By: Giddings H.B. No. 3820
A BILL TO BE ENTITLED
AN ACT
relating to a consumer's option to prevent the sale of the
consumer's financial information by a financial institution;
providing a civil penalty.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subtitle Z, Title 3, Finance Code, is amended by
adding Chapter 279 to read as follows:
CHAPTER 279. SALE OF CONSUMER'S FINANCIAL INFORMATION
Sec. 279.001. DEFINITIONS. In this chapter:
(1) "Affiliate of a financial institution" means a
person who controls, is controlled by, or is under common control
with the financial institution. In this subdivision, "control"
means the possession, directly or indirectly, of the power to
direct or cause the direction of the management and policies of a
person, whether through the ownership of voting securities, by
contract, or otherwise.
(2) "Consumer" means an individual resident of this
state, or the legal representative of an individual resident of
this state, who obtains a financial product or service for
personal, family, or household purposes.
(3) "Financial information" means information, other
than information that a financial institution has a reasonable
basis to believe is lawfully made available to the general public,
obtained by a financial institution in connection with providing a
financial product or service to a consumer, including:
(A) information provided on an application for a
loan, credit card, or other financial product or service;
(B) account balance information;
(C) payment or overdraft history;
(D) credit or debit purchase information;
(E) information that indicates whether an
individual is or has been a consumer of a financial institution;
(F) information obtained in connection with
collecting on or servicing a loan; or
(G) information from a consumer report.
(4) "Financial institution" has the meaning assigned
by Section 201.101.
(5) "Joint Agreement" means a formal written contract
pursuant to which two or more institutions jointly offer, endorse,
or sponsor a financial product or service.
(6) "Financial product or service" means any product
or service that a financial holding company could offer by engaging
in an activity that is financial in nature or incidental to such
financial activity under section 4(k) of the Bank Holding Company
Act of 1956 (12 USC 1843 (k)).
Sec. 279.002. EXCEPTIONS. This chapter does not apply to
the sale of a consumer's financial information as necessary to:
(1) effect, administer, or enforce a transaction
requested or authorized by the consumer to protect against or
prevent actual or potential fraud, unauthorized transactions,
claims, or other liability; or
(2) comply with a federal or state law, rule, or
regulation.
Sec. 279.003. AUTHORIZATION REQUIRED FOR SALE OF FINANCIAL
INFORMATION. (a) A financial institution may sell a consumer's
financial information to another person only if the consumer
authorizes the sale of the information as provided by this chapter.
(b) A financial institution may sell a consumer's financial
information to an affiliate of the financial institution or to a
financial institution that offers financial products or services
which the financial institution has entered into a joint agreement.
An affiliate of a financial institution who receives a consumer's
financial information from a financial institution or a financial
institution with which the financial institution has entered into a
joint agreement may sell the information only if the consumer
authorizes the financial institution to sell the information as
provided by this chapter.
Sec. 279.004. PRIVACY NOTICE AND AUTHORIZATION FOR SALE.
(a) A financial institution shall provide a written privacy notice
to:
(1) each consumer who is transacting business with or
using the services of the financial institution; and
(2) a consumer who begins a relationship with the
financial institution at the time the financial institution first
communicates in writing or in person with the consumer.
(b) The privacy notice shall:
(1) inform the consumer that the financial institution
may not sell the consumer's financial information if the consumer
does not authorize the sale of the information; and
(2) provide a form that the consumer may sign and
return to the financial institution to indicate that the consumer
authorizes the financial institution to sell the consumer's
financial information.
(c) A financial institution may sell a consumer's financial
information only after the financial institution receives the form
authorizing the sale of the information.
(d) A financial institution that does not sell a consumer's
financial information to a person other than an affiliate of the
financial institution is not required to provide a privacy notice
to a consumer under this section.
Sec. 279.005. WITHDRAWAL OF AUTHORIZATION FOR SALE OF
INFORMATION. A consumer who has authorized the sale of financial
information under Section 279.004 may at any time withdraw the
authorization in writing. The withdrawal of an authorization is
effective on the date the financial institution receives the
withdrawal.
Sec. 279.006. JOINT RELATIONSHIPS. (a) If two or more
consumers jointly obtain a financial product or service, the
financial institution may provide a privacy notice to one or all of
the consumers.
(b) If a consumer authorizes the sale of the consumer's
financial information as provided by this chapter, the financial
institution may sell any financial information relating to that
consumer, including information relating to a jointly obtained
product or service.
(c) If a consumer who does not authorize the sale of the
consumer's financial information as provided by this chapter
jointly obtains a financial product or service with another
consumer who has authorized the sale, the financial institution may
sell only the financial information of the first consumer that
relates to the jointly obtained product or service.
Sec. 279.007. FINANCIAL INSTITUTION MAY NOT REQUIRE
AUTHORIZATION. A financial institution may not require a
consumer's authorization for the sale of the consumer's financial
information as a condition of doing business with the financial
institution. A consent or waiver obtained from a consumer as a
condition of doing business with a financial institution is not
valid.
Sec. 279.008. LIABILITY. A person is liable to a consumer
for an intentional violation of this chapter in an amount equal to
the greater of:
(1) $1,000; or
(2) actual damages caused by the sale of the financial
information.
Sec. 279.009. CIVIL PENALTY. (a) A person who knowingly
violates this chapter is liable to the state for a civil penalty in
an amount not to exceed $1,000 for each violation. The attorney
general or the prosecuting attorney in the county in which the
violation occurs may bring:
(1) a suit to recover the civil penalty imposed under
this section; and
(2) an action in the name of the state to restrain or
enjoin a person from violating this chapter.
(b) The attorney general or the prosecuting attorney in the
county in which the violation occurs, as appropriate, is entitled
to recover reasonable expenses incurred in obtaining injunctive
relief, civil penalties, or both, under this section, including
reasonable attorney's fees, court costs, and investigatory costs.
SECTION 2. (a) A financial institution shall provide each
person who is transacting business with or using the services of a
financial institution on the effective date of this Act a privacy
notice as required by Section 279.004, Finance Code, as added by
this Act, not later than November 1, 2011.
(b) A financial institution may not sell a consumer's
financial information after March 1, 2012, unless authorized by the
consumer under Chapter 279, Finance Code, as added by this Act. For
purposes of this subsection, a sale occurs on the earlier of the
date an enforceable agreement to sell information is made or the
date the information being sold is disclosed.
SECTION 3. This Act takes effect September 1, 2011.