Federal Court Ruling – California Can Enforce Privacy Law

Sacramento – US District Court Judge Morrison C. England, Jr. ruled against banks and credit grantors today, in what may become a landmark decision, dismissing a law suit that was brought against the State of California’s new privacy law. The law, which provides consumers the strongest privacy protection in the country, is set to go into effect on July 1, 2004.

Among other things, California’s new privacy law regulates how financial institutions can use consumer data. This legislation was signed into effect late in 2003 but it has been widely speculated that it would have little effect on financial institutions and credit grantors. The reason for this is that in December, 2003 Congress passed the Fair and Accurate Credit Transactions Act, or FACTA.

FACTA amended the Fair Credit Reporting Act (FCRA) and placed a permanent moratorium on the states from passing stronger privacy legislation than the Federal Government.

The law suit that England ruled upon was brought by the Consumer Bankers Association, the Financial Services Roundtable and the American Bankers Association. They had argued that the FACTA amendments to the FCRA forbid states from imposing regulations on financial institutions that regulate the sharing of consumer data with their “affiliate” companies. They argued that FACTA allowed them to share customer information that includes “credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living." Judge England disagreed.

Ruling that the FCRA covered only credit reporting and not financial privacy, and further stating that financial privacy matters were governed by the Gramm-Leach Bliley Act, which specifically allows the States to pass stronger privacy laws than the Federal Government, he dismissed the trade groups’ law suit.

The new California law requires financial institutions to provide California consumers with a means to opt-out of affiliate information sharing when the affiliate companies are not in the same line of business. This includes the sharing of information by banks with insurance companies, even if the same parent company owns both of them.

This ruling should give privacy activists hope that the States do have power to regulate privacy matters.

by Jim Malmberg
mailto:jmalmber@pacbell.net