The URL can be used to link to this page

Home My WebLink AboutMINUTES - 09172002 - D.4 BOARD OF SUPERVISORS Contra FROM: Silvano B. Marchesi, County Counsel Costa DATE: September 17„2002 SUBJECT:; Ordinance Regulating Disclosure of CountJr Confidential Consumer Information by Financial Institutions SPECIFIC REQUESTS)OR RECOMMENDATtON(S)&BACKGROUND AND JUSTIFICATION RECOMMENDATION: Introduce ordinance regulating disclosure of confidential consumer informationby financial institutions, waive reading, and fix September 24, 2002 as the date for adoption. BACKGROUND- On September 10, 2002, the Board of Supervisors unanimously directed County. Counsel to review the Model'Ordinance'Regulating Disclosure of Confidential Consumer Information by Financial Institutions and present it to the Board for consideration'as soon as possible, and declared its intent to adopt the ordinance. Attached is the model ordinance, which has been modified in format to be consistent with the County's Ordinance Code, One substantive' change has been made: a definition of"consumer" has been added to clarify that the ordinance applies only to confidential consumer information of consumers who reside in the unincorporated area of the County. (§' 518-4.410) CONTINUED ON ATTACHMENT: /*S SIGNATUR---------------------------------------E: � --- -- ------------ RECOMMENDATION'OF COUNTYADMINISTRATOR RECOMMENDATION OF BOARD COMMITTEE PROVE OTHER St+GNATURE(S) • - ACTION OF -- BOARD ON 1 APPROVE AS RECOMMENDED X OTHER VOTE OF SUPERVISORS' I HEREBY CERTfFYTHAT'THIS IS A TRUE AND CORRECT COPYOF AN ACTION TAKEN X UNANIMOUS(ABSENT NOne ) AND ENTERED ON THE MINUTES OF THE BOARD OF SUPERVISORS ON THE DATE'; AYES: NOES: SHOWN, ABSENT: ABSTAIN; ATTESTED September 17,.2002 CONTACT: Slivano Marche!(335-1814) JOHN SWEETEN,CLERK OF THE BOARDOF SUPERVISORS AND COUNTYADMINISTRATOR CC: County Administrator BY DEPUTY HAFmmia!Pn—ytRln-wi Pnw.y Stag R®port.wpd ORDINANCE NO. 2002- PROTECTING CONSUMER FINANCIAL INFORMATION The Contra Costa County Board of Supervisors ordains as follows (omitting the parenthetical footnotes from the official text of the enacted or amended provisions of the County Ordinance Code): SECTION 1. This ordinance adds Chapter 518-4 to the Contra Costa County Ordinance Code to provide customers of financial institutions notice and meaningful choice about how their personal information is shared or sold by their financial institutions. SECTION Il.. Chapter 518-4 is added to the County Ordinance Code to read: CHAPTER 518-4 Article 5184.2 General 518-4.202 Purpose and Intent. (a) It is the purpose and intent of the Board of Supervisors that the operation of financial institutions as defined in this chapter should be regulated so as to provide customers of financial institutions notice and meaningful choice about how their personalinformation is shared or sold by their financial institutions. (b) It is the intent of the Board of Supervisors in enacting this chapter to afford persons greater financial privacy protection than those provided in Public Law 106-102,the federal Gramm-Leach-Bliley Act, and that this chapter be interpreted to be consistent with that purpose. (Ord.. 2002-_..., §2.) Article 518-4.4 Definitions 518 4.402 General. As used in this chapter, the following words and phrases shall have the meanings set forth herein unless it is apparent from the context that a different meaning is intended. (Ord. 2002-_, §2..) 5184.404 Affiliate. "Affiliate"means any person or entity that,directly or indirectly, controls, is controlled by, or is under common control with another person or entity. A franchiser, including any affiliate thereof,shall be deemed an affiliate of the franchisee for purposes of this chapter. (Ord. 2002-_, §2.) 518-4.406 Clearly and Conspicuously; "Clearly and conspicuously"means displayed in a manner that is readily noticeable, readable, and understandable to consumers. Factors to be considered in determining whether a ORDINANCE NO. 2002- notice or disclosure is clear and conspicuous include prominence,proximity, absence of distracting elements, and clarity and understanding of the text disclosure, (Ord.2002-_, §2.) 5184.408 Confidential'Consumer Information: (a) "Confidential consumer information"means information(1)that a consumer provides to a financial institution to obtain a product or service from the financial institution, (2) about a consumer resulting from any transaction involving a-.product or service between the financial:,institution and a consumer, or(3)that the financial institution otherwise obtains about,a consumer in connection with providing a product or service to that consumer. Any personally identifiable information is financial if it was obtained by a financial institution in connection with providing a financiall product or service to a consumer, including the fact that a consumer is a customer of a financial institution or has obtained a financial product or service from a financial institution. Confidential consumer information'does not include publicly available information that the financial institution has a reasonable basis to believe is lawfully made available to the general public from(1)federal, state, or local government records,'(2)widely distributed media, or(3)disclosures to the general public that are required to be made by federal, state,or local law. "Confidential consumer information"shall include any list,description,or other grouping of consumers, and publicly available information pertaining to them that is derived using any nonpublic personal information other than publicly available information,but shall not include any list, description, or other grouping of consumers,and publicly available information pertaining to them that is derived without using any confidential consumer information. (b)"Confidential consumer information"includes,but is not limited to, all of the following: (1) Information a consumer provides to a financial institution on an application to obtain a loan,credit card, or other financial product or service. (2) Account'balance information,payment history, overdraft history and credit or debit card purchase information. (3) The fact that an individual is or has been;a customer of a financial institution or has obtained a financial product or service from a financial institution. (4) Any information about a financial institution's consumer if it is disclosed in a manner that indicates that the individual is or has been the financial institution's consumer. (5) Any information that a consumer provides to a financial institution or that a financial`institution or its agent otherwise obtains in connection with collecting on a-loan or servicing a loam. (6) Any information collected through an Internet coolie or an information- collecting device from a Web server. (7) Information from a consumer report. (Ord. 2002- , §2.) 5184.410 Consumer. "Consumer"means a consumer of a financial institution who resides in the unincorporated'area of the County. (Ord. 2002-_„_, §2.) 5184.412 Control. "Control"means the direct or indirect possession of the power to director cause the direction of the management and policies of another entity. Control includes any of the following: (1)ownership or power to vote 25 percent or more of the outstanding shares of any class of voting security of a company, acting through one or more persons,(2)power in any manner over the election of a majority of the directors, or of individuals exercising similar ORDINANCE NO. 2002- 2 , , functions, or(3)the power to exercise a directing influence over the management of policies of a company. (Ord. 2002-_.._, §2•) 518.4.414 Financial Institution. "Financial institution"generally means any institution located in the unincorporated area of the County that engages in financial activities as described in Section 1843 (k)of Title 12 of the United States Code and doing business in the unincorporated area of the County. An institution that is significantly engaged in financial activities is a financial institution. The term "financial institution"does not include the Federal Agricultural Mortgage Corporationor any entity chartered and operating under the Farre Credit Act of 1971 (12 U.S.C. §2001 et;seq.), provided that the entity does'not sell or transfer confidential consumer information to a nonaffiliated third party. The term"financial institution"does not include institutions chartered by Congress specifically to engage in a proposed or actual securitization, secondary market sale, including sales of servicing rights, or similar transactions related to a transaction of the consumer,as long as those institutions do not sell or transfer confidential'consumer information to a nonaffiliated third party. The term financial institution does not include any person licensed as a dealer under Article 1 (commencing with Section'11700)of Chapter 4 of Division 5 of the Vehicle Code that enters into contracts for the installment sale or lease of'motor vehicles pursuant to the;requirements of Chapter 2b (commencing with Section 298 1) or 2d(commencing' with Section 29$5.7)of Title 14 of Part 4 of Division 3 of the Civil Code and assigns substantially all of those contracts to financial institutions within 30 days. The term"financial institution"does not include;any provider of professional services,or any wholly owned affiliate thereof, that is prohibited by rules of professional ethics or applicable law from voluntarily disclosing confidential client information without the consent of the client. (Ord.2002-�, §2.) 518-4.416 Financial Product or Service. "Financial product or service"means any product or service that a financial holding company could offer by engaging in any activity that is financial in nature or incidental to financial'activity under subsection(k) of Section 1843 of Title 12 of the United States Code(the United States Bank Holding Company Act of 1956). Financial service includes a financial; institution's evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for financial product or service. (Ord. 2002-_, §2.)` 518-4.418 Necessary to Effect,Administer,or Enforce. "Necessary to effect, administer, or enforce"means the following: (a) The disclosure is required, or is a usual, appropriate,or acceptable'method to carry out the transaction or the product or service business of which the transaction is a part,and record or service or maintain the consumer's account in the ordinary course of providing the financial;.service or financial product,or to administer or service benefits or claims relating to the transaction or the product or service business of which it is a part,and includes the following: (1) Providing the consumer or the consumer's agent or broker with a confirmation, statement,or other record of the transaction, or information on the status or value of the financial service or financial product. (2) The accrual or recognition of incentives'or bonuses associated with the transaction that are provided by the financial institution or another party involved in providing the financial service or product._ ORDINANCE NO. 2002- 3 (b) The disclosure is required or is a lawful method to enforce the rights of the financial institution or of other persons engaged in carrying out the financial transaction or providing the product or service. (c) The disclosure is required, or is a usual, appropriate, or acceptable method for insurance underwriting at the consumer's request,for reinsurance purposes, or for any of the following purposes as they relate to a consumer's insurance: (1) Account administration. (2) Reporting, investigating, or preventing fraudor material misrepresentation. (3) Processing premium payments. (4) Processing insurance claims. (5) Administering insurance benefits, including utilization review activities. (6) For internal research purposes. (7) As otherwise required or specifically permitted by federal or state law. (d) The disclosure is required,or is a usual, appropriate or acceptable method,in connection with the following: (1) The authorization, settlement,billing processing, clearing, transferring,reconciling, or collection of amounts charged,debited, or otherwise paid using debit, credit or ether payment card, check or account number, or by other payment means. (2) The transfer of receivables, accounts,or interest therein. (3) The audit of debit, credit, or other payment information. (turd. 2002_ §2•) 518-4.420 Nonaffiliated Third Party. "Nonaffiliated third party"means any entity that is not an affiliate of, or related by common ownership or affiliated by corporate control,with the financial institution. (Ord. 2002- _, §2•) ' 5184.422 Widely Distributed Media. "Widely distributed media":means publicly available information from a telephone book,; a television or radio program, a newspaper or a Web site that is available to the general public on an unrestricted basis. (Ord.2002-_, §2 - Article 518-4.6 Disclosure of Confidential Consumer Information 518-4.602 Nan-Disclosure of Confidential Consumer Information. (a) A financial institution shall not disclose to or share a consumer's confidential consumer information with, any nonaffiliated third party or affiliate unless the financial institution has provided written notice to the consumer to whom the confidential consumer information relates and unless the financial institution has obtained a consent acknowledgment signed by the consumer that authorizes the financial institution to disclose or share the confidential consumer information. A financial'institution shall not deny a consumer a financial product or a financial service because the consumer has not provided the signed'consent acknowledgment required by this section to authorize the financial institution to disclose or share his or her confidential consumer information with any nonaffiliated third-party or affiliate. ORDINANCE NO. 2002- 4 (b) Nothing in this chapter shall prohibit a financial institution from marketing its own products and services or the products and services of others to the financial institution's own customers,provided no confidential consumer information is disclosed except as permitted by Section 518-4.210. (c) Except as otherwise provided in this chapter, an entity that receives confidential consumer information from a financial institution under this chapter shall not disclose this information to any other entity,unless the disclosure would be lawful if made directly to the other entity by the financial institution. (Ord. 2002-_ §2.). 518 4.604 Notice and Consent. (a) Nothing in this chapter shall require a financial institution to provide a written notice to a consumer pursuant to section 518-4.206 if the financial institution does not disclose confidential consumer information to any nonaffiliated third-party or to any affiliate, except as provided in section 518-4.210. (b) A financial institution shall provide written notices and consent acknowledgments required by this chapter to consumers as separate written documents that are easily identifiable and distinguishable from other documents that otherwise may be provided to a consumer. A notice provided to a member of a household pursuant to section 518-4.206 shall be considered notice to all members of that household unless that household contains another individual who also has a separate account with the financial institution. (c) Written notices required by this chapter shall include at least the following: (1) The specific types of information that would be disclosed or shared, (2) The general circumstances under which the information would be disclosed or shared, (3) The specific types of persons or businesses that would receive the information, and (4) The specific proposed types of uses for the information. (Ord. 2002-_, §2.) 5184.606 Exempt Disclosures. (a) Section 518-4206 shall not apply to information'that is not personally identifiable to a particular person. (b) Section 518-4.206 shall not prohibit the release of confidential consumer information under the following circumstances: ('1) The confidential consumer information is necessary to effect, administer,or enforce a'transaction requested or authorized by the consumer,or in connection with servicing or processing a financial product or service requested or authorized by the consumer, or in connection with maintaining or servicing the consumer's account with the financial institution, or with another entity as part of a private label credit card program or other extension of credit on behalf of such entity,or in connection with a proposed or actual securitization or secondary market sale, including sales of servicing rights,related to a transaction of the consumer. (2) The confidential consumer information is released with the signed consent acknowledgment of or at the written direction of the consumer. (3) The confidential consumer information is: ORDINANCE NO. 2002- 5 (A) Released to protect the confidentiality or security of the financial institution's records pertaining to the consumer,the service or product, or the transaction therein. (B) Released to protect against or prevent actual or potential fraud, identity theft,unauthorized transactions, claims or other liability. (C) Released for requiredinstitutional risk control,or for resolving customer disputes or inquiries. (D) Released to persons holding a legal or beneficial interest relating to the consumer. (E) Released to persons acting in a fiduciary or representative capacity on behalf of the consumer. (4) The confidential consumer information is released to provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the financial institution,persons assessing the institution's compliance with industry standards, and the institution's attorneys, accountants, and auditors. (5) The confidential consumer information is released to the extent specifically required or specifically permitted under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. § 3401 et seq.), to law enforcement agencies, including a federal functional regulator, the Secretary of the Treasury with respect to 12 U.S.C. Secs. 1951-1959,the California Department of Insurance, or the Federal Trade Commission,'and self-'regulatory organizations. (6) The'confidential consumer information is released(A)to a consumer- reporting agency in accordance with the Fair Credit Reporting Act(15 U.S.C. § 1681 et seq.), or (B) from a'consumer report reported'by a consumer-reporting agency. (7) The confidential consumer information is released in connection with a' proposed or actual sale,"merger,transfer, or exchange of all or a portion of a business or operating unit if the disclosure of confidential consumer information solely concerns consumers of the business or unit. (8) The confidential consumer information is released to comply with federal, state, or local laws,rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by federal, state, or local authorities; or to respond to judicial process or government regulatory authorities having jurisdiction over the financial'institution for examination,compliance,or other purposes as authorized by law. (9) When a financial institution is reporting a known or suspected instance of elder or dependent adult financial abuse or is cooperating with a local adult protecting services agency investigation of known or suspected elder'or dependent adult financial abuse pursuant to Article 4(commencing with Section 15630)of Chapter 11 of Part 3 of Division 9'of the Welfare and Institutions Code. (10) The confidential consumer information is released to a nonaffiliated third party in order for the nonaffiliated third party to perform services for or functions on behalf of, the financial institution in connection with the financial institution's products and services, such as mailing services, data processing or analysis, or customer surveys,provided that all of the following requirements'are met: (A) The services to be performed by the nonaffiliated third party would be lawful if performed by the financial institution. (B) There is a written contract between the nonaffiliated third party and the financial institution that prohibits the nonaffiliated third party from disclosing:or using the confidential consumer information other than to carry out the purpose for which the financial institution'disclosed the information, as set forth in the written'contract. ORDINANCE NO. 2002- 6 (C) The confidential consumerinformation provided to the nonaffiliated third party is limited to that which is reasonably necessary for the nonaffiliated third party to perform the services contracted for on behalf of the financial institution. (l 1) The confidential consumer information is released to identify or locate missing and abducted children,witnesses, criminals and fugitives,parties to lawsuits,parents delinquent in child support payments, organ and bone marrow donors,pension fiends beneficiaries, and missing heirs. (c) Nothing in this chapter is intended to change existing law relating to access by lav enforcement agencies to information held by financial institutions (Ord. 2002-_, §2.) 518-4.608 Insurance and Securities'Disclosures. (a) The restrictions on disclosure and use of confidential consumer information,and the requirement for notification,disclosure, and opportunity for the consumer to either direct that the confidential consumer information not be disclosed or provided pricer written consent, as provided in this chapter,do not apply to any person or entity that meets the requirements of paragraph(1)or(2)of this subsection except when confidential consumer information is or will be shared with an affiliate or nonaffiliated third party. (1) The person or entity is licensed in one or both of the following categories and is acting within the scope of the respective license: (A) As an insurance producer, licensed pursuant to Chapter 5 (commencing with Section 1621), Chapter 6(commencing with Section 1760), or Chapter 8 (commencing with Section 1831)of Division 1 of the Insurance Code. (B) Is;,duly licensed to sell securities. (2) The person or entity meets the requirements of paragraph(1)of this subsection and has a written contractual agreement with another person or entity described in paragraph(1) of this subsection and the contract clearly and explicitly includes the following; (A) The rights and obligations between the licensees arising out of the business relationship gelating to insurance or securities transactions. (B) An explicit limitation on the use of confidential consumer information about a consumer to transactions authorized by the contract and permitted pursuant to this chapter'. (C) A requirement that transactions specified in the contract fall within the scope of activities permitted by the licenses of the parties. (b) The restrictions on disclosure and use of confidential consumer information, and the requirement for notification and disclosure provided in this chapter, shall not limit the ability of insurance producers and brokers to respond to written or electronic,including telephone,requests from consumers seeking price quotes on insurance products and services. (Ord. 2002-_, §2.) 5184.610 Administrative Fines (a) 1n addition to any other remedies and penalties provided by law, any financial institution that negligently discloses or shares confidential consumer information in violation of this chapter shall be liable, irrespective of the amount of damages suffered by the consumer as a result of that violation,for an administrative fine not to exceed one thousand five hundred dollars ($1,500)per violation. ORDINANCE NO. 2002- 7 (b) Any financial institution that knowingly and willfully obtains, discloses,or uses confidential consumer information in violation of this chapter shall be liable upon a first violation, for an administrative fine not to exceed two thousand five hundred dollars($2,500)per violation, or upon a second violation for an administrative fine not to exceed ten thousand dollars ($10,000)per violation, or upon a third or subsequent violation for an administrative fine not to exceed twenty-five thousand dollars ($25,000)per violation. (c) Any financial institution that knowingly and willfully obtains, discloses, or uses confidential consumer information in violations of this chapter for financial gain shall be liable upon a first violation of this chapter for an administrative fine not to exceed five thousand dollars ($5,000)per violation, or upon a second violation for an administrative fine not to exceed twenty-five thousand dollars($25,000)per violation,or upon,a third or subsequent violation for an administrative penalty not to exceed two hundred fifty thousand dollars($250,000)per violation and shall be subject to disgorgement or any proceeds or other consideration,obtained as a result of the violation. (d)' Nothing in this section shall be construed as authorizing an administrative fine or civil penalty under both subsections'(b) and(c)for the same violation. (Ord. 20027--, §2.) 518-4.612 Fair Credit Reporting Act or Federal Conflict. This chapter shall not be construed in a manner that is inconsistent with the federal Fair Credit Reporting Act(15 U.S.C. §1681 et`seq). (Ord.2002-_, §2.) 5184.514 Severability. (a) If any provision of this chapter is held by any court or by any Federal or State agency of competent jurisdiction,to be invalid as conflicting with any Federal or State law, rule or regulation now or hereafter in effect, or is held by such'court or agency to be modified in anyway in order to conform to the requirements of any such law,rule or regulation, such provision shall be considered a separate,distinct, and independent part of this chapter, and such holding shall not affect the validity and enforceability of all other provisions hereof: In the event that such law; rule or regulation is subsequently repealed,rescinded, amended or otherwise changed,so that the provision thereof which had previously been held invalid or modified is no longer in conflict with such law,rule or regulation, said provision shall thereupon return to full force and effect and shall thereafter be binding. (b)' If any section, subsection,phrase, clause, sentence, or word in this chapter shall for any reason be held invalid or unconstitutional by a court of competent jurisdiction,it shall not nullify the remainder of this chapter but shall be confined to the article, section, subsection, subdivision, clause, sentence or word so held invalid or unconstitutional. (Ord. 2002- §2.) SECTION III. EFFECTIVE DATE. This ordinance shall be effective January 1, 2003, and within 15 clays of passage shall be published once with the names of the supervisors voting for ORDINANCE NO.;,2002- 8 and against it in the , a newspaper published in this County. PASSED ON by the following vote: AYES: NOES: ABSENT: ABSTAIN; ATTEST: JOHN SWEETEN, Clerk of the Board of Supervisors and County Board Chair Administrator By [SEAL] Deputy HAFipancial Privacy\CCC Financial Privacy Ordinancempd'(9/11/02) ORDINANCE.NO. 2002- 9