03/13/2008 01:30 PM Senate LABOR & COMMERCE
| Audio | Topic |
|---|---|
| Start | |
| SB160 | |
| SB293 | |
| HB65 | |
| Adjourn |
+ teleconferenced
= bill was previously heard/scheduled
| += | HB 65 | TELECONFERENCED | |
| = | SB 293 | ||
| = | SB 160 | ||
ALASKA STATE LEGISLATURE
SENATE LABOR AND COMMERCE STANDING COMMITTEE
March 13, 2008
1:18 p.m.
MEMBERS PRESENT
Senator Johnny Ellis, Chair
Senator Gary Stevens, Vice Chair
Senator Bettye Davis
Senator Lyman Hoffman
Senator Con Bunde
MEMBERS ABSENT
All members present
COMMITTEE CALENDAR
SENATE BILL NO. 160
"An Act establishing an Alaska health care program to ensure
insurance coverage for essential health services for all
residents of the state; establishing the Alaska Health Care
Board to define essential health care services, to certify
health care plans that provide essential health care services,
and to administer the Alaska health care program and the Alaska
health care fund; establishing the Alaska health care
clearinghouse to administer the Alaska health care program under
the direction of the Alaska Health Care Board; establishing
eligibility standards and premium assistance for persons with
low income; establishing standards for accountable health care
plans; creating the Alaska health care fund; providing for
review of actions and reporting requirements related to the
health care program; and providing for an effective date."
MOVED CSSB 160(L&C) OUT OF COMMITTEE
SENATE BILL NO. 293
"An Act relating to electronic communication devices and to
personal information."
MOVED CSSB 293(L&C) OUT OF COMMITTEE
CS FOR HOUSE BILL NO. 65(FIN)
"An Act relating to breaches of security involving personal
information, credit report and credit score security freezes,
protection of social security numbers, care of records, disposal
of records, identity theft, credit cards, and debit cards, and
to the jurisdiction of the office of administrative hearings;
amending Rules 60 and 82, Alaska Rules of Civil Procedure; and
providing for an effective date."
SCHEDULED BUT NOT HEARD
PREVIOUS COMMITTEE ACTION
BILL: SB 160
SHORT TITLE: MANDATORY UNIVERSAL HEALTH CARE
SPONSOR(s): SENATOR(s) FRENCH
04/23/07 (S) READ THE FIRST TIME - REFERRALS
04/23/07 (S) HES, L&C, FIN
09/10/07 (S) HES AT 1:30 PM Anch LIO Conf Rm
09/10/07 (S) Heard & Held
09/10/07 (S) MINUTE(HES)
01/30/08 (S) HES AT 1:30 PM BUTROVICH 205
01/30/08 (S) Heard & Held
01/30/08 (S) MINUTE(HES)
02/18/08 (S) HES AT 1:30 PM BUTROVICH 205
02/18/08 (S) Moved CSSB 160(HES) Out of Committee
02/18/08 (S) MINUTE(HES)
02/19/08 (S) HES RPT CS 3DP 1DNP NEW TITLE
02/19/08 (S) DP: DAVIS, THOMAS, ELTON
02/19/08 (S) DNP: DYSON
02/26/08 (S) L&C AT 1:30 PM BELTZ 211
02/26/08 (S) Heard & Held
02/26/08 (S) MINUTE(L&C)
02/28/08 (S) L&C AT 1:30 PM BELTZ 211
02/28/08 (S) Heard & Held
02/28/08 (S) MINUTE(L&C)
03/11/08 (S) L&C AT 1:30 PM BELTZ 211
03/11/08 (S) Heard & Held
03/11/08 (S) MINUTE(L&C)
BILL: SB 293
SHORT TITLE: ELECTRONIC COMMUNICATION DEVICES
SPONSOR(s): SENATOR(s) MCGUIRE
02/19/08 (S) READ THE FIRST TIME - REFERRALS
02/19/08 (S) L&C, JUD
03/04/08 (S) L&C AT 1:30 PM BELTZ 211
03/04/08 (S) Heard & Held
03/04/08 (S) MINUTE(L&C)
BILL: HB 65
SHORT TITLE: PERSONAL INFORMATION & CONSUMER CREDIT
SPONSOR(s): REPRESENTATIVE(s) COGHILL, GARA
01/16/07 (H) PREFILE RELEASED 1/5/07
01/16/07 (H) READ THE FIRST TIME - REFERRALS
01/16/07 (H) L&C, JUD, FIN
01/31/07 (H) L&C AT 3:00 PM CAPITOL 17
01/31/07 (H) <Bill Hearing Canceled>
03/28/07 (H) L&C AT 3:00 PM CAPITOL 17
03/28/07 (H) Heard & Held
03/28/07 (H) MINUTE(L&C)
04/04/07 (H) L&C AT 3:00 PM CAPITOL 17
04/04/07 (H) <Bill Hearing Canceled>
04/16/07 (H) L&C AT 10:00 AM CAPITOL 17
04/16/07 (H) Scheduled But Not Heard
04/20/07 (H) L&C AT 3:00 PM CAPITOL 17
04/20/07 (H) Heard & Held
04/20/07 (H) MINUTE(L&C)
04/23/07 (H) L&C AT 3:00 PM CAPITOL 17
04/23/07 (H) Moved CSHB 65(L&C) Out of Committee
04/23/07 (H) MINUTE(L&C)
04/24/07 (H) L&C RPT CS(L&C) 2DP 3NR 1AM
04/24/07 (H) DP: GATTO, NEUMAN
04/24/07 (H) NR: BUCH, LEDOUX, OLSON
04/24/07 (H) AM: GARDNER
05/02/07 (H) JUD AT 1:00 PM CAPITOL 120
05/02/07 (H) Heard & Held
05/02/07 (H) MINUTE(JUD)
05/05/07 (H) JUD AT 8:00 AM CAPITOL 120
05/05/07 (H) Moved CSHB 65(JUD) Out of Committee
05/05/07 (H) MINUTE(JUD)
05/07/07 (H) JUD RPT CS(JUD) NT 4DP 2AM
05/07/07 (H) DP: HOLMES, LYNN, COGHILL, RAMRAS
05/07/07 (H) AM: DAHLSTROM, SAMUELS
01/23/08 (H) FIN AT 1:30 PM HOUSE FINANCE 519
01/23/08 (H) Heard & Held
01/23/08 (H) MINUTE(FIN)
02/13/08 (H) FIN AT 1:30 PM HOUSE FINANCE 519
02/13/08 (H) Heard & Held
02/13/08 (H) MINUTE(FIN)
02/18/08 (H) FIN AT 1:30 PM HOUSE FINANCE 519
02/18/08 (H) Heard & Held
02/18/08 (H) MINUTE(FIN)
02/19/08 (H) FIN AT 1:30 PM HOUSE FINANCE 519
02/19/08 (H) Moved CSHB 65(FIN) Out of Committee
02/19/08 (H) MINUTE(FIN)
02/21/08 (H) FIN RPT CS(FIN) NT 4DP 5NR
02/21/08 (H) DP: HAWKER, CRAWFORD, GARA, NELSON
02/21/08 (H) NR: KELLY, THOMAS, STOLTZE, MEYER,
CHENAULT
02/27/08 (H) TRANSMITTED TO (S)
02/27/08 (H) VERSION: CSHB 65(FIN)
02/29/08 (S) READ THE FIRST TIME - REFERRALS
02/29/08 (S) L&C, JUD, FIN
03/04/08 (S) L&C AT 1:30 PM BELTZ 211
03/04/08 (S) Heard & Held
03/04/08 (S) MINUTE(L&C)
03/13/08 (S) L&C AT 1:30 PM BELTZ 211
WITNESS REGISTER
TREVOR FULTON
Staff to Senator McGuire
Alaska State Capitol
Juneau, AK
POSITION STATEMENT: Commented on SB 293 for sponsor.
DR. OLIVER HEDGECUT
Professor of Logistics
University of Alaska Anchorage
Anchorage, AK
POSITION STATEMENT: Supported SB 160.
ED SNIFFEN, Assistant Attorney General
Department of Law
PO Box 110300
Juneau, AK
POSITION STATEMENT: Commented on SB 293 and HB 65.
KAREN LIDSTER
Staff to Representative John Coghill
Alaska State Capitol
Juneau, AK
POSITION STATEMENT: Commented on HB 65 for the co-sponsor.
MEAGAN FOSTER
Staff to Representative Les Gara
Alaska State Capitol
Juneau, AK
POSITION STATEMENT: Commented on HB 65 for the sponsor.
JON BURTON, Vice President
State Government Relations
Choice Point
Washington, D.C.
POSITION STATEMENT: Wanted changes to HB 65.
AUDREY ROBINSON, Manager
State Government Affairs
Reed Elsevier, Parent Company of LexisNexis
No address provided
POSITION STATEMENT: Wanted changes to HB 65.
JENNIFER FLYNN, Director
Government Affairs
Consumer Data Industry Association (CDIA)
Washington, D.C.
POSITION STATEMENT: Wanted changes to HB 65.
GAIL HILLEBRAND
Consumers Union
No address provided
POSITION STATEMENT: Wanted changes to HB 65.
TERRY BANNISTER
Legislative Legal Division
Juneau, AK
POSITION STATEMENT: Commented on HB 65.
BRYAN MERRELL, Regional Counsel
First American Title Insurance Company
and Alaska Land Title Association
Juneau, AK
POSITION STATEMENT: Commented on HB 65.
ALAN VAZQUEZ
American Electronics Association
No address provided
POSITION STATEMENT: Wanted changes to HB 65.
KENTON BRYNE
Property Casualty Insurers Association (PCI) of America
No address provided
POSITION STATEMENT: Wanted changes to HB 65.
SHEILA CALCALSURE
Information Policy Officer for the Americas
Acxiom Corporation
No address provided
POSITION STATEMENT: Commented on HB 65.
ACTION NARRATIVE
CHAIR JOHNNY ELLIS called the Senate Labor and Commerce Standing
Committee meeting to order at 1:33:38 PM. Present at the call to
order were Senators Davis, Stevens and Ellis.
SB 160-MANDATORY UNIVERSAL HEALTH CARE
1:34:51 PM
CHAIR ELLIS announced SB 160 to be up for consideration.
1:35:10 PM
SENATOR HOFFMAN joined the committee.
SENATOR DAVIS moved to adopt CSSB 160(L&C), version T. There
were no objections and it was so ordered.
CHAIR ELLIS stated they had covered the labor and commerce
aspects of the bill.
1:36:18 PM
SENATOR STEVENS said he was still concerned about how the health
care programs would be paid for.
SENATOR DAVIS moved to report CSSB 160(L&C) from committee with
individual recommendations and attached fiscal notes. There were
no objections and it was so ordered.
SB 293-ELECTRONIC COMMUNICATION DEVICES
1:37:31 PM
CHAIR ELLIS announced SB 293 to be up for consideration.
TREVOR FULTON, staff to Senator McGuire, sponsor of SB 293,
recapped that this is a consumer protection bill protecting
personal privacy and preventing theft of personal identity. The
state currently doesn't have any regulation on the books and
this brings state statutes up to date with this growing
technology.
CHAIR ELLIS asked him to explain the concerns that were
expressed since the last hearing.
1:38:51 PM
SENATOR BUNDE joined the committee.
MR. FULTON responded that the proposed CS addressed some of
those concerns. In response to Senator Bunde's question whether
SB 293 was a proactive bill or addressed current problem, he
reported that Ed Sniffen, Assistant Attorney General, said
identity theft as a result of radio frequency identification
(RFID) would be difficult to prove, but he thought it had
probably already happened. Senator Bunde's second concern was
how SB 293 would affect the use of federal documents like
passports. Mr. Fulton said Legal Services decided it wouldn't
affect federal regulations regarding those types of documents,
but the CS excludes passports and other government-issue travel
documents.
A third question came up through public testimony about whether
similar laws exist in other states. The short answer is no, but
RFID has only been on the public radar for the last three years.
It surfaced in 2005 and since then 50 pieces of legislation have
been introduced in 27 states about it.
SENATOR BUNDE said that addressed his concerns.
SENATOR ELLIS asked Mr. Fulton to go through the CS.
1:41:55 PM
MR. FULTON said that after discussions with the Attorney
General's office, the bill drafter, the Electronic Privacy
Information Center and Dr. Oliver Hedgecut, Professor of
Logistics at UAA, the sponsor decided to incorporate the
following changes into the draft CS. The first change is in the
title that adds violations of this act to a long list of unfair
trade practices already in statute.
The second change is on page 1, line 7, and deletes "active"
that was used in the RFID industry as a very specific term to
differentiate between an active RFID device and a passive one.
It wasn't used in that sense and they didn't want to cause
confusion so it was deleted. The third change is on page 1, line
10, and a couple of other places and replaces "universally
accepted symbol" with "industry recognized symbol". The
reasoning is there is no "universally acceptable symbol" out
there and several different industries use the symbols
differently. They also wanted to accommodate those who are
already willingly labeling their products with some sort of RFID
symbol.
On page 2, lines 16-31, a paragraph was deleted that required
consumers to pay costs associated with the deactivation of RFID.
It was thought putting that burden on the consumer's shoulders
was unreasonable. A new paragraph says "a provider must delete
any personal information on a reactivated RFID." They didn't
want to discourage reuse of the devices, but personal
information had to be purged first.
The fifth change was on page 3, line 1, that replaced "coerce"
and "coercion" with "require" and "requirement". "Coercion" is a
stronger term and more open to interpretation, which could make
proving a violation of this section more difficult. On page 3,
lines 15-16, "remote" was deleted because it is superfluous; all
RFID devices scan and read remotely.
On page 4, lines 12-14, the "Enforcement" section was deleted
because when this was added to the Unfair Trade Practices Act,
there was no longer any need to specifically identify
enforcement procedures. A new section was added in its place
entitled "Exemption" which is where passports and other
international travel documents were exempted. On page 4, lines
16-18, the definition of "active" was deleted and definitions
for "activate" and "activated" were inserted.
1:47:48 PM
This next section had the most substantive change, Mr. Fulton
said. On page 4, lines 28-29, "that transmits, receives or
stores personal information" was added after "item". This
language narrows the focus of the bill only to RFID devices that
transmit, receive or store personal information. "Personal
information" is defined to include the types of items that
consumers tend to be most sensitive about (listed on page 5).
They didn't want to unnecessarily burden all the other
industries, particularly supply chain management and retail
industries that use RFIDs quite a bit.
The final change in the CS is on page 6, lines 2-3, where a new
section was inserted entitled "Section 2" that adds this act to
the list of Unfair Trade Practices.
1:49:07 PM
CHAIR ELLIS asked if all concerns had been addressed.
MR. FULTON replied yes.
DR. OLIVER HEDGECUT, Professor of Logistics, University of
Alaska Anchorage, supported SB 160. He stated that Alaska does
lead in this area and started its RFID research at UAA with the
military. "For that very reason we are a good Petrie dish to
experiment with, not only technology, but with laws and I'm very
proud to be Alaskan and see that we are talking about this
today." He approved of the suggested changes.
ED SNIFFEN, Assistant Attorney General, said making data
protection and privacy a violation of the Consumer Protection
Act was a good move.
SENATOR ELLIS said he supported narrowing the bill to personal
privacy.
1:52:37 PM
SENATOR STEVENS moved to adopt CSSB 293(L&C), version 25-
LS1509\C. There were no objections and it was so ordered.
1:53:02 PM
SENATOR STEVENS moved to report CSSB 293(L&C) from committee
with individual recommendations and attached fiscal notes. There
were no objections and it was so ordered.
CSHB 65(FIN)-PERSONAL INFORMATION & CONSUMER CREDIT
1:54:04 PM
CHAIR ELLIS announced CSHB 65(FIN) to be up for consideration.
[The committee was considering SCS CSHB 65(L&C), version 25-
LS0311\V.]
KAREN LIDSTER, staff to Representative John Coghill, co-sponsor
of HB 65, was available to answer questions.
MEAGAN FOSTER, staff to Representative Les Gara, co-sponsor of
HB 65, started reviewing the changes to version V. On page 11,
line 9, the original bill allowed $10 for placing a security
freeze per credit reporting agency and the CS takes that to $5
based on AARP testimony.
SENATOR BUNDE asked what a freeze would actually cost.
MS. FOSTER answered that states' charges vary with $15 being the
most expensive. Indiana has no charge for placing a freeze. She
has not heard what actual costs are to the credit bureau.
1:59:37 PM
MS. FOSTER said the second change is on page 11, line 23, for
victims of identity theft to receive a freeze at no cost. This
was requested by AARP. The original bill had no exemptions.
SENATOR BUNDE said he was curious about the unfunded mandate.
CHAIR ELLIS remarked that is an open issue at this point.
MS. FOSTER went to page 12, lines 3-6, rights given to
consumers, that outlined changes in the fee structure, a
conforming change.
2:01:23 PM
MS. LIDSTER went to page 16 and recording of documents. The
original bill dealt with the DNR's concerns by making the
exception for them to be able to accept whatever legal document
they were required to record. The DNR and the DOL felt that
exemption should also be in Section 45.48.400 on page 17, line
20. It states that prohibitions of this section do not apply to
a person that is engaged in the business of government and is
authorized by law or when the request or collection of the
individual's social security number is required for the
performance of a person's duties or responsibilities. This makes
sure that an individual recording a document in the Recorder's
Office was not responsible for the information that was on the
document.
SENATOR ELLIS asked if this circumstance is particular to the
DNR.
MS. LIDSTER replied it was brought to their attention by DNR
because it has the unique duty of recording documents that may
have personal information and it makes copies available. The
department is not in a position to start going through those
documents and deleting that recorded information. The provision
relates to other government agencies or individuals that are
authorized by law to perform this work.
MS. FOSTER went to page 17, lines 28-29, where "from an
individual there" replaced "an individual" with in relation to
social security numbers. It was requested by Choice Point as
clarifying language.
SENATOR BUNDE asked how this applies if you want to cash a check
at a bank that wants to see your social security number.
MS. FOSTER replied the exemptions allow for disclosure of a
social security number if it is needed to complete a financial
transaction.
2:06:59 PM
SENATOR BUNDE said it prohibits a business from asking, but
asked if a person who wants to conduct business there can still
volunteer it.
MS. FOSTER didn't know how that would be addressed.
2:07:50 PM
MS. FOSTER proceeded to page 18, lines 19-22, subsection (5)
where "debt collection, fraud prevention and medical treatment"
was inserted after "background check on an individual". This is
because Premera was concerned that restricting social security
numbers would prevent them from giving a patient his medical
records. Doctors' offices were also concerned with this issue.
2:10:04 PM
SENATOR BUNDE asked if there is a problem in Alaska of people
selling social security numbers.
MS. FOSTER replied that in the past an information services
company allowed downloading of social security numbers. It was
advertised on their website; that is no longer there. The
numbers were from 1988 fishing licenses. She said that data
brokering companies will still sell that information. This would
just affect Alaskan records, not those in other states.
She said the next change was requested by Choice Point as a
clarification - on page 19, lines 8-11, subsection (d), language
was added saying "transfer of an individual's social security
number for the sole purpose of identifying a person about whom a
report or database check is ordered, received or provided is not
a sale, lease, loan, trade or rental or the social security
number of this section."
Finally, she said, on page 20, lines 2-5, the same language used
in request or collection was inserted to allow for disclosure of
social security numbers for debt collection, identity
verification, fraud prevention and medical treatment. This
change was requested by Premera.
2:14:20 PM
CHAIR ELLIS said they would begin public testimony on the CS.
2:15:33 PM
JON BURTON, Vice President, State Government Relations, Choice
Point, Washington, D.C. introduced himself.
AUDREY ROBINSON, Manager, State Government Affairs, Reed
Elsevier, Parent Company of LexisNexis, introduced herself.
JENNIFER FLYNN, Director, Government Affairs, Consumer Data
Industry Association (CDIA), Washington, D.C. said her agency
represents consumer companies like LexisNexis and Choice Point.
MR. BURTON recalled their proposed amendments presented last
week that they felt were necessary to not only allow the
consumer protections in this bill to go forward, but also to
removed some impediments to legitimate business activities that
are currently going on today in Alaska and across the country.
He wanted to briefly respond to some of the changes in the CS
and then go into his proposed amendments.
He commented that he hadn't seen many of the amendments in the
CS and the fact that many of them were attributed to Choice
Point came as an utter surprise to him. He asked members to
refer to a copy of his proposed amendments from last week.
MS. ROBINSON clarified that the amendments presented to the
committee were based on the CS as it came over to the committee.
So, some of the line numbers were slightly off given the new
version.
2:20:19 PM at ease 2:21:52 PM
CHAIR ELLIS noted his practice of providing CS to the general
public as soon as possible.
MR. BURTON said his primary concerns were with the social
security number provisions, the credit freeze provisions and the
breech notification. He started with the social security number
provisions on page 17, line 27, Section 45.48.410. He said one
change was made at his request and that was the insertion of
language from an individual on line 29.
2:24:00 PM
Choice Point's second proposed amendment dealt with Sections
45.48.410, .420 and .430 on pages 17-20. The contentious
language is on page 18, line 1, where it says "(1) if the person
is expressly authorized by local, state or federal law...." His
issue with that is they aren't aware of many statutes, either
state or federal, that specifically talk about the government
use of social security numbers. His company operates under an
umbrella of state and federal regulatory law which talks about
the distribution, the sharing and transfer of non-public
personal information and these kinds of definitions most of
which include social security numbers. Many of their activities
are engaged by such federal regulatory statutes such as the Fair
Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLB),
the Driver's Privacy Protection Act and the U.S. Patriot Act.
These laws are what they call prohibitive statutes in that they
set up things they can not do - except for certain permissible
purposes or authorized exemptions.
MR. BURTON explained that he has asked the sponsors to make a
small language change to contemplate and conform to those
federal statutes. The language would read, "if the person is
permitted or authorized by local, state or federal law." He said
he brought the federal statutes for their review.
2:26:00 PM
MS. FLYNN said she had worked on this type of language in many
states and while it is seemingly a simple issue, "permitted" and
"authorized" are necessary for their businesses to continue
providing their services. They feel that particular language
complies with federal laws. Once "expressly authorized" is
inserted they no longer can actually say they comply with the
FCRA and GLB requirements, because those purposes are
"permitted," they are not "authorized."
MR. BURTON said the language at issue is in three separate
social security number sections. So they want the suggested
language included in all three sections for conformity as well.
2:27:58 PM
MR. BURTON said the next language issue applies to all three
social security number sections again. He explained that the
bill sets up prohibitions on what can be done with social
security numbers and then sets out a list of exemptions. One of
the exemptions is for the GLB. His problem is that the GLB
exemption it references does not have the legal effect they need
to continue legitimate business operations. He has asked the
sponsors to redraft the exemption to give what his lawyers said
it needed to have legal effect.
CHAIR ELLIS asked Ms. Bannister to address this specifically.
2:30:38 PM
MR. BURTON said all three social security sections should be
changed to have this legal effect.
MS. FLYNN reiterated that credit reporting is regulated under
FCRA and not being able to legally transmit social security
numbers back and forth could stop credit reports from being
transmitted to Alaska.
CHAIR ELLIS said this came up in other states and asked how
those credit agencies dealt with it.
MS. FLYNN answered that many states don't particularly touch on
social security numbers one way or another. But the states that
have brought it up understand the fact that credit reports and
the transfer of information not only from a consumer to the
credit reporting agency, but the credit reporting agency to, for
instance, a bank or to someone who is trying to get a lien or
looking at a mortgage title - all those transactions include the
social security number and are permissible under the FCRA. They
want language to mirror the federal language.
2:34:29 PM
MR. BURTON said language in subparagraph (5), page 18, line 19,
was in Section 45.48.410 and .430, but not in .420. He asked
that it reference all three for effect and conformity purposes.
That concluded his suggestions on the social security
provisions.
2:35:48 PM
CHAIR ELLIS asked Ms. Foster and Ms. Lidster if they wanted to
comment in terms of the policy calls, the impact of the
tradeoffs and drafting issues.
MS. FOSTER said Representative Gara had discussions with Mr.
Burton about using "permitted" and the representative thought
using it was too broad. Representative Gara also wanted a word
that wasn't as narrow as "expressly authorized". They hadn't
come to an agreement.
CHAIR ELLIS asked if the drafting attorney had suggested
language and if it would allow the business practice that other
states have allowed. He said this issue really has to be
resolved.
ED SNIFFEN, Department of Law (DOL), said industry's concerns
were that using "expressly authorized" in sections .410, .420
and .430 was too narrow for them to conduct business under the
FCRA or GLB. He looked at the acts and even though the headings
in some of them use terms like "permissible purposes" or "things
that aren't prohibited," it seemed to suggest that "expressly
authorized" wouldn't encompass that same meaning. The FCRA
provides that "permissible purpose" of a consumer report allows
that a consumer reporting agency "may furnish to a person which
has a reason to believe that the information is going to be used
in connection with a credit transaction involving the consumer".
The Act says it is okay to furnish this information to a person
and he thought "expressly authorized" could include statements
like "may furnish". He suggested dropping "expressly" and using
just "authorized". He thought "authorized" had more import than
"permitted" because that is very broad. He said it's likely that
existing language would allow them to do business, but he was
continuing to work on this with them. In looking over Alaska
Supreme Court cases, he hadn't found any legal distinction
between using "authorized" and "permitted."
MR. SNIFFEN said with respect to the exemptions in sections .410
and .430 the "expressly authorized" language is an "either or"
under these sections, because regardless of whether something is
expressly authorized or not, the bill does carve out an
exemption for the Gramm-Leach-Bliley Act. It doesn't matter if
it says "permitted" or "expressly authorized," if it's in the
GLB Act, you are exempt.
He hadn't focused on Mr. Burton's point about whether or not
they are technically a financial institution and so that
exemption may or may not apply to them, but he would be happy to
have that conversation with him. The same for consumer reporting
agencies under exemption 4 on page 18, line 16, that provides an
exemption for a communication to or from a consumer reporting
agency. The FCRA defines a consumer reporting entity to include,
he believed, Choice Point and others; maybe that's where their
hang-up was. He thought this exemption encompassed all that
conduct. However, he said, those exemptions don't hinge on the
language "expressly authorized" versus "permitted".
CHAIR ELLIS asked him to think about what language would work.
GAIL HILLEBRAND, Consumers Union, said on the issue of
"expressly authorized" this bill is designed to restrict some
conduct that now occurs in the marketplace. That is why it was
brought forward. Her concerns with saying simply "authorized" or
"permitted" without some kind of affirmative authorization or
permission is that federal law allows all sorts of things that
it doesn't prohibit. But it is implied. Federal law is
structured so there are certain things you can't do and it just
doesn't touch the universe of other things; this measure is
designed to touch the remaining universe of other things. She
thought this was a policy issue, not a drafting issue.
MS. FOSTER said the sponsors made a policy call when inserting
"for a purpose permitted or authorized by the Gramm-Leach-Bliley
Act" into sections .410 and .430. The reason it is not just a
conforming amendment and wasn't put into section .420 is because
they are trying to prohibit the sale, lease, loan or trade of a
social security number and institutions covered under GLB are
allowed to engage in that business. It was a hard policy call.
2:46:48 PM
CHAIR ELLIS asked if the restriction in the CS is common in
other states.
MS. FOSTER answered no other state has restrictions as tight as
the ones being proposed.
CHAIR ELLIS said they would come back to sections .410 and .430.
2:47:55 PM
MS. FOSTER said the language for the Fair Credit Reporting Act
was inserted because they didn't want to open all the sections
of the bill to those purposes covered under it. On page 18, line
23, new language was added in the sale, lease, loan, trade or
rental section for conformity with .410 and .430. They don't
necessarily want the language in section .420 to conform exactly
with the other two sections. It was another policy call that
they don't feel the language covering the sale of a social
security number should be the same as the language covered under
disclosure or request for collection of a social security
number.
2:50:00 PM
CHAIR ELLIS asked Ms. Bannister's thoughts on the points that
had been made from a drafting perspective.
TERRY BANNISTER, Legislative Legal, said she could draft
whatever is wanted. However, "permitted" is very broad and she
didn't know if the parties could compromise on another word.
CHAIR ELLIS stated that they wanted to make the right policy
call, but they didn't want to make a compromise for comprise
sake.
2:53:08 PM
MS. BANNISTER asked what Mr. Burton particularly felt using
"authorized" would not allow them to do.
MS. FLYNN (GLB) answered that their lawyers interpret
"authorize" specifically to mean authorize; there is no
definitional ambiguity to that word. It means the law has to
"authorize" it. The FCRA and the GLB do not do that; they
"permit." If a lawyer is looking at what they are allowed to do
and it says "authorized" by the FCRA, the FCRA doesn't
authorize, it permits.
Her company lawyers' interpretation is that they would no longer
be able to provide the services under the FCRA. GLB is a broader
financial institution law, so the consumer reporting agencies
would not be able to provide the services that they provide. If
there are certain things under federal law the state doesn't
want them doing, that's a different question. But if you're
trying to say they should be able to continue doing everything
that is permissible under the FCRA and GLB, this would not allow
them to do that.
2:55:14 PM
MS. FOSTER had no response to that.
2:55:54 PM
MS. BANNISTER asked why doesn't subsection (4) [in Section
45.48.410] allow it.
MS. FLYNN replied as that particular section is written "a
communication to or from a consumer reporting agency" is much
too vague. They operate under very strict regulatory and legal
guidelines and laws; it would be a disservice for her to say
this is okay. Ambiguity is unacceptable and they are talking
about secure information.
MS. BANNISTER asked what she would use instead of
"communication" that would be more concrete.
MS. FLYNN replied she would have to discuss that with the
companies and the lawyers.
CHAIR ELLIS directed that to proceed.
SENATOR BUNDE said he thought the crux of the matter is that
things are allowed under the federal law that the CS won't
allow. He asked if it was the sponsors' intent to limit
practices that are allowed under federal law.
MS. FOSTER said the sponsors believe what is allowed under
federal law is really broad, and they are not comfortable with
that, especially for social security numbers. It is the
sponsors' intent to narrow those permitted uses.
SENATOR BUNDE said he didn't think there were words that would
solve this equation.
CHAIR ELLIS said he thought language could be found to allow
certain business practices.
3:00:21 PM
MS. FLYNN asked which purposes they would be limiting.
3:02:06 PM
BRYAN MERRELL, Regional Counsel, First American Title Insurance
Company and Alaska Land Title Association, said he was concerned
about an issue that was raised by the DNR Recorder's Office
about making a public record of private information that might
be contained in its recorded documents. He had been told those
concerns were addressed by an exemption, but he wasn't sure.
CHAIR ELLIS responded that no one from DNR was present, but they
had represented to staff that they were satisfied with the
change.
3:05:39 PM
ALAN VAZQUEZ, American Electronics Association, suggested adding
an email provision within the methods of notice section as a
primary form of notice. They believe this because many of their
member companies' primary method of communication with their
customers is through email. It is also a quicker way to notify
consumers and customers of a potential data breach.
Second, he asked that a public exception provision be inserted
in the definition of personal information in Section 45.48.090
(7) because business should be encouraged to focus resources on
truly sensitive data elements. "It's imperative that the data
elements include a definition that is consistent with those that
truly lead to a significant risk of identity theft."
Last, Mr. Vazquez encouraged them to look at the American
Legislative Exchange Council's model definition of "data
breach." It is their concern that the current definition in this
bill is too broad and would lead to over notification and "boy
cries wolf scenario."
3:09:22 PM
KENTON BRYNE, Property Casualty Insurers Association (PCI) of
America, said he had provided amendments to Representative
Coghill's office, and their focus is entirely on Article 2 the
credit freeze authorization provision - particularly Section
45.48.100. He said roughly 43 percent of the home, auto and
business insurance polices written in America are written by PCI
member companies. He said some 40 states have approved credit
freeze language; 33 of those states have included some kind of
language that allows insurers to continue to access credit
related information and consumer reports for insurance related
purposes even if a freeze has been placed on the credit file. He
said primarily when someone's identity is stolen it is for the
purpose of falsely getting access to money and loans. He was
pretty sure that every state in the last two years that has
crafted a security freeze bill has allowed insurer access to
frozen credit files.
He explained that insurers use credit information to determine
risk to determine a rate. In this day of 24/7 access to
insurance they want to keep the process as easy and hassle free
for the consumer as possible. So, PCI has asked a number of
states, including Idaho, Washington and Oregon, to adopt the
language they are proposing for Section 45.48.100 in which they
define for purposes of a credit freeze a credit report as a
consumer report that is accessed for the purpose of determining
someone's eligibility for a loan; this would allow other non-
lending purposes to go forward even when a freeze is on file.
They would seek to repeat that language in the definition
section, 45.48.290(5).
As for their other amendments, after consulting with
Representative Coghill's staff, they determined the current CS
is sufficient to allow insurers to treat a consumer fairly if
they have a credit freeze and you're not allowed to access their
credit reports if they won't lift the freeze. So they will not
seek the amendments they previously sought for Section
45.48.130.
3:14:40 PM
SENATOR BUNDE agreed that he doubted someone would steal someone
else's identity to get lower insurance rates, but he asked if it
is possible someone would try to hack an insurance company's
files to steal identities and what could they do to prevent
that. If it did happen, how would people be notified?
MR. BRYNE replied the answer is in the security breach
provisions of the bill. Insurers would be treated the same as
other entities that are regulated under the legislation. They
are not seeking any change in that. The only change is specific
to accessing a file that has been frozen at the request of a
consumer. He didn't know that any insurance company's files had
been hacked, accessed or breached, but if that occurred,
insurers would be subject to the same provisions as other
institutions under the legislation. While some insurers are
regulated under GLB, it depends on the activity; the provisions
do not apply the same way to all companies. The protections that
have been contemplated for other financial institutions are the
same for insurers under the bill.
SENATOR BUNDE commented to the representatives of the sponsors
if the argument is about state law preempting federal law, they
are having an academic exercise.
3:16:44 PM
SHEILA CALCALSURE, Information Policy Officer for the Americas,
Acxiom Corporation, said Acxiom is an information policy
business and providing information solutions to its clients all
over the United States that do things like identity
authentication. Its tools are permitted under a Gramm-Leach-
Bliley permitted use statute of the federal law. She said the
outcome of this bill is very important to the way they serve
their clients in Alaska and the United States.
CHAIR ELLIS thanked everyone for their testimony and said they
would continue with the bill at a later meeting. There being no
further business to come before the committee, he adjourned the
meeting at 3:18:57 PM.
| Document Name | Date/Time | Subjects |
|---|