California Senate Ends Session on a Privacy Roll

Distracted by a whopping budget deficit and a pending recall election, California legislators nevertheless managed to pass several harsh privacy laws before ending their session on Friday.

Among them were Sen. Kevin Murray’s anti-spam bill, and Liz Figueroa’s direct mail disclosure law. The bills, some of the toughest ever seen in the nation, have been sent to Gov. Gray Davis, who is expected to sign them.

Measures that affect financial services marketers eventually may be preempted by provisions in the Fair Credit Reporting Act. The House of Representatives renewed the FCRA and its state preemption clause last week, and Sen. Richard Shelby (R-AL), chairman of the Senate Banking Committee, reportedly hopes to vote a similar bill out of his committee this week.

But existing federal law may not cover all the situations addressed in California on Friday, and the measures may cause additional discomfort for firms attempting to do business in the state. The bills include:

*SB-27—Sponsored by Sen. Liz Figueroa (D-Fremont), this bill requires direct marketers to tell their customers in writing the names and addresses of third parties to whom it is sharing that customer's information, and to give customers as much information as possible about the transaction with that third party.

Violations would cost direct marketers as much as $3,000 in fines as well as recovery of the plaintiffs' legal costs. The bill would take effect in 2005.

Despite the face that it does not restrict direct mail, the Direct Marketing Association has called the bill a "serious attack on direct and interactive marketing in a state that accounts for over $60 billion in sales."

*SB-186—Sponsored by Sen. Kevin Murray (D-Culver City), this bill bans the sending of unsolicited e-mail. Existing state law allows a firm to send unsolicited e-mail if it offers an opt-out mechanism, but this bill goes further and would prohibit the sending of any so-called spam to California residents, or for firms within the state to send it at all.

Consumers would have the right to take legal action and recover damages of $1,000 per unwanted message with a top of $1 million per incident.

In addition, companies will be prohibited from collecting e-mail addresses or registering multiple e-mail addresses for the purpose of sending unsolicited commercial e-mail. The bill also bans false e-mail advertising.

The vote was 26-11.

*SB-590—Not content with passage of her sweeping bill on financial privacy, Sen. Jackie Speier (D-Daly City) has also offered this bill, which prohibits retailers for demanding personal information from consumers before concluding a sale. The prohibited information includes social security number, telephone number and ZIP code.

Even when the information is volunteered, the bill would ban the sharing of such data unless the customer is given a chance to opt out. Retailers would have to post a sign outlining the consumer’s right of refusal, under the headline, "Important Privacy Notice for Our Customers."

The vote: 24-12.

*SB-602—Liz Figueroa was also busy during this session. This bill prohibit businesses from swiping a customer’s driver’s license and retaining the person’s age or any other information. Firms would be allowed to use the data for verification, but not for marketing or any other purposes. Each violation would be a misdemeanor, punishable by a year in jail, a $10,000 fine or both.

The bill also requires that credit reporting agencies place a security alert in a consumer’s credit report upon demand, and would loosen up the flow of information needed for identity theft investigations. The vote: 22-11.