The editorial writers at the San Francisco Chronicle aren't too thrilled with the recent US District Court ruling that has gutted the protections in California's financial privacy law (background: The Canadian Privacy Law Blog: US Federal Court Preempts Landmark California Privacy Law):
Put your faith in the bank?:
"...State Sen. Jackie Speier, D-Hillsborough, was ahead of the curve in pushing legislation that would restrict the ability of banks, insurance companies and brokerages to share and sell their customers' personal information without permission. Speier's SB1 was signed into law by then-Gov. Gray Davis in August 2003.
The financial-services industry has since rolled out the heavy legal artillery to try to undercut SB1's privacy protections. The industry gained a significant victory this week when U.S. District Judge Morrison England ruled that federal law prevents states from restricting the flow of information among their affiliates. The federal Fair Credit Reporting Act allows affiliated companies to share information about customers' "credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living."
Considering that many big-name institutions count their affiliates in the thousands -- in myriad lines of business -- the ruling means that Californians' personal information will be spread far and wide for marketing and other purposes.
"We're fighting the Bush administration on federal pre-emption all the time," said Attorney General Bill Lockyer, whose office put up the defense for SB1. "They are consistently on the side of banks and financial institutions on all of these consumer protection lawsuits."
The judge did preserve one key provision of SB1 -- a ban on the sale of customer information to third parties without permission.
This decision once again turns the focus on Congress to provide all Americans with more meaningful privacy protections. This nation needs to require encryption and other security precautions on financial data, require the notification of customers when breaches occur -- and adopt what California lawmakers thought would become a national model of customer control over how their personal information is distributed."