Tough California Privacy Law Fails to Pass

A privacy bill that would have had serious implications for the financial services industry failed to pass the California Assembly on September 14. The "Opt-in" bill had passed the California Senate earlier in the summer. Industry representatives were particularly worried about the impact on their business in California (as well as the likely precedent set for other states) because the bill would have required financial institutions to get written customer consent before sharing personal information with third parties and their own corporate affiliates. The Gramm-Leach-Blilely Act of 1999 requires financial institutions to give customers a chance to "opt-out" of data sharing with third parties, but leaves affiliate sharing unrestricted. Consequently, the California bill would have imposed much tougher restrictions which would have impacted marketing, customer service and potentially other corporate activities such as fraud detection and prevention.

California Governor Gray Davis had declined to endorse the bill prior to the Assembly vote. It had been expected that some compromise amendments would be offered on his behalf, but this didn't occur. The bill's demise may be temporary. Because the bill passed the Senate this year it can automatically be considered again next year. Moreover, this year's vote was taken at 1:00 am just three days following the September 11 terrorist attacks. The final tally was 32-26, but 20 members abstained. It is not at all clear how such a bill might fare in a less tumultuous period.