Union Tribune

October 25, 2003

Privacy bill may curtail safeguards in state law
Congress is considering less-sweeping standards

By TOBY ECKERT
COPLEY NEWS SERVICE

WASHINGTON Two months after Gov. Gray Davis signed the nation's toughest financial privacy law, Congress is poised to gut major aspects of the California law and substitute less-sweeping consumer safeguards.

California Democratic Sens. Dianne Feinstein and Barbara Boxer have mounted a last-ditch effort to preserve the state standards, which, barring federal intervention, will take effect July 1. But they're fighting an uphill battle.

"It's going to be very difficult," Feinstein said.

Boxer spokesman David Sandretti added: "Obviously, there's a lot of momentum behind this thing. We're under no illusions here."

At issue is legislation Davis signed in August that allows Californians to keep banks, insurance agencies and other companies from sharing personal information about them such as bank balances and spending patterns with affiliated businesses.

But legislation moving through Congress would make permanent a federal law barring states from setting their own rules on how companies handle consumer data. Key parts of the privacy law, known as the Fair Credit Reporting Act, would otherwise expire Jan. 1.

The House passed the legislation in September, and the Senate is expected to take it up next week.

The information-sharing provisions have been the subject of intense lobbying, pitting businesses that oppose the California rules against consumer groups that want to preserve them.

The companies say a single national standard on data sharing is needed to ease transactions like mortgage approvals and credit card purchases. Otherwise, "you've got a patchwork of state laws that makes it very difficult to have an efficient, nationwide consumer reporting system," said Charlotte Birch, a spokeswoman for the American Bankers Association.

But consumer groups argue that Congress should impose the California standards nationwide. Under state law, companies within the corporate family of subsidiaries could swap data unless customers take action to deny permission, a process called "opt-out."

Critics say permanent federal legislation would weaken that provision.

However, the bill in Congress would not affect another component of the California law that requires companies to get customers' permission before sharing their data with nonaffiliated enterprises, a process called "opt-in."

Supporters of the state law accuse the financial services industry of turning to Congress to block the rules after having backed off their opposition in Sacramento.

Despite the concerns voiced by Californians, key federal lawmakers from both parties apparently see the congressional bill as a step forward for consumers.

The bill would entitle people to a free copy of their own credit reports and credit scores once a year, enable victims of identity theft to mark their reports so businesses can spot fraudulent financial transactions and allows consumers to keep some affiliated companies from sharing data about them for marketing purposes.

"I would have added more consumer protections, but I think, by and large, what we did here is quite constructive," Maryland Sen. Paul Sarbanes, the top Democrat on the Banking Committee, said when the panel approved the legislation in September.

But Feinstein and Boxer say the bill is riddled with loopholes. For instance, the marketing provision would not apply to consumers with a "pre-existing business relationship" with a company.

The senators plan to offer an amendment modeled on California's "opt-out" provision that would allow consumers to keep their financial information from being shared by some corporate affiliates.

Other amendments they are considering would tighten controls on medical information, ban the sale of people's Social Security numbers to the general public, increase penalties for identity theft and allow consumers to find out whether they were denied credit by a financial institution as a result of data supplied by an affiliated company.

The senators also advocated a one-year extension of the current federal law to "allow the Senate to fully debate the merits of the legislation early next year" since the current congressional session is drawing to a close.

Supporters of making the law permanent are fighting the moves.

"We're five yards from the finish line and they want to open up the bill to all kinds of amendments, despite the fact that it received overwhelming bipartisan support in the House and it cleared the Senate Banking panel unanimously," said Birch of the Bankers Association.

Although momentum seems to be going against them, consumer groups plan to maintain a drumbeat of opposition to the federal legislation.

"We're trying to raise the decibels because this is a disastrous bill for California," said Jamie Court, president of the Santa Monica-based Foundation for Taxpayer and Consumer Rights. "It strips Californians of their new privacy rights."

To dramatize its argument that widespread corporate data sharing endangers sensitive personal data, the Foundation hired a plane to skywrite the first five digits of Citigroup Chief Executive Charles Prince's Social Security number above the financial conglomerate's New York headquarters yesterday.

The group had previously bought the Social Security numbers of congressional leaders and top Bush administration officials including Attorney General John Ashcroft from Internet sites for as little as $26.

Also yesterday, a coalition of California consumer groups called on Gov.-elect Arnold Schwarzenegger to lobby on behalf of the state law when he visits Washington next week.

Copyright 2003 Union-Tribune Publishing Co.