                      PRIVACY IN FINANCIAL SERVICES
SECTION 522.   LEGISLATIVE PURPOSE AND FINDINGS.
        522-A. DEFINITIONS.
        522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES.
        522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS.
        522-D. LIMITATIONS.
        522-E. LIMITS  ON  SHARING  OF  ACCOUNT  NUMBER  INFORMATION FOR
                 MARKETING PURPOSES.
        522-F. RECORD RETENTION.
        522-G. ENFORCEMENT BY THE ATTORNEY GENERAL.
        522-H. PRIVATE RIGHT OF ACTION.
        522-I. SEVERABILITY.
  S 522. LEGISLATIVE PURPOSE AND FINDINGS. THE LEGISLATURE HEREBY  FINDS
AND  DECLARES  THAT  THE RIGHT TO PRIVACY IS A FUNDAMENTAL RIGHT THAT IS
THREATENED BY THE ROUTINE TRANSFER OF INDIVIDUALS' PRIVATE  INFORMATION,
WHICH  IS OCCURRING IN TODAY'S COMPUTERIZED MARKETPLACE. PERSONAL FINAN-
CIAL INFORMATION, OFTEN ASSUMED TO  BE  PROTECTED  FROM  DISCLOSURE,  IS
FREQUENTLY  SOLD  OR DISCLOSED TO THIRD PARTIES FOR COMMERCIAL AND OTHER
PURPOSES WITHOUT THE INDIVIDUAL'S CONSENT.
  THE LEGISLATURE FURTHER  FINDS  AND  DECLARES  THAT  THE  UNAUTHORIZED
DISCLOSURE  OF  PERSONAL FINANCIAL INFORMATION BY FINANCIAL INSTITUTIONS

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD03755-01-9

S. 4618                             2

IS OF PARTICULAR CONCERN BECAUSE IT INCREASES THE LIKELIHOOD OF: IDENTI-
TY FRAUD CRIMES; OFFENSIVE AND  DECEPTIVE  SOLICITATIONS  BY  TELEPHONE,
POSTAL  MAIL,  AND ELECTRONIC MAIL; DENIAL OF SERVICES, INCLUDING INSUR-
ANCE,  EMPLOYMENT,  AND  HOUSING  BASED  UPON  AN INDIVIDUAL'S FINANCIAL
STATUS, INFORMATION ABOUT WHICH MAY NOT OTHERWISE HAVE BEEN  KNOWN;  AND
LOSS OF CONFIDENCE IN FINANCIAL INSTITUTIONS GENERALLY.
  THE  LEGISLATURE THEREFORE FINDS AND DECLARES THAT IT IS IN THE PUBLIC
AND STATE'S INTEREST TO  PROHIBIT  THE  DISCLOSURE  OF  AN  INDIVIDUAL'S
PERSONAL FINANCIAL INFORMATION WITHOUT THE EXPRESS CONSENT OF THAT INDI-
VIDUAL BEFORE SUCH INFORMATION IS DISCLOSED.
  S  522-A.  DEFINITIONS.  AS  USED IN THIS ARTICLE, THE FOLLOWING TERMS
SHALL HAVE THE FOLLOWING MEANINGS:
  (A) "FINANCIAL INSTITUTION" SHALL MEAN:
  (1) ANY FINANCIAL HOLDING COMPANY WITHIN THE MEANING OF SECTION 103 OF
THE FEDERAL GRAMM-LEACH-BLILEY ACT;
  (2) ANY PERSON OR ENTITY TO WHICH THE  BANKING  LAW  APPLIES  AND  ANY
BANK,  TRUST COMPANY, SAVINGS BANK, SAVINGS AND LOAN ASSOCIATION, CREDIT
UNION, MORTGAGE BROKER, MORTGAGE BANKER, LICENSED  LENDER,  AND  FOREIGN
BANKING  CORPORATION  INCORPORATED,  CHARTERED,  ORGANIZED,  OR LICENSED
UNDER THE LAWS OF THIS STATE, ANY OTHER STATE,  OR  THE  UNITED  STATES,
WHETHER HEADQUARTERED WITHIN OR OUTSIDE OF THIS STATE;
  (3)  ANY  INSURANCE COMPANY OR OTHER ENTITY AUTHORIZED TO DO INSURANCE
BUSINESS IN THIS STATE; AND
  (4) ANY BROKER OR DEALER REGISTERED UNDER THE SECURITIES EXCHANGE  ACT
OF NINETEEN HUNDRED THIRTY-FOUR, AS AMENDED.
  (B)  "AFFILIATE"  SHALL  MEAN ANY COMPANY THAT CONTROLS, IS CONTROLLED
BY, OR IS UNDER COMMON CONTROL WITH ANOTHER COMPANY.
  (C) "CUSTOMER" SHALL MEAN ANY INDIVIDUAL WHO OBTAINS FROM A  FINANCIAL
INSTITUTION  A PRODUCT OR SERVICE WHICH IS INTENDED TO BE USED PRIMARILY
FOR PERSONAL, FAMILY, OR HOUSEHOLD PURPOSES, AND ALSO  MEANS  THE  LEGAL
REPRESENTATIVE OF THAT INDIVIDUAL.
  (D)  "COMPANY"  SHALL MEAN ANY CORPORATION, LIMITED LIABILITY COMPANY,
LIMITED LIABILITY PARTNERSHIP, BUSINESS TRUST, GENERAL OR LIMITED  PART-
NERSHIP, ASSOCIATION, OR SIMILAR ORGANIZATION.
  (E) "CONTROL" OF A COMPANY SHALL MEAN:
  (1)  OWNERSHIP,  CONTROL, OR POWER TO VOTE TWENTY-FIVE PERCENT OR MORE
OF THE OUTSTANDING SHARES OF ANY CLASS OF VOTING SECURITY OF THE  COMPA-
NY, DIRECTLY OR INDIRECTLY, OR ACTING THROUGH ONE OR MORE OTHER PERSONS;
  (2)  CONTROL  IN  ANY  MANNER  OVER  THE ELECTION OF A MAJORITY OF THE
DIRECTORS, TRUSTEES, OR  GENERAL  PARTNERS  (OR  INDIVIDUALS  EXERCISING
SIMILAR FUNCTIONS) OF THE COMPANY; OR
  (3)  THE  POWER  TO  EXERCISE,  DIRECTLY  OR INDIRECTLY, A CONTROLLING
INFLUENCE OVER THE MANAGEMENT OR POLICIES OF THE COMPANY.
  (F) "NONAFFILIATED THIRD PARTY" SHALL MEAN ANY  ENTITY  OR  INDIVIDUAL
THAT  IS  NOT  AN AFFILIATE OF, OR RELATED BY COMMON OWNERSHIP OR AFFIL-
IATED BY CORPORATE CONTROL WITH, THE FINANCIAL INSTITUTION, BUT DOES NOT
INCLUDE A PERSON EMPLOYED JOINTLY BY A  FINANCIAL  INSTITUTION  AND  ANY
COMPANY THAT IS NOT SUCH FINANCIAL INSTITUTION'S AFFILIATE.
  (G) "NONPUBLIC PERSONAL INFORMATION" SHALL MEAN NON-MEDICAL PERSONALLY
IDENTIFIABLE INFORMATION:
  (1) PROVIDED BY A CUSTOMER TO A FINANCIAL INSTITUTION;
  (2) RESULTING   FROM  ANY  TRANSACTION  WITH  A  CUSTOMER  OR  SERVICE
PERFORMED FOR THE CUSTOMER; OR
  (3) OTHERWISE OBTAINED DIRECTLY OR INDIRECTLY BY THE FINANCIAL  INSTI-
TUTION, OTHER THAN PUBLICLY AVAILABLE INFORMATION.

S. 4618                             3

  (H)  "PUBLICLY  AVAILABLE  INFORMATION"  SHALL  MEAN  INFORMATION MADE
AVAILABLE TO THE GENERAL PUBLIC THAT IS OBTAINED FROM:
  (1) FEDERAL, STATE, AND LOCAL GOVERNMENT RECORDS;
  (2) WIDELY DISTRIBUTED MEDIA;
  (3)  DISCLOSURES TO THE GENERAL PUBLIC THAT ARE REQUIRED TO BE MADE BY
FEDERAL, STATE, OR LOCAL LAW.
  S 522-B. NOTICE OF PRIVACY POLICIES AND PRACTICES.   (A)  A  FINANCIAL
INSTITUTION  MUST  PROVIDE A CLEAR AND CONSPICUOUS WRITTEN NOTICE, ENTI-
TLED "FINANCIAL PRIVACY NOTICE",  WRITTEN  IN  ACCORDANCE  WITH  SECTION
5-702  OF  THE GENERAL OBLIGATIONS LAW, TO ANY INDIVIDUAL, UPON REQUEST,
AND TO ANY INDIVIDUAL WITH WHOM THE FINANCIAL INSTITUTION ESTABLISHES  A
CUSTOMER  RELATIONSHIP  AT  THE  TIME  A CUSTOMER RELATIONSHIP IS ESTAB-
LISHED, AND AT LEAST ANNUALLY THEREAFTER.  SUCH NOTICE SHALL BE GIVEN AT
THE TIME AN ACCOUNT IS OPENED; AT THE TIME A LOAN, MORTGAGE,  OR  CREDIT
APPLICATION IS MADE, REGARDLESS OF WHETHER THE LOAN, MORTGAGE, OR CREDIT
IS  EXTENDED; AT THE TIME A LOAN, MORTGAGE, OR CREDIT IS GRANTED; AT THE
TIME AN APPLICATION  IS  MADE  FOR  INSURANCE  OR  INVESTMENT  SERVICES,
REGARDLESS   OF  WHETHER  SUCH  INSURANCE  OR  INVESTMENT  SERVICES  ARE
EXTENDED; AT THE TIME INSURANCE OR INVESTMENT SERVICES ARE EXTENDED;  OR
AT THE TIME THE INDIVIDUAL ENTERS INTO ANY OTHER FORM OF FINANCIAL TRAN-
SACTION WITH THE FINANCIAL INSTITUTION.
  (B) THE NOTICE SHALL CLEARLY AND CONSPICUOUSLY STATE OR DESCRIBE:
  (1)  THE  SPECIFIC  TYPES  OF  NONPUBLIC PERSONAL INFORMATION THAT THE
FINANCIAL INSTITUTION MAY DISCLOSE;
  (2) THE CIRCUMSTANCES UNDER WHICH DISCLOSURE MAY OR WILL BE MADE;
  (3) THE SPECIFIC TYPES OF NONAFFILIATED THIRD PARTIES TO WHICH DISCLO-
SURE MAY OR WILL BE MADE;
  (4) THE PROBABLE USES THAT WILL BE MADE OF THE INFORMATION AFTER IT IS
DISCLOSED;
  (5) THAT DISCLOSURE WILL BE LIMITED TO THE CONDITIONS SET FORTH IN THE
NOTICE;
  (6) THAT THE CUSTOMER HAS THE RIGHT TO REVOKE THE CONSENT  TO  DISCLO-
SURE OF SUCH INFORMATION AT ANY TIME;
  (7) THAT A NEW AUTHORIZATION WILL BE SOUGHT FROM THE CUSTOMER PRIOR TO
THE  DISCLOSURE  OF  ANY  NONPUBLIC  PERSONAL  INFORMATION RELATING TO A
CUSTOMER OTHER THAN UNDER THE CONDITION  SET  FORTH  IN  THE  NOTICE  OR
FOLLOWING REVOCATION OF THE CONSENT;
  (8) WHETHER OR NOT THE FINANCIAL INSTITUTION WILL RECEIVE COMPENSATION
FOR THE DISCLOSURE;
  (9) THAT A DENIAL OF APPROVAL WILL NOT ADVERSELY AFFECT THE CUSTOMER'S
FINANCIAL RELATIONSHIP WITH THE INSTITUTION;
  (10)  AN  EXPIRATION  DATE  OF NO MORE THAN TWO YEARS FROM THE DATE OF
EXECUTION OF THE FORM; AND
  (11) A SPACE FOR THE CUSTOMER'S SIGNATURE AND THE DATE OF EXECUTION OF
THE FORM.
  S 522-C. PRIVACY OF NONPUBLIC PERSONAL INFORMATION OF CUSTOMERS.   (A)
EXCEPT  AS  OTHERWISE  EXPRESSLY  PROVIDED  IN THIS ARTICLE, A FINANCIAL
INSTITUTION SHALL NOT DIRECTLY OR THROUGH AN AFFILIATE DISCLOSE  NONPUB-
LIC PERSONAL INFORMATION ABOUT A CUSTOMER TO A NONAFFILIATED THIRD PARTY
UNLESS  THE FINANCIAL INSTITUTION HAS FIRST GIVEN WRITTEN NOTICE COMPLY-
ING WITH THIS ARTICLE TO THE CUSTOMER TO WHOM THE  INFORMATION  RELATES,
AND  HAS OBTAINED THE SIGNED AND DATED, WRITTEN OR ELECTRONIC CONSENT OF
THAT CUSTOMER FOR SUCH DISCLOSURE, WHICH CONSENT IS EFFECTIVE AS OF  THE
TIME  OF THE DISCLOSURE.  IN ADDITION, NO DISCLOSURE OF SUCH INFORMATION
SHALL BE MADE AFTER RECEIPT BY THE FINANCIAL INSTITUTION  OF  REVOCATION
OF  ANY CONSENT PREVIOUSLY GIVEN, UNLESS AND UNTIL THE CUSTOMER EXECUTES

S. 4618                             4

A NEW CONSENT FORM.   A FINANCIAL INSTITUTION  SHALL  NOT,  DIRECTLY  OR
THROUGH  AN  AFFILIATE, DISCLOSE NONPUBLIC PERSONAL INFORMATION RELATING
TO AN INDIVIDUAL WHO APPLIES FOR A LOAN,  MORTGAGE,  CREDIT,  INSURANCE,
INVESTMENT  SERVICE, OR ANY OTHER PRODUCT OR SERVICE OFFERED BY A FINAN-
CIAL INSTITUTION, REGARDLESS OF WHETHER OR NOT SUCH INDIVIDUAL PURCHASES
SUCH PRODUCT OR SERVICE, UNLESS  THE  FINANCIAL  INSTITUTION  HAS  FIRST
GIVEN  WRITTEN NOTICE COMPLYING WITH THIS ARTICLE TO SUCH INDIVIDUAL AND
HAS OBTAINED SUCH INDIVIDUAL'S SIGNED AND DATED  WRITTEN  OR  ELECTRONIC
CONSENT.
  (B)  NO  FINANCIAL INSTITUTION SHALL DISCRIMINATE AGAINST ANY CUSTOMER
ON THE BASIS OF THE CUSTOMER'S DENIAL OF CONSENT TO  THE  DISCLOSURE  OF
HIS OR HER NONPUBLIC PERSONAL INFORMATION.
  (C) EVERY FINANCIAL INSTITUTION SHALL ESTABLISH APPROPRIATE SAFEGUARDS
TO ENSURE THE SECURITY AND CONFIDENTIALITY OF RECORDS CONTAINING NONPUB-
LIC  PERSONAL INFORMATION AND TO PROTECT AGAINST ANY ANTICIPATED THREATS
OR HAZARDS TO THEIR SECURITY OR INTEGRITY THAT COULD RESULT  IN  SIGNIF-
ICANT  HARM,  EMBARRASSMENT,  OR INCONVENIENCE TO ANY DATA SUBJECT ABOUT
WHOM INFORMATION IS MAINTAINED.
  S 522-D. LIMITATIONS.  (A) NOTWITHSTANDING THE PROVISIONS  OF  SECTION
FIVE HUNDRED TWENTY-TWO-C OF THIS ARTICLE, A FINANCIAL INSTITUTION SHALL
NOT  BE PROHIBITED FROM DISCLOSING NONPUBLIC PERSONAL INFORMATION RELAT-
ING TO A CUSTOMER UNDER THE FOLLOWING CIRCUMSTANCES:
  (1) WHEN SPECIFICALLY AUTHORIZED BY THE CUSTOMER;
  (2) WHEN NECESSARY TO MAINTAIN OR SERVICE THE CUSTOMER'S ACCOUNT  WITH
THE FINANCIAL INSTITUTION;
  (3)  TO  ANY PERSON OR ORGANIZATION PROVIDING PROFESSIONAL SERVICES TO
THE FINANCIAL INSTITUTION, INCLUDING, BUT NOT LIMITED TO, AN  ACCOUNTANT
ENGAGED BY THE FINANCIAL INSTITUTION TO PREPARE AN INDEPENDENT AUDIT, AN
ATTORNEY PERFORMING A SERVICE ON BEHALF OF THE FINANCIAL INSTITUTION, OR
AN  AGENT  OR  OTHER  PERSON  REPRESENTING  THE FINANCIAL INSTITUTION IN
COLLECTING A DEBT OR OTHERWISE SECURING PAYMENT OF A LOAN OR ADVANCE;
  (4) WHEN THE FINANCIAL INSTITUTION ENTERS INTO A WRITTEN CONTRACT WITH
A NONAFFILIATED  THIRD  PARTY  TO  MARKET  THE  FINANCIAL  INSTITUTION'S
PRODUCTS OR SERVICES;
  (5) TO PROTECT THE CONFIDENTIALITY OR SECURITY OF ITS RECORDS PERTAIN-
ING TO THE CUSTOMER, THE SERVICE OR PRODUCT, OR THE TRANSACTION THEREIN,
OR TO PROTECT AGAINST OR PREVENT ACTUAL OR POTENTIAL FRAUD, UNAUTHORIZED
TRANSACTIONS, CLAIMS, OR OTHER LIABILITY;
  (6) TO PROVIDE INFORMATION TO APPLICABLE RATING AGENCIES OF THE FINAN-
CIAL INSTITUTION AND PERSONS ASSESSING THE INSTITUTION'S COMPLIANCE WITH
INDUSTRY STANDARDS;
  (7)  WHEN  THE  FINANCIAL  INSTITUTION  IS  COMPELLED  TO DISCLOSE THE
CONTENTS OF  THE  INFORMATION  PURSUANT  TO  LAWFUL  SUBPOENA,  SUMMONS,
WARRANT, OR COURT ORDER;
  (8) WHEN DISCLOSURE IS REQUIRED BY FEDERAL OR STATE LAW OR REGULATION;
  (9)  TO  A  CREDIT-REPORTING AGENCY, AS DEFINED BY SECTION SIX HUNDRED
THREE OF THE FEDERAL FAIR CREDIT  REPORTING  ACT,  FOR  INCLUSION  IN  A
CONSUMER  REPORT  THAT  MAY  BE  RELEASED TO A THIRD PARTY FOR A PURPOSE
PERMISSIBLE UNDER SECTION SIX HUNDRED FOUR OF SUCH ACT;
  (10) TO GOVERNMENT ENTITIES; OR
  (11) TO THE FINANCIAL INSTITUTION'S BOND OR INSURANCE  COMPANIES  WHEN
THE  FINANCIAL  INSTITUTION HAS INFORMATION RELATIVE TO A CLAIM PURSUANT
TO ITS BOND OR DIRECTOR'S AND OFFICER'S LIABILITY  INSURANCE  POLICY  OR
OTHER INSURANCE COVERAGE.
  (B)  PRIOR  TO RELEASE OF NONPUBLIC PERSONAL INFORMATION RELATING TO A
CUSTOMER  AUTHORIZED  BY  SUBDIVISION  (A)  OF  SECTION   FIVE   HUNDRED

S. 4618                             5

TWENTY-TWO-C  OF  THIS  ARTICLE, OR AUTHORIZED BY PARAGRAPHS TWO, THREE,
FOUR, FIVE, SIX, TEN, OR ELEVEN OF SUBDIVISION (A) OF THIS SECTION,  THE
FINANCIAL  INSTITUTION SHALL ENTER INTO A CONTRACTUAL AGREEMENT WITH ANY
THIRD  PARTY  RECEIVING  SUCH  NONPUBLIC  PERSONAL  CUSTOMER INFORMATION
PROHIBITING SUCH THIRD PARTY FROM DISCLOSING SUCH INFORMATION AND LIMIT-
ING THE THIRD PARTY'S USE OF SUCH INFORMATION SOLELY TO THE PURPOSES FOR
WHICH THE INFORMATION IS DISCLOSED OR OTHERWISE PERMITTED BY SUBDIVISION
(A) OF THIS SECTION.
  S 522-E. LIMITS ON SHARING OF ACCOUNT NUMBER INFORMATION FOR MARKETING
PURPOSES.  A FINANCIAL INSTITUTION SHALL NOT,  DIRECTLY  OR  THROUGH  AN
AFFILIATE,  DISCLOSE,  OTHER  THAN  TO  A  CONSUMER REPORTING AGENCY, AN
ACCOUNT NUMBER OR SIMILAR FORM OF ACCESS NUMBER OR  ACCESS  CODE  FOR  A
CREDIT ACCOUNT, DEPOSIT ACCOUNT, OR TRANSACTION ACCOUNT OF A CUSTOMER TO
ANY  NONAFFILIATED  THIRD  PARTY  FOR  USE IN TELEMARKETING, DIRECT MAIL
MARKETING, OR OTHER MARKETING THROUGH ELECTRONIC MAIL TO THE CUSTOMER.
  S 522-F. RECORD RETENTION. (A) A FINANCIAL INSTITUTION SHALL  MAINTAIN
RECORDS  OF FINANCIAL PRIVACY NOTIFICATION, AS REQUIRED IN THIS ARTICLE,
AND RETAIN COPIES OF EACH CUSTOMER'S APPROVAL OF DISCLOSURE OF CONFIDEN-
TIAL CUSTOMER INFORMATION OR WITHDRAWAL OF SUCH APPROVAL  FOR  AT  LEAST
FOUR YEARS.
  (B)  A  FINANCIAL INSTITUTION SHALL MAINTAIN RECORDS OF ALL COMPLAINTS
UNDER THIS ARTICLE, IF ANY, AND THEIR DISPOSITION  FOR  AT  LEAST  SEVEN
YEARS.
  S 522-G. ENFORCEMENT BY THE ATTORNEY GENERAL. IN ADDITION TO ANY OTHER
REMEDIES  PROVIDED, WHENEVER THERE SHALL BE A VIOLATION OF THIS ARTICLE,
APPLICATION MAY BE MADE BY THE ATTORNEY  GENERAL  IN  THE  NAME  OF  THE
PEOPLE  OF  THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDIC-
TION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE  TO
THE  DEFENDANT  OF  NOT  LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE
CONTINUANCE OF SUCH VIOLATIONS; AND IF IT SHALL APPEAR TO THE  SATISFAC-
TION  OF  THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED
THIS ARTICLE, AN INJUNCTION MAY BE ISSUED  BY  SUCH  COURT  OR  JUSTICE,
ENJOINING  THE  RESTRAINING  OF ANY FURTHER VIOLATION, WITHOUT REQUIRING
PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY.  IN
ANY  SUCH  PROCEEDINGS,  THE  COURT  MAY MAKE ALLOWANCES TO THE ATTORNEY
GENERAL AS PROVIDED IN PARAGRAPH  SIX  OF  SUBDIVISION  (A)  OF  SECTION
EIGHTY-THREE  HUNDRED  THREE  OF  THE  CIVIL PRACTICE LAW AND RULES, AND
DIRECT RESTITUTION. WHENEVER THE COURT SHALL DETERMINE THAT A  VIOLATION
OF  THIS  ARTICLE  HAS OCCURRED, THE COURT MAY IMPOSE A CIVIL PENALTY OF
NOT MORE THAN ONE THOUSAND DOLLARS FOR  EACH  VIOLATION.  IN  CONNECTION
WITH  ANY  SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED
TO TAKE PROOF AND MAKE A DETERMINATION OF  THE  RELEVANT  FACTS  AND  TO
ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRACTICE LAW AND RULES.
  S  522-H.  PRIVATE  RIGHT OF ACTION. IN THE EVENT THAT AN INDIVIDUAL'S
NONPUBLIC PERSONAL INFORMATION IS DISCLOSED BY A  FINANCIAL  INSTITUTION
IN  VIOLATION  OF  THIS ARTICLE, SUCH INDIVIDUAL MAY BRING AN ACTION FOR
RECOVERY OF DAMAGES. JUDGMENT SHALL BE  ENTERED  IN  AN  AMOUNT  NOT  TO
EXCEED THREE TIMES THE ACTUAL DAMAGES OR FIVE HUNDRED DOLLARS, WHICHEVER
IS GREATER. THE COURT MAY AWARD REASONABLE ATTORNEY'S FEES TO A PREVAIL-
ING PLAINTIFF.
  S 522-I. SEVERABILITY. IF ANY CLAUSE, SENTENCE, PARAGRAPH, SECTION, OR
PART  OF THIS ARTICLE SHALL BE ADJUDGED BY ANY COURT OF COMPETENT JURIS-
DICTION TO BE INVALID, SUCH JUDGMENT SHALL NOT AFFECT, IMPAIR, OR INVAL-
IDATE THE REMAINDER THEREOF, BUT SHALL BE CONFINED IN ITS  OPERATION  TO
THE  CLAUSE,  SENTENCE,  PARAGRAPH,  SECTION,  OR  PART THEREOF DIRECTLY

S. 4618                             6

INVOLVED IN THE CONTROVERSY IN  WHICH  SUCH  JUDGMENT  SHALL  HAVE  BEEN
RENDERED.
  S 2. This act shall take effect on the first of November next succeed-
ing the date on which it shall have become a law.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Senate Bill S4618

Share this bill

Sponsored By

George Onorato

Archive: Last Bill Status - In Senate Committee Consumer Protection Committee

co-Sponsors

Ruth Hassell-Thompson

Craig M. Johnson

Liz Krueger

Kevin S. Parker

2009-S4618 (ACTIVE) - Details

2009-S4618 (ACTIVE) - Summary

2009-S4618 (ACTIVE) - Sponsor Memo

2009-S4618 (ACTIVE) - Bill Text download pdf

Comments