In what may be more evidence of an emerging national backlash against "opt-out" financial privacy laws, California's San Mateo County this month approved a law requiring banks to get customer permission before sharing their data with third parties.
The federal Gramm-Leach-Bliley law allows financial services groups to share customer data unless the customer says no. But the law allowed states to set a tougher standard, by first requiring customer consent or "opt-in." And that's what's been happening in other locales. In June, voters in North Dakota overwhelmingly voted to tighten financial privacy laws. Vermont officials have imposed similar restrictions.
Those separate actions for stronger privacy protections, from west to east, "show it is a movement across the country," said Ari Schwartz, a policy analyst at the Center for Democracy and Technology in Washington. He sees it as a signal to politicians "that this is something that people care about."
As part of the Gramm-Leach-Bliley law, customers received privacy notices explaining their rights. But the notices were criticized for being too complicated and difficult to understand.
The federal law, however, doesn't prevent states or local communities from imposing their own standards.
San Mateo County Supervisor Mike Nevin said his decision to spearhead the measure grew out of frustration with the California state legislature, which, in the face of heavy opposition from financial trade groups, failed to pass a proposal sponsored by state Sen. Jackie Speier, a Daly City Democrat, that would have required statewide "opt-in" rules.
"I wish the whole state and the country would have the same kind of opportunity for privacy," said Nevin. "With all the pluses that have come out of the computer and information age, one of the downsides is privacy."
The law, which could face a court challenge, takes effect Jan. 1, said Nevin.
Financial services groups have repeatedly opposed such measures, arguing that they will raise business costs to adapt systems that can comply with varying state and local privacy laws.
A Bank of America Corp. official said Friday that the San Mateo law could create problems with its ability to share information with affiliates and subsidiaries.
The San Mateo ordinance, Radin said, would prevent the sharing of customer data internally and with other lines of businesses, such as credit card operations. Adapting systems to comply with these laws, "would require a lot of additional systems infrastructure," he said.