1. Federal banking law, known as the Gramm-Leach-Bliley Act, makes it likely that the personal financial information of [State] residents will be widely shared among, between and within companies.

2. The Gramm-Leach-Bliley Act explicitly permits states to enact privacy protections that are stronger than those provided in federal law.

3. It is crucial to ensure that residents have the ability to control the disclosure of what the Gramm-Leach-Bliley Act calls nonpublic personal information.

4. This Act is intended to grant reasonable control to consumers by requiring financial institutions that want to share information with unaffiliated companies to use a consumer “opt in” mechanism.

1. “Account verification service” means any person or entity that, for monetary fees, dues or on a cooperative nonprofit basis, regularly engages, in whole or in part, in the practice of:

2. “Affiliate” or “affiliated company” means any company that controls, is controlled by, or is under common control with another company as that term is used in Section 1681a(d) of Title 15 of the United States Code.

3. “Credit reporting agency” means any person or entity that for monetary fees, dues or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of reporting to third parties on the credit rating or creditworthiness of any consumer.

4. “Customer” means any person or entity that deposits, borrows or invests with a financial institution, including a surety or a guarantor on a loan.

5. “Financial institution” means any institution, the business of which is engaging in financial activities as described in Section 1843(k) of Title 12 of the United States Code, that does business in this state.

6. “Mercantile agency” means any person or entity that, for monetary fees, dues or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating business credit information or other information on businesses for the purpose of reporting to third parties on the credit rating or creditworthiness of any business.

7. “Nonaffiliated party” means any person or entity that is not an affiliate of the financial institution.

8. “Personal financial information” means information that is not widely available to the general public and is an original, or copy of, or information derived from:

9. “Secretary” means the Secretary of the Department of [Consumer Protection] and the Secretary’s designees.

1. Except as provided in section (C), a financial institution shall not sell, share, transfer or otherwise disclose personal financial information to or with any nonaffiliated party without the explicit prior consent of the consumer to whom the nonpublic personal information relates. This may be called “opt in” consent.

2. Any person or entity that receives personal financial information from a financial institution shall not disclose this information to any other person or entity, unless the disclosure would be lawful if made directly to the other person or entity by the financial institution.

3. The Secretary shall, by regulation, direct the size, typesize and wording of an “opt in” consent form.

1. The disclosure of information to the customer after verification of the customer’s identity;

2. Disclosure explicitly authorized by the customer and limited to the scope and purpose authorized;

3. The disclosure of information to agencies of the state or its subdivisions that is authorized by state law;

4. The disclosure of information pursuant to a lawful subpoena or court order;

5. The preparation, examination, handling or maintenance of financial records by any officer, employee or agent of a financial institution that has custody of the records;

6. The examination of financial records by a certified public accountant while engaged by the financial institution to perform an independent audit;

7. The disclosure of information to a collection agency, its employees or agents, or to any person engaged by the financial institution to assist in recovering an amount owed to the financial institution, if the disclosure is made in the furtherance of recovering such amount;

8. The examination of financial records by, or the disclosure of financial records to, any officer, employee or agent of a regulatory agency for use only in the exercise of that person’s duties as an officer, employee or agent;

9. The publication of information derived from financial records, if the information cannot be identified to any particular customer, deposit or account;

10. The making of reports, disclosures or returns required by federal or state law;

11. The disclosure of any information permitted to be disclosed under the laws governing dishonor of negotiable instruments;

12. The exchange, in the regular course of business, of credit information between a financial institution and a credit reporting agency; provided that the exchange shall be in compliance with the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.;

13. The exchange, in the regular course of business, of information between a financial institution and an account verification service; provided that the exchange shall be in compliance with the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.;

14. The exchange, in the regular course of business, of information between a financial institution and a mercantile agency; provided that the exchange shall be in compliance with the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.;

15. The exchange of loan information that specifically affects a sale, foreclosure or loan closing; provided that the exchange shall be for the purpose of accomplishing the sale, foreclosure or loan closing;

16. Disclosure of suspected criminal activities to civil or criminal law enforcement authorities for use in the exercise of the authority’s duties, or the sharing of information within an industry network; or

17. Disclosure in accordance with regulations adopted by the Secretary to carry out the clear intent of this section, or adopted by the Secretary as a temporary measure until such time as regulations may be adopted.

1. A person or entity that negligently discloses or shares personal financial information in violation of this division shall be liable, irrespective of the amount of damages suffered by the consumer as a result of that violation, for a civil penalty not to exceed $2,500 per violation. However, if the disclosure or sharing results in the release of personal financial information of more than one individual, the total civil penalty awarded pursuant to this subdivision shall not exceed $500,000.

2. A person or entity that knowingly and willfully obtains, discloses, shares or uses nonpublic personal information in violation of this division shall be liable for a civil penalty not to exceed $2,500 per individual violation, irrespective of the amount of damages suffered by the consumer as a result of that violation.

3. In the event a violation of this division results in the identity theft of a consumer, as defined by [citation to state law], the civil penalties set forth in this section shall be doubled.

4. The Secretary shall promulgate regulations necessary to enforce this section.