By: Ellis S.B. No. 163
A BILL TO BE ENTITLED
AN ACT
relating to a consumer's option to prevent the sale of the
consumer's financial information by a financial institution;
providing for civil liability.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subtitle Z, Title 3, Finance Code, is amended by
adding Chapter 279 to read as follows:
CHAPTER 279. SALE OF CONSUMER'S FINANCIAL INFORMATION
Sec. 279.001. DEFINITIONS. In this chapter:
(1) "Affiliate" with respect to a person means another
person who controls, is controlled by, or is under common control
with the person. In this subdivision, "control" means the
possession, directly or indirectly, of the power to direct or cause
the direction of the management and policies of a person, whether
through the ownership of voting securities, by contract, or
otherwise.
(2) "Consumer" means an individual resident of this
state, or the legal representative of an individual resident of
this state, who obtains a financial product or service for
personal, family, or household purposes.
(3) "Financial information" means information, other
than information that a financial institution has a reasonable
basis to believe is lawfully made available to the general public,
obtained by a financial institution in connection with providing a
financial product or service to a consumer, including:
(A) information provided on an application for a
loan, credit card, or other financial product or service;
(B) account balance information;
(C) payment or overdraft history;
(D) credit or debit purchase information;
(E) information obtained in connection with
collecting on or servicing a loan; or
(F) information from a consumer report.
(4) "Financial institution" has the meaning assigned
by Section 201.101.
Sec. 279.002. APPLICABILITY. This chapter does not apply
to:
(1) the sale of information that is incidental to a
transaction having a primary purpose other than the sale of
information, including the sale of a loan or of a business; or
(2) the disclosure of information to:
(A) a private collection agency for the purpose
of collecting a delinquent payment;
(B) a federal, state, or local governmental
entity for a legitimate governmental purpose; or
(C) a private vendor as necessary to allow the
vendor to perform a service for the governmental entity under a
contract with the governmental entity.
Sec. 279.003. AUTHORIZATION REQUIRED FOR SALE OF FINANCIAL
INFORMATION. (a) A financial institution may sell a consumer's
financial information to another person only if the consumer
authorizes the sale of the information as provided by this chapter.
(b) A financial institution may sell a consumer's financial
information without the consumer's authorization to an affiliate of
the financial institution.
(c) A financial institution may sell a consumer's financial
information to another financial institution for the purpose of
marketing the financial institution's products or services offered
under a joint agreement between the institutions without the
authorization required by Subsection (a) if the selling financial
institution is required to notify the consumer of the disclosure of
the information under the Gramm-Leach-Bliley Act (15 U.S.C. Section
6802(b)(2).
(d) An affiliate or financial institution that receives a
consumer's financial information under Subsection (b) or (c) may
sell the information to a person who is not an affiliate of that
affiliate or financial institution only if the consumer authorizes
that affiliate or financial institution to sell the information as
provided by this chapter.
Sec. 279.004. PRIVACY NOTICE AND AUTHORIZATION FOR SALE.
(a) A financial institution shall provide a written privacy notice
to:
(1) each consumer who is transacting business with or
using the services of the financial institution; and
(2) a consumer who begins a relationship with the
financial institution at the time the financial institution first
communicates in writing or in person with the consumer.
(b) The privacy notice shall:
(1) be in at least 10-point type that is boldfaced,
capitalized, or underlined or otherwise conspicuously set out from
the surrounding written material;
(2) inform the consumer that the financial institution
may not sell the consumer's financial information if the consumer
does not authorize the sale of the information; and
(3) provide a form that the consumer may sign and
return to the financial institution to indicate that the consumer
authorizes the financial institution to sell the consumer's
financial information.
(c) A financial institution may sell a consumer's financial
information only after the financial institution receives the form
authorizing the sale of the information.
(d) A financial institution that does not sell a consumer's
financial information to a person other than an affiliate of the
financial institution is not required to provide a privacy notice
to a consumer under this section. A financial institution that does
not sell a consumer's financial information to a person other than
another financial institution under a joint agreement as provided
by Section 279.003(c) is not required to provide a privacy notice
under this section but must provide any similar notice required by
other law.
Sec. 279.005. WITHDRAWAL OF AUTHORIZATION FOR SALE OF
INFORMATION. A consumer who has authorized the sale of financial
information under Section 279.004 may at any time withdraw the
authorization in writing. The withdrawal of an authorization is
effective on the date the financial institution receives the
withdrawal.
Sec. 279.006. JOINT RELATIONSHIPS. (a) If two or more
consumers jointly obtain a financial product or service, the
financial institution may provide a privacy notice to one or all of
the consumers.
(b) If a consumer authorizes the sale of the consumer's
financial information as provided by this chapter, the financial
institution may sell any financial information relating to that
consumer, including information relating to a jointly obtained
product or service.
(c) If a consumer who does not authorize the sale of the
consumer's financial information as required by this chapter
jointly obtains a financial product or service with another
consumer who has authorized the sale, the financial institution may
sell only the financial information of the first consumer that
relates to the jointly obtained product or service.
Sec. 279.007. FINANCIAL INSTITUTION MAY NOT REQUIRE
AUTHORIZATION. A financial institution may not require a
consumer's authorization for the sale of the consumer's financial
information as a condition of doing business with the financial
institution. A consent or waiver obtained from a consumer as a
condition of doing business with a financial institution is not
valid.
Sec. 279.008. LIABILITY. A person is liable to a consumer
for an intentional violation of this chapter in an amount equal to
the greater of:
(1) $1,000; or
(2) actual damages caused by the sale of the financial
information.
SECTION 2. (a) A financial institution shall provide each
person who is transacting business with or using the services of the
financial institution on the effective date of this Act a privacy
notice as required by Section 279.004, Finance Code, as added by
this Act, not later than the 60th day after the effective date of
this Act.
(b) A financial institution may not sell a consumer's
financial information after the 180th day after the effective date
of this Act unless authorized by the consumer under Chapter 279,
Finance Code, as added by this Act. For purposes of this
subsection, a sale occurs on the earlier of the date an enforceable
agreement to sell information is made or the date the information is
sold.
SECTION 3. This Act takes effect immediately if it receives
a vote of two-thirds of all the members elected to each house, as
provided by Section 39, Article III, Texas Constitution. If this
Act does not receive the vote necessary for immediate effect, this
Act takes effect September 1, 2009.