SENATE BILL 606

48th legislature - STATE OF NEW MEXICO - first session, 2007

INTRODUCED BY

Gerald P. Ortiz y Pino

 

 

 

 

 

AN ACT

RELATING TO FINANCIAL PRIVACY; REQUIRING CONSENT FOR SHARING CERTAIN FINANCIAL INFORMATION; PROVIDING PENALTIES.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO:

     Section 1. DISCLOSURE OF CERTAIN FINANCIAL INFORMATION PROHIBITED.--

          A. As used in this section:

                (1) "affiliate" means a person that controls, is controlled by or is under common control with another person, but does not include a joint employee of the person and the affiliate;

                (2) "consumer" means a natural person or that person's personal representative who has obtained a financial product or service in this state from an in-state financial institution;

                (3) "financial institution" means an insured state or national bank, a state or federal savings and loan association or savings bank, a state or federal credit union, a person in the business of making loans, a mortgage loan company, an escrow company, a broker-dealer as defined in the New Mexico Securities Act of 1986 or an investment advisor as defined in that act;

                (4) "in-state financial institution" means a financial institution that maintains a place of business in New Mexico;

                (5) "nonaffiliated third party" means any entity that is not an affiliate of, or related by common ownership or affiliated by corporate control with, the financial institution; and

                (6) "nonpublic personal information":

                     (a) means personally identifiable financial information: 1) provided by a consumer to a financial institution; 2) resulting from a transaction with the consumer or a service performed for the consumer; or 3) otherwise obtained by the financial institution; but

                     (b) does not include: 1) publicly available information; or 2) information excluded by a rule adopted pursuant to Subsection E of this section.

          B. Unless exempted by a rule adopted pursuant to Subsection E of this section, an in-state financial institution shall not disclose nonpublic personal information to any nonaffiliated third party without the express prior consent of the consumer to whom the nonpublic personal information relates.

          C. An in-state financial institution shall not discriminate against or deny an otherwise qualified consumer a financial product or a financial service because the consumer has not consented to allow the financial institution to disclose or share nonpublic personal information pertaining to the consumer with any nonaffiliated third party.

          D. An in-state financial institution shall use a form to obtain consent to disclose nonpublic personal information to a nonaffiliated third party. The form shall:

                (1) be a separate document, not attached to any other document;

                (2) be dated and signed by the consumer;

                (3) clearly and conspicuously disclose that by signing, the consumer is consenting to the disclosure to nonaffiliated third parties of nonpublic personal information pertaining to the consumer;

                (4) clearly and conspicuously disclose:

                     (a) that the consent will remain in effect until revoked or modified by the consumer;

                     (b) that the consumer may revoke the consent at any time; and

                     (c) the procedure for the consumer to revoke consent; and

                (5) clearly and conspicuously inform the consumer that:

                     (a) the financial institution will maintain the document or a true and correct copy;

                     (b) the consumer is entitled to a copy of the document upon request; and

                     (c) the consumer may want to make a copy of the document for the consumer's records.

          E. After considering the exceptions to the federal disclosure prohibition in 15 U.S.C. 6802 and the federal definitions in 15 U.S.C. 6809 and after consulting with the director of the securities division of the regulation and licensing department and the director of the financial institutions division of the regulation and licensing department, the attorney general may by rule prescribe exclusions from the definition of "nonpublic personal information" and classes or types of disclosures that are exempt from the disclosure prohibition of Subsection B of this section if the definition exclusion or exempted class or type of disclosure is:

                (1) necessary for the financial institution to carry out financial transactions in its normal course of business;

                (2) necessary to effect, administer or enforce a transaction requested or authorized by the consumer; or

                (3) specifically authorized or required by federal or state law.

          F. After a hearing, the following are authorized to assess a civil penalty for a violation of this section:

                (1) the attorney general;

                (2) the director of the securities division of the regulation and licensing department if the alleged violator is a broker-dealer or an investment advisor; and

                (3) the director of the financial institutions division of the regulation and licensing department if the alleged violator is not a broker-dealer or an investment advisor.

          G. Penalties for violations of this section shall apply irrespective of the amount of damages suffered by the consumer as a result of that violation. A penalty shall not exceed two thousand five hundred dollars ($2,500) per consumer or five hundred thousand dollars ($500,000) for a single release of information on more than one consumer. In determining the amount of a penalty, the following factors shall be considered:

                (1) the total assets and net worth of the violating entity;

                (2) the nature and seriousness of the violation;

                (3) the persistence of the violation, including any attempts to correct the situation leading to the violation;

                (4) the length of time over which the violation occurred;

                (5) previous violations of the provisions of this section;

                (6) the harm caused to consumers by the violation; and

                (7) the benefits derived by the violation.

          H. A person assessed a civil penalty may appeal to the district court of Santa Fe county within thirty days after the assessment. All appeals shall be on the administrative record. The court shall set aside the assessment only if it is found to be:

                (1) arbitrary, capricious or an abuse of discretion;

                (2) not supported by substantial evidence in the record; or

                (3) otherwise not in accordance with law.

     Section 2. EFFECTIVE DATE.--The effective date of the provisions of this act is July 1, 2007.

- 6 -