• Mission & Governance
• Services Overview
• How to Get Involved
• Standing Committees
• NCSL Foundation

• Issue Areas: A-Z
• State-Federal Relations
• NCSL Standing Committees
• News from D.C. and the States

• About State Legislatures
• Elections, Campaigns & Redistricting
• NCSL's StateConnect Directory
• Web Sites

• Online Guide to NCSL Services
• Staff Sections and Networks
• Meetings & Professional Development
• Staff Directories

• Meetings Calendar
• Online Registration
• Meetings Home Page
• Legislative Summit

• Bookstore
• State Legislatures Magazine
• NCSL's StateConnect Directory

2007 Enacted Financial Privacy Legislation

Last Updated:  February 26, 2008

State:	Bill Summary:
Arizona	S.B. 1042 Signed by governor 4/11/07, Chapter 23 Removes the definition of law enforcement agency to allow federal law enforcement agencies the same authority to delay notification of a business’ compromised security if notification will impede a criminal investigation. Continues the requirement that DPS, a county sheriff’s office and a municipal police department create and maintain an information security policy that includes notification procedures for a breach of the security system of the respective agencies. Defines “person” to exclude DPS, a county sheriff’s office and a municipal police department.
Connecticut	H.B. 7073 Signed by governor 6/11/07, Public Act 118 Protects consumers from the unauthorized use of their personal information and resulting solicitations by prohibiting mortgage lenders from using any credit bureau's "lead generating" product in Connecticut.
Florida	H.B. 7197 Signed by governor 6/27/07, Chapter 251 S.B. 1468 Substituted 5/1/07 Removes scheduled repeal of general exemption from inspection or copying of public records for Social Security numbers and bank account, debit, charge, and credit card numbers under Open Government Sunset Review Act; reorganizes exemption for Social Security numbers; provides definitions; revises reporting requirements; clarifies penalty provisions; makes editorial changes; consolidates and revises current public records exemptions.
	S.B. 1852 Signed by governor 5/24/07, Chapter 70 Relates to consumer complaints and inquiries handled by the Department of Financial Services and the Office of Insurance Regulation; revises the exemption from public-records requirements which is provided for personal financial and health information of consumers; creates an exemption from public-records requirements for information concerning employees seeking assistance from the Employee Assistance and Ombudsman Office; provides for future legislative review and repeal of the exemptions.
Georgia	S.B. 236 Signed by governor 5/24/07, Act 241 Provides for notification by certain data collectors upon a breach of security regarding personal information; amends Article 8 of Chapter 9 of Title 16 of the Official Code of Georgia Annotated, relating to the offense of identity fraud, so as to change certain provisions relating to the elements of the offense of identity fraud; creates the offense of identity fraud by receipt of fraudulent identification information; provides for a victim’s right to file a report with a law enforcement agency.
Idaho	H.B. 64 Signed by governor 2/23/07, Chapter 33 Amends existing law relating to crimes to revise the definition of "personal identifying information"; to revise provisions relating to the fraudulent use of a financial transaction card or number; to prohibit certain actions relating to a financial transaction card or financial transaction card account number; and to reference code sections for purposes of penalties.
Illinois	S.B. 1464 Signed by governor 8/28/07, Public Act 95-0508 Amends the Consumer Fraud and Deceptive Business Practices Act. Provides that no person may send marketing materials to a consumer indicating that the person is connected to the consumer's mortgage company, indicating that there is a problem with the consumer's mortgage, or stating that the marketing materials contain information concerning the consumer's mortgage, unless that person sending the marketing materials is actually employed by the consumer's mortgage company or an affiliate of the consumer's mortgage company.
Maryland	H.B. 208 Signed by governor 5/17/07, Chapter 532 S.B. 194 Signed by governor 5/17/07, Chapter 531 Requires specified businesses, when destroying a customer's electronic records that contain personal information of the customer, to take specified steps to protect against unauthorized access to or use of the personal information; requires those businesses when they discover or are notified of a breach of the security of the system to make an investigation related thereto and to notify the individual or individuals concerned thereof; provides exception to notification.
Minnesota	H.F. 1758 Signed by governor 5/21/07, Chapter 108 S.F. 1574 Regulates access devices; establishes liability for security breaches; providing enforcement powers.
Nevada	A.B. 600 Signed by governor 6/4/07, Chapter 324 Authorizes a person to request a governmental agency to redact or maintain in a confidential manner his personal information in documents submitted to the governmental agency before January 1, 2007, and prescribes the requirements for such a request. Provides that the last four digits of a Social Security number are not personal information for the purposes of these provisions. Authorizes the use of the last four digits of a Social Security number in judgments, and removes the requirement of the inclusion of a Social Security number on certificates of marriage and forms for the reporting of divorces and annulments. Authorizes the county recorder to allow the inspection and copying of certain records by family members, guardians and personal representatives.
New Mexico	H.B. 279 Signed by governor 3/30/07, Chapter 90 Relates to Public Utilities; prohibits the disclosure of consumer information; provides that public utility or its employees or agents shall not sell or disclose consumers' nonpublic personal information without the customer's permission or unless it is in accordance with standardized credit reporting practices or other reporting requirements imposed on the public utility.
Oregon	S.B. 583 Signed by governor 7/12/07, Chapter 759 Requires person that owns, maintains or possesses data that includes consumer's personal information and is used in person's business, vocation, occupation or volunteer activities to notify consumer following discovery of breach of security if personal information is included in data for which security was breached. Specifies notification methods and lists exemptions from notification requirements. Permits consumer to place security freeze on consumer report if consumer provides certain information and pays any required fee. Specifies time in which consumer reporting agency must place freeze and send confirmation of freeze to consumer. Permits consumer to temporarily lift or permanently remove security freeze by complying with certain procedures. Specifies conditions in which consumer reporting agency may lift or remove freeze. Specifies exemptions from requirement to place freeze. Requires consumer reporting agency to notify consumer of any change in consumer report that has freeze in place. Prohibits person from printing consumer's Social Security number on materials not requested by consumer or part of transaction unless Social Security number is redacted, except in specified circumstances. Requires person that owns, maintains or possesses data that includes consumer's personal information to implement security program for data. Specifies requirements for security program. Permits Department of Consumer and Business Services to investigate violations of Act, require filing of statements, administer oaths and affirmations, issue subpoenas and otherwise take evidence for investigation. Permits department to issue cease and desist orders, require payment of restitution or compensation and assess penalty of not more than $1,000 for each violation. Permits Department of Consumer and Business Services to adopt rules to implement and enforce Act. Increases biennial limitation on expenditures from fees, moneys or other revenues, including Miscellaneous Receipts, but excluding lottery funds and federal funds, collected or received by department for purpose of carrying out provisions of Act.
Pennsylvania	H.R. 70 Adopted 3/21/07 Establishing a select committee to investigate and review the policies, procedures and practices in place by the various Commonwealth agencies, authorities, boards, commissions, councils, departments and offices and the entities they license or regulate to protect the personal health, financial and other sensitive data of the citizens of this Commonwealth.
Washington	S.B. 5827 Signed by governor 4/18/07, Chapter 93 Regards consumer privacy; prohibits the procurement of a consumer credit report for employment purposes where any information contained in the report bears on the consumer's credit worthiness, credit standing, or credit capacity, unless the information is substantially job related and the employer's reasons for the use of such information are disclosed to the consumer in writing or required by law.
Wyoming	S.F. 18 Signed by governor 2/15/07, Chapter 43 Repeals sunset dates on rules governing disclosure of personal information.
	S.F. 53 Signed by governor 3/1/07, Chapter 162 Provides for notice to consumers affected by breaches of consumer information databases as specified; authorizes consumers to prohibit release of information maintained by credit rating agencies as specified; provides definitions; provides exceptions.

NCSL Contact:  Heather Morton, Denver

 Financial Privacy Menu Page

Visitor counts for this page.