SB1617 - 481R

Be it enacted by the Legislature of the State of Arizona:

Section 1. Title 6, Arizona Revised Statutes, is amended by adding chapter 16, to read:

CHAPTER 16

FINANCIAL INFORMATION PRIVACY ACT

ARTICLE 1. GENERAL PROVISIONS

START_STATUTE6-1601. Definitions

In this chapter, unless the context otherwise requires:

1. "Account verification service" means any person that, for monetary fees or dues or on a cooperative nonprofit basis, regularly engages, in whole or in part, in the practice of either:

(a) Assembling information on the frequency and location of depository account openings or attempted openings by a customer or forced closings by a depository institution of accounts of a customer.

(b) Authenticating or validating social security numbers or addresses for the purpose of reporting to third parties for use in fraud prevention.

2. "Affiliate" or "affiliated company" means any company that controls, is controlled by or is under common control with another company as that term is used in 15 United States Code section 1681a(d).

3. "Credit reporting agency" means any person that, for monetary fees or dues or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of reporting to third parties on the credit rating or creditworthiness of any consumer.

4. "Customer" means any person that deposits, borrows or invests with a financial institution, including a surety or a guarantor on a loan.

5. "Financial institution" means any institution, the business of which is engaging in financial activities as described in 12 United States Code section 1843(k), that does business in this state.

6. "Mercantile agency" means any person that, for monetary fees or dues or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating business credit information or other information on businesses for the purpose of reporting to third parties on the credit rating or creditworthiness of any business.

7. "Nonaffiliated party" means any person that is not an affiliate of the financial institution.

8. "Personal financial information" means information that is not widely available to the general public and that is an original or copy of information derived from any of the following:

(a) A document that grants signature authority over a deposit or share account.

(b) A statement, ledger card or other record of a deposit or share account that shows transactions in or with respect to that deposit or account.

(c) A check, clear draft or money order that is drawn on a financial institution or issued and payable by or through a financial institution.

(d) Any item, other than an institutional or periodic charge, that is made under an agreement between a financial institution and another person's deposit or share account.

(e) Any information that relates to a loan account or an application for a loan.

(f) Evidence of a transaction conducted by electronic or telephonic means.END_STATUTE

START_STATUTE6-1602. Personal financial information protected; opt in consent

A. Except as provided in section 6-1603, a financial institution shall not sell, share, transfer or otherwise disclose personal financial information to or with any nonaffiliated party without the explicit prior consent of the customer to whom the nonpublic personal information relates. This may be called "opt in" consent.

B. Any person that receives personal financial information from a financial institution shall not disclose this information to any other person, unless the disclosure would be lawful if made directly to the other person by the financial institution.

C. The superintendent shall direct the size, typesize and wording of an opt in consent form. END_STATUTE

START_STATUTE6-1603. Exceptions to disclosure prohibition

The prohibitions prescribed in section 6-1602 do not apply to:

1. The disclosure of information to the customer after verification of the customer's identity.

2. Disclosure explicitly authorized by the customer and limited to the scope and purpose authorized.

3. The disclosure of information to agencies of this state or any political subdivision of this state that is authorized by state law.

4. The disclosure of information pursuant to a lawful subpoena or court order.

5. The preparation, examination, handling or maintenance of financial records by any officer, employee or agent of a financial institution that has custody of the records.

6. The examination of financial records by a certified public accountant while engaged by the financial institution to perform an independent audit.

7. The disclosure of information to a collection agency or its employees or agents or to any person engaged by the financial institution to assist in recovering an amount owed to the financial institution, if the disclosure is made in the furtherance of recovering that amount.

8. The examination of financial records by, or the disclosure of financial records to, any officer, employee or agent of a regulatory agency for use only in the exercise of that person's duties as an officer, employee or agent.

9. The publication of information derived from financial records if the information cannot be identified to any particular customer, deposit or account.

10. The making of reports, disclosures or returns required by federal or state law.

11. The disclosure of any information permitted to be disclosed under the laws governing dishonor of negotiable instruments.

12. The exchange in the regular course of business of credit information between a financial institution and a credit reporting agency. The exchange shall be in compliance with the federal fair credit reporting act (15 United States Code sections 1681 through 1681x).

13. The exchange in the regular course of business of information between a financial institution and an account verification service. The exchange shall be in compliance with the federal fair credit reporting act (15 United States Code sections 1681 through 1681x).

14. The exchange in the regular course of business of information between a financial institution and a mercantile agency. The exchange shall be in compliance with the federal fair credit reporting act (15 United States Code sections 1681 through 1681x).

15. The exchange of loan information that specifically affects a sale, foreclosure or loan closing. The exchange shall be for the purpose of accomplishing the sale, foreclosure or loan closing.

16. Disclosure of suspected criminal activities to civil or criminal law enforcement authorities for use in the exercise of the authority's duties or the sharing of information within an industry network.

17. Disclosure in accordance with rules adopted by the superintendent to carry out the clear intent of this section. END_STATUTE

START_STATUTE6-1604. Enforcement

A. A person that negligently discloses or shares personal financial information in violation of this chapter shall be liable, irrespective of the amount of damages suffered by the customer as a result of that violation, for a civil penalty of not more than two thousand five hundred dollars per violation. However, if the disclosure or sharing results in the release of personal financial information of more than one individual, the total civil penalty awarded pursuant to this subsection shall not exceed five hundred thousand dollars.

B. A person that knowingly and wilfully obtains, discloses, shares or uses nonpublic personal information in violation of this chapter shall be liable for a civil penalty of not more than two thousand five hundred dollars per individual violation, irrespective of the amount of damages suffered by the customer as a result of that violation.

C. If a violation of this chapter results in the taking the identify of another person or entity pursuant to section 13-2008 or the aggravated taking the identity of another person or entity pursuant to section 13-2009, the civil penalties set forth in this section shall be doubled.

D. The superintendent shall adopt rules necessary to enforce this section. END_STATUTE

Sec. 2. Short title

Title 6, chapter 16, Arizona Revised Statutes, as added by this act, may be cited as the "Financial Information Privacy Act".

Sec. 3. Severability

If a provision of this act or its application to any person or circumstance is held invalid, the invalidity does not affect other provisions or applications of the act that can be given effect without the invalid provision or application, and to this end the provisions of this act are severable.

Sec. 4. Retroactivity

This act is effective retroactively to from and after June 30, 2007.