Roundup of State Privacy Laws Passed in 2001

The 50 states continued an aggressive legislative agenda last year to limit the exchange and use of personally identifiable information. The excellent publication Privacy and American Business (Hackensack, NJ; online subscription available at www.pandab.org) reported the following highlights pertaining to ID theft and financial information.

Often the bellwether of legislative trends, California took the lead in protecting consumers from ID theft by passing several laws in September 2001 that give consumers more control over their credit reports:

• Assembly Bill 488 prohibits (at the consumer's request) credit reporting agencies from disclosing addresses and telephone numbers of both the sources and recipients of their credit information

• In the case of an unauthorized person applying for a loan, credit card, bank account or other service under a "stolen" name, Senate Bill 125 requires financial institutions to give the victim of such ID theft the information that appeared on the application.

• Senate Bill 168 requires credit reporting agencies to accept security alerts from consumers. Agencies are prohibited from releasing consumer information for any individual who has requested a "security freeze" on their file.

More broadly, California also nearly passed an opt-in law that would affect the exchange of financial data. Governor Davis has already indicated that an opt-in bill in some form will be part of the legislative package he will propose this year. In a blow to direct marketing, California did pass Senate Bill 771 that creates a statewide Do-Not-Call list maintained by the Attorney General. Marketers will be required to stop calling listed telephone numbers within 31 days after the Do-Not-Call List is published. Assembly Bill 870 prohibits the use of automated telemarketing dialers.