HB 403: "An Act relating to personal financial information held by financial institutions; and providing for an effective date."
00 HOUSE BILL NO. 403 01 "An Act relating to personal financial information held by financial institutions; and 02 providing for an effective date." 03 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 04 * Section 1. The uncodified law of the State of Alaska is amended by adding a new section 05 to read: 06 LEGISLATIVE FINDINGS AND PURPOSE. (a) The legislature finds that 07 (1) the federal banking law known as the Gramm-Leach-Bliley Act (15 U.S.C. 08 6801 - 6809) makes it likely that the personal financial information of residents of the state 09 will be widely shared among, between, and within companies; 10 (2) 15 U.S.C. 6801 - 6809 (Gramm-Leach-Bliley Act) expressly permits states 11 to enact privacy protections that are stronger than the protections provided by federal law; 12 (3) it is crucial to ensure that residents of the state have the ability to control 13 the disclosure of personal financial information under 15 U.S.C. 6801 - 6809 (Gramm-Leach- 14 Bliley Act); and
01 (4) requiring financial institutions that want to share information with 02 unaffiliated companies to use a consumer opt-in mechanism would give customers reasonable 03 control over the disclosure of their personal financial information by financial institutions. 04 (b) The legislature intends by this Act to protect the privacy of the customers of 05 financial institutions by giving customers notice of how personal financial information is 06 shared and a choice about whether it will be shared with third parties. 07 * Sec. 2. AS 45.48 is amended by adding new sections to read: 08 Article 2A. Disclosure of Financial Information. 09 Sec. 45.48.300. Limitations on disclosure. (a) Notwithstanding 10 AS 45.48.430(b)(3), a financial institution may not sell to, transfer to, share with, or 11 otherwise disclose to a person who is not an affiliate of the financial institution 12 personal financial information unless the customer to whom the personal financial 13 information relates consents in writing to the disclosure. In this subsection, "affiliate" 14 means a person who is related to another person by common ownership or by 15 corporate control. 16 (b) Notwithstanding AS 45.48.430(b)(3), a person who receives personal 17 financial information from a financial institution and who is not the person to whom 18 the personal financial information relates may not disclose the information to another 19 person unless the financial institution makes the disclosure to the other person under 20 (a) of this section. 21 Sec. 45.48.305. Consent form. To obtain the consent required by 22 AS 45.48.300, a financial institution shall use a consent form adopted by the 23 department. 24 Sec. 45.48.310. Exceptions. The disclosure limitations in AS 45.48.300 do not 25 apply to 26 (1) the disclosure of a customer's personal financial information to the 27 customer, if the financial institution or other person verifies the customer's identity; 28 (2) disclosure of a customer's personal financial information to the 29 state, an agency of the state, or a municipality, if the disclosure is authorized by a state 30 law other than AS 45.48.300 - 45.48.325; 31 (3) the disclosure of a customer's personal financial information under
01 a subpoena or court order; 02 (4) the preparation, examination, handling, or maintenance of personal 03 financial information by an officer, employee, or agent of the financial institution that 04 has custody of the records; 05 (5) the examination of personal financial records by a certified public 06 accountant while engaged by the financial institution to perform an independent audit; 07 (6) the disclosure by a financial institution of personal financial 08 information to a collection agency, a collection agency's employees, a collection 09 agency's agents, or a person engaged by the financial institution to assist in recovering 10 an amount owed to the financial institution, if the disclosure is made for the purpose of 11 recovering the amount; 12 (7) the examination of personal financial information by, or the 13 disclosure of personal financial information to, an officer, employee, or agent of a 14 governmental regulatory agency, if the disclosure is only for the use of the officer, 15 employee, or agent as an officer, employee, or agent of the governmental regulatory 16 agency; 17 (8) the publication of information derived from personal financial 18 information, if the personal financial information cannot be identified with a particular 19 customer, deposit, or account; 20 (9) the making of reports, disclosures, or returns required by federal or 21 state law; 22 (10) the disclosure of personal financial information, if the disclosure 23 is permitted under the laws governing the dishonor of negotiable instruments; 24 (11) the exchange, in the regular course of business, of credit 25 information between a financial institution and a consumer credit reporting agency, if 26 the exchange complies with the Fair Credit Reporting Act; 27 (12) the exchange, in the regular course of business, of information 28 between a financial institution and an account verification service, if the exchange 29 complies with the Fair Credit Reporting Act; in this paragraph, "account verification 30 service" means a person who, for monetary fees or dues or on a cooperative nonprofit 31 basis, regularly engages, in whole or in part, in the practice of
01 (A) assembling information on the frequency and location of 02 depository account openings or attempted openings by a customer, or forced 03 closings by a depository institution of accounts of a customer; or 04 (B) authenticating or validating social security numbers or 05 addresses for the purpose of reporting to other persons for use in the prevention 06 of fraud; 07 (13) the exchange, in the regular course of business, of information 08 between a financial institution and a mercantile agency, if the exchange complies with 09 the Fair Credit Reporting Act; in this paragraph, "mercantile agency" means a person 10 who, for monetary fees or dues, or on a cooperative nonprofit basis, regularly engages, 11 in whole or in part, in the practice of assembling or evaluating business credit 12 information or other information on businesses for the purpose of reporting to other 13 persons on the credit rating or creditworthiness of a business; 14 (14) the exchange of loan information that specifically affects a sale, 15 foreclosure, or loan closing, if the exchange is for the purpose of accomplishing the 16 sale, foreclosure, or loan closing; 17 (15) the disclosure of suspected criminal activity to a civil or criminal 18 law enforcement authority for use in the exercise of the authority's duties; 19 (16) the sharing of information within an industry network; or 20 (17) disclosure under permanent or emergency regulations adopted by 21 the department to carry out the clear intent of this section. 22 Sec. 45.48.315. Penalties. (a) Except as provided in (b) and (c) of this section, 23 a person who negligently violates AS 45.48.300 - 45.48.325 is liable for a civil penalty 24 in an amount not to exceed $500 for each violation. 25 (b) A person who knowingly violates AS 45.48.300 - 45.48.325 is liable for a 26 civil penalty in an amount not to exceed $1,000 for each violation regardless of the 27 damages suffered by the customer as a result of the violation. 28 (c) If a violation under (a) or (b) of this section results in the release of 29 personal financial information of more than one individual, the total civil penalty may 30 not exceed $500,000. 31 (d) If a violation under (a) or (b) of this section results in identity theft, the
01 civil penalties under (a) - (c) of this section are doubled. 02 (e) In this section, "knowingly" has the meaning given in AS 11.81.900. 03 Sec. 45.48.320. Regulations. The department shall adopt regulations under 04 AS 44.62 (Administrative Procedure Act) to implement AS 45.48.300 - 45.48.325, 05 including establishing the consent form required by AS 45.48.305. 06 Sec. 45.48.325. Definitions. In AS 45.48.300 - 45.48.325, 07 (1) "customer" means a person who deposits, borrows, or invests 08 money with a financial institution, and includes a surety or guarantor on a loan; 09 (2) "department" means the Department of Commerce, Community, 10 and Economic Development; 11 (3) "financial institution" means a person who does business in this 12 state if the business of the person is engaging in activities that are financial in nature, 13 as determined under 12 U.S.C. 1843(k); 14 (4) "personal financial information" means information that is not 15 widely available to the general public and that is an original or copy of, or that is 16 derived from, 17 (A) a document that grants signature authority over a deposit or 18 share account; 19 (B) a statement, ledger card, or other record of a deposit or 20 share account that shows transactions in or with respect to the deposit or share 21 account; 22 (C) a check, draft, or money order that is drawn on a financial 23 institution or is issued and payable by or through a financial institution; 24 (D) an item, other than an institutional or periodic charge, that 25 is made under an agreement between a financial institution and another 26 person's deposit or share account; 27 (E) information that relates to a loan account or an application 28 for a loan; or 29 (F) evidence of a transaction conducted by electronic or 30 telephonic means. 31 * Sec. 3. The uncodified law of the State of Alaska is amended by adding a new section to
01 read: 02 TRANSITION: REGULATIONS. The Department of Commerce, Community, and 03 Economic Development shall adopt regulations necessary to implement the changes made by 04 this Act. The regulations take effect under AS 44.62 (Administrative Procedure Act), but not 05 before July 1, 2011. 06 * Sec. 4. Section 3 of this Act takes effect immediately under AS 01.10.070(c). 07 * Sec. 5. Except as provided in sec. 4 of this Act, this Act takes effect July 1, 2011.