Freshman Sen. William Nelson, D-FL, introduced two bills this month designed to limit the personal information that marketers and other businesses can share or purchase.
One bill, S. 451, the Social Security Number Protection Act, would prohibit the purchase and sale of Social Security numbers. It also would subject violators to prison time and civil penalties of $10,000 to $100,000 for each number sold or purchased.
In addition, Nelson is sponsoring the Financial Institution Privacy Protection Act, S. 450, to plug what he said is a loophole in the privacy provisions of the Gramm-Leach-Bliley Act.
The Gramm-Leach-Bliley Act, which went into effect in November, allows companies to share customer information freely among corporate divisions. For example, a bank could share personal financial data on a customer with an insurance company owned by the same corporation. The legislation also prevents banks from sharing credit card account numbers and access codes with third parties, a practice that some groups, including the Direct Marketing Association, oppose.
The Federal Trade Commission has given financial institutions until July to comply with the Gramm-Leach-Bliley Act.
S. 450 would require banks and other financial institutions to obtain a customer's written permission before selling or sharing financial and medical data with affiliates or business partners, including advertising agencies and marketers.
It also would prohibit companies from refusing to provide insurance, investments, loans and mortgages to customers who do not allow their personal financial and medical data to be shared with third parties.
In addition, the bill would create a civil cause of action against companies and corporate officers when their firms sell or distribute financial or medical information without a consumer's written consent. It also would require that major financial service companies designate a privacy officer to be responsible for ensuring that the company's privacy protection procedures are followed.
Under the present law, Nelson said, “There is a gaping loophole on privacy protection. In an era of mergers, under the new law, banks can now join with insurance companies and then evaluate the medical information of their affiliates' policyholders before deciding whether or not to issue a loan.”
This is not the first bill introduced during this session of Congress that deals with Social Security number protection.
Last month, Sen. Richard C. Shelby, R-AL, introduced legislation that would prevent the unauthorized disclosure of Social Security numbers.
The legislation, S. 324, the Social Security Privacy Act of 2001, would prohibit financial institutions from selling or buying an individual's Social Security number. The bill, introduced earlier this month, would include Social Security numbers as “nonpublic personal information” subject to the privacy protections of the Gramm-Leach-Bliley Act.
Shelby, one of Congress' leading privacy advocates and co-chairman of the Congressional Privacy Caucus, said he intended to strengthen the privacy provisions of the Gramm-Leach-Bliley Act so consumers could control how banks share personal information. He said he did not think the bill provided enough privacy protection for consumers.
Unlike Nelson's bill, Shelby's proposal does not include any provisions for civil or criminal prosecutions and penalties.
Meanwhile, a House bill limiting the use of individual Social Security numbers is pending. The Identity Theft Protection Act, H.R. 220, sponsored by Rep. Ron Paul, R-TX, would prohibit local, state and federal agencies from using Social Security numbers as personal identifiers or disclosing them to anyone, including marketers.
