The biggest privacy story of the year may be from North Dakota. In June, voters in that state overwhelmingly passed a privacy referendum for bank records. It is worth reviewing the events and their implications for the rest of the country.
Before 2001, North Dakota had a law requiring banks to obtain affirmative consent from customers for sharing of information. The banks hated this opt-in law, which was more protective of privacy than the federal rules under the 1999 Gramm-Leach Bliley law. GLB is an opt-out law, but it is not pre-emptive and states can have stronger privacy protections. A few other small states also have opt-in laws or rules.
In 2001, the legislature listened to the banks and passed SB2191, a bill that changed the law from opt in to opt out. The North Dakota law brought the state into conformity with the GLB standard.
The law’s enactment generated enough unhappiness that some voters circulated a petition for a referendum that garnered the requisite 15,000 signatures. It asked voters whether they wanted to repeal the law that the legislature had just enacted. A “yes” vote would restore the opt-in law. The campaign for the repeal was a volunteer effort, with almost no funding. Until the American Civil Liberties Union contributed $25,000 at the last minute, the effort raised and spent less than $3,000. Banks and other referendum opponents raised and spent much more. Also opposed were the state’s two largest newspapers, the governor, a former governor and a majority of the state’s legislators.
The banks argued that a parade of terrible events would follow its approval, including the loss of jobs and the failure of ATM cards to work. Some of the arguments were so off-base that the attorney general issued a formal opinion rebutting them. The referendum passed with 72 percent of the vote. This marked the first time a detailed privacy law was placed before the voters anywhere, and privacy won easily. The victors called it a David-and-Goliath story. A few ordinary citizens beat the banks and most of the political establishment.
We know from a long series of public opinion polls that Americans say they care about privacy. When we watch how people act, the message is more mixed. Concern about privacy is not always reflected when people vote with their feet and their wallets. Now we have confirmation that people are willing to cast a real vote for privacy.
Privacy advocates see the North Dakota referendum as a watershed. Banks mostly have had their way in state legislatures. Pressure and political contributions from the banks killed most proposals.
Elected officials now may think twice about voting for the banks and against privacy. If even a few anti-privacy legislators lose their seats in North Dakota, the message will be heard even clearer. In any event, the vote makes it harder for banks and other interest groups to persuade Congress to pre-empt stronger state laws. If nothing else, it seems unlikely that the North Dakota lawmakers will ignore the results of the referendum.
It is easy to dismiss North Dakota as a small state with little influence. However, the referendum confirms that voters will support a pro-privacy ballot measure.
The next test may come in California. E-Loan CEO Chris Larsen just donated $1 million to help put a financial privacy protection initiative on the California ballot. The California initiative process is long and complex, and it is too late for anything to happen before 2004.
A privacy initiative in California would be the biggest privacy battle ever. Whatever the banks spent in North Dakota would look like pocket change compared with what they would need in California. A California initiative doesn’t have to be limited to repeal of an existing law. Initiative proponents can write their own law and ask the voters to support it. Any and every commercial record keeper could be at risk.
The possibility of an initiative is already a factor in consideration of financial privacy bills in the current session of the California legislature. If the banks win this year’s privacy fight by killing legislation, they may face an even stronger initiative. Accepting a compromise bill might blunt the pro-privacy side. However, if the initiative proceeds anyway, it may give the privacy proponents a second bite at the apple.
North Dakota voters opened a new front in the privacy wars. Things are certain to become more interesting and a lot more expensive.