Permits an individual to bring a civil action, for punitive as well as compensatory or liquidated ($5,000) damages and attorneys fees, for violations of this Act.
[Congressional Bills 106th Congress]
[From the U.S. Government Publishing Office]
[S. 1924 Introduced in Senate (IS)]
106th CONGRESS
1st Session
S. 1924
To ensure personal privacy with respect to financial information, to
provide customers notice and choice about how their financial
institutions share or sell their personally identifiable sensitive
financial information, to provide for strong enforcement of these
rights, and to protect States' rights.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
November 16, 1999
Mr. Leahy (for himself, Mr. Bryan, Mr. Harkin, Mr. Durbin, Mr.
Feingold, and Mr. Robb) introduced the following bill; which was read
twice and referred to the Committee on Banking, Housing, and Urban
Affairs
_______________________________________________________________________
A BILL
To ensure personal privacy with respect to financial information, to
provide customers notice and choice about how their financial
institutions share or sell their personally identifiable sensitive
financial information, to provide for strong enforcement of these
rights, and to protect States' rights.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Financial Information Privacy and
Security Act''.
SEC. 2. DEFINITIONS.
In this Act--
(1) the term ``covered person'' means--
(A) a person that is subject to the jurisdiction of
any of the Federal banking agencies;
(B) a broker or dealer, or a person associated with
a broker or dealer, as those terms are defined in the
Securities Exchange Act of 1934;
(C) an investment advisor, as that term is defined
in section 202 of the Investment Advisors Act of 1940,
and any officer, director, partner, copartner, or
employee of such investment advisor; and
(D) an investment company, as that term is defined
in section 3 of the Investment Company Act of 1940, and
any officer, director, partner, copartner, or employee
of such investment company; and
(2) the term ``Federal financial regulatory authorities''
means--
(A) each of the Federal banking agencies, as that
term is defined in section 3(z) of the Federal Deposit
Insurance Act; and
(B) the Securities and Exchange Commission.
SEC. 3. PRIVACY OF CONFIDENTIAL CUSTOMER INFORMATION.
(a) Rulemaking.--The Federal financial regulatory authorities shall
jointly issue final rules to protect the privacy of confidential
customer information relating to the customers of covered persons, not
later than 270 days after the date of enactment of this Act (and shall
issue a notice of proposed rulemaking not later than 150 days after the
date of enactment of this Act), which rules shall--
(1) define the term ``confidential customer information''
to be personally identifiable data that includes social
security numbers, transactions, experiences, rejections,
balances, maturity dates, payouts, and payout dates, of--
(A) deposit and trust accounts;
(B) certificates of deposit;
(C) securities holdings; and
(D) insurance policies;
(2) require that a covered person may not disclose or share
any confidential customer information to or with any affiliate
or agent of that covered person if the customer to whom the
information relates has been provided written notice, as
described in paragraphs (4) and (5), to the covered person
prohibiting such disclosure or sharing--
(A) with respect to an individual that became a
customer on or after the effective date of such rules,
at the time at which the business relationship between
the customer and the covered person is initiated; and
(B) with respect to an individual that was a
customer before the effective date of such rules, at
such time thereafter that provides a reasonable and
informed opportunity to the customer to prohibit such
disclosure or sharing;
(3) require that a covered person may not disclose or share
any confidential customer information to or with any person
that is not an affiliate or agent of that covered person unless
the covered person has first--
(A) given written notice to the customer to whom
the information relates, as described in paragraphs (4)
and (5); and
(B) obtained the informed written or electronic
consent of that customer for such disclosures or
sharing;
(4) require that the covered person provide notices and
consent acknowledgments to customers, as required by this
section, in separate and easily identifiable and
distinguishable form;
(5) require that the covered person provide notice as
required by this section to the customer to whom the
information relates that describes what specific types of
information would be disclosed or shared, and under what
general circumstances, to what specific types of businesses or
persons, and for what specific types of purposes such
information could be disclosed or shared, and not less
frequently than annually thereafter;
(6) require that the customer to whom the information
relates be provided with access to the confidential customer
information that could be disclosed or shared so that the
information may be reviewed for accuracy and corrected or
supplemented;
(7) require that, before a covered person may use any
confidential customer information provided by a third party
that engages, directly or indirectly, in activities that are
financial in nature, as determined by the Federal financial
regulatory authorities, the covered person shall take
reasonable steps to assure that procedures that are
substantially similar to those described in paragraphs (2)
through (6) have been followed by the provider of the
information (or an affiliate or agent of that provider);
(8) establish a means of examination for compliance and
enforcement of such rules and resolving consumer complaints;
and
(9) require financial institutions within the jurisdiction
of the Federal financial regulatory authorities--
(A) to establish appropriate administrative,
technical, and physical safeguards to ensure protection
of the security and confidentiality of records of
confidential customer information; and
(B) to protect against any anticipated threats or
hazards to the security or integrity of such records
that could result in their unauthorized release or
disclosure.
(b) Limitation.--The rules prescribed pursuant to subsection (a)
may not prohibit the release of confidential customer information--
(1) that is essential to processing a specific financial
transaction that the customer to whom the information relates
has authorized;
(2) to a governmental, regulatory, or self-regulatory
authority having jurisdiction over the covered financial entity
for examination, compliance, or other authorized purposes;
(3) to a court of competent jurisdiction;
(4) to a consumer reporting agency, as defined in section
603 of the Fair Credit Reporting Act for inclusion in a
consumer report that may be released to a third party only for
a purpose permissible under section 604 of that Act; or
(5) that is not personally identifiable.
SEC. 4. CIVIL LIABILITY FOR NONCOMPLIANCE.
(a) In General.--Any individual whose rights under this Act have
been knowingly or negligently violated may bring a civil action to
recover--
(1) such preliminary and equitable relief as the court
determines to be appropriate; and
(2) the greater of compensatory damages or liquidated
damages of $5,000.
(b) Punitive Damages.--In any action brought under this section in
which the individual has prevailed because of a knowing violation of a
provision of this Act, the court may, in addition to any relief awarded
under subsection (a), award such punitive damages as may be warranted.
(c) Attorney's Fees.--In the case of a civil action brought under
subsection (a) in which the individual has substantially prevailed, the
court may assess against the respondent a reasonable attorney's fee and
other litigation costs and expenses (including expert fees) reasonably
incurred.
(d) Limitation.--No action may be commenced under this section more
than 3 years after the date on which the violation was or should
reasonably have been discovered.
(e) Agency.--A principal is jointly and severally liable with the
principal's agent for damages under this section for the actions of the
principal's agent acting within the scope of the agency.
(f) Additional Remedies.--The equitable relief or damages that may
be available under this section shall be in addition to any other
lawful remedy or award available.
SEC. 5. RELATION TO STATE LAWS.
(a) In General.--This Act shall not be construed as superseding,
altering, or affecting the statutes, regulations, orders, or
interpretations in effect in any State, except to the extent that such
statutes, regulations, orders, or interpretations are inconsistent with
the provisions of this Act, and then only to the extent of the
inconsistency.
(b) Greater Protection Under State Law.--For purposes of this Act,
a State statute, regulation, order, or interpretation is not
inconsistent with the provisions of this subtitle if the protection
such statute, regulation, order, or interpretation affords any person
is greater than the protection provided under this Act.
<all>
Introduced in Senate
Sponsor introductory remarks on measure. (CR S14614-14615)
Read twice and referred to the Committee on Banking.
Sponsor introductory remarks on measure. (CR S11778-11779)
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line