pg_0001

Fiscal impact reports (FIRs) are prepared by the Legislative Finance Committee (LFC) for standing finance

committees of the NM Legislature. The LFC does not assume responsibility for the accuracy of these reports

if they are used for other purposes.

Current FIRs (in HTML & Adobe PDF formats) are a vailable on the NM Legislative Website (legis.state.nm.us).

Adobe PDF versions include all attachments, whereas HTML versions may not. Previously issued FIRs and

attachments may be obtained from the LFC in Suite 101 of the State Capitol Building North.

F I S C A L I M P A C T R E P O R T

SPONSOR Picraux

DATE TYPED 02/01/05 HB 364

SHORT TITLE Financial Information Privacy Act

ANALYST McSherry

REVENUE

Estimated Revenue

Subsequent

Years Impact

Recurring

or Non-Rec

Fund

Affected

FY05

FY06

Recurring

General Fund

(Parenthesis ( ) Indicate Revenue Decreases)

According to the Attorney General’s Office, House Bill 364 Duplicates the financial Privacy

Provisions of the Federal Gramm- Leach-Bliley Financial Modernization Act of 1999.

SOURCES OF INFORMATION

LFC Files

Attorney General’s Office (AGO)

Regulations and Licensing Deparment (RLD)

Administrative Office of the Courts (AOC)

SUMMARY

Synopsis of Bill

HB 364 proposes the “Financial Information Privacy Act” which clarifies under what conditions

“nonpublic personal information” – as defined in the Act – may be shared and disclosed by fi-

nancial institutions, and provides penalties for violations of the Act.

The following terms are defined as used within the Act: “affiliate,” “affinity partner,” “annu-

ally,” “clear and conspicuous,” “consumer,” “control,” “financial institution,” “financial product

or service,” “identity theft,” “necessary to effect, administer or enforce,” “nonpublic personal

information,” “personally identifiable financial information,” and “protected information.”

HB 364 provides that consumer consent is required prior to a financial institution’s disclosure of

nonpublic personal information to nonaffiliated third parties, and that an institution shall not dis-

criminate against a non-consenting but otherwise qualified consumer.

The consumer right to opt out of disclosure to affiliates and nonaffiliated third parties for market-

pg_0002

House Bill 364 -- Page 2

ing purposes is created, and limitations are placed on marketing including nondisclosure of non-

public information, and the restriction of use of personal information for purposes other than

those for which the information is provided.

Conditions under which a financial institution may release nonpublic personal information are

specified in proposed language to be: when a consumer consents to the release, when the release

is necessary to administer or enforce a transaction, when protection against institutional or cus-

tomer risk control is necessary, when the information is transferred as a component of the finan-

cial institution business unit, when other legal acts require the release of the information, or

when specific agreements or contract between consumer and broker dealer or financial institution

has been established.

Requirements for privacy notices are established in the proposed Act, including the distribution

of a form which complies with the formatting and content requirements established for disclo-

sure and consent forms. Notice must be provided annually and include the financial institution’s

policies regarding consumer information, unless the institution does not have contact with the

consumer after the initial transaction and notification.

HB 364 provides that an institution shall not be required to offer or provide certain financial

products or services offered when the consumer has directed that nonpublic personal information

not be disclosed pursuant to the Act and when the institution could not offer or provide the prod-

ucts or services to the consumer without disclosure of the information that the consumer has di-

rected not be disclosed.

The following entities would be authorized to assess civil penalties in an action brought pursuant

to the Act under specified conditions: (1) the attorney general; or (2) a functional regulator with

jurisdiction over regulation of the financial institution.

Penalties for violations of the Act are established as negligent disclosure, sharing or use of non-

public information and knowing and willful violation, disclosure or sharing. Financial penalty is

proposed to not exceed $2,500 per individual violated. The Courts are directed to consider the

following factors in assessing a penalty: assets affected and put at risk, seriousness of violation,

persistence of violation, frequency and length of time the violation occurred, harm caused, pro-

ceeds derived and impact of penalties on the solvency of the violating entity.

HB 364 contains a severability clause and preemptive clause. The proposed Act would preempt

and be exclusive of all local agency ordinances and regulations relating to the use and sharing of

nonpublic personal information by financial institutions, and would provide for prospective and

retroactive application of the Act.

The effective date of the Act would be July 1, 2005.

Significant Issues

The Regulations and Licensing Department cites page 3, lines 13 through 15, which states regu-

lators may not have the authority to enforce the Act with regard to entities such as National

Banks, Thrifts, Credit Unions, etc. due to Federal Preemption.

Page 5 lines 18 through 22 which states that “Financial institutions shall not sell, share, transfer

pg_0003

House Bill 364 -- Page 3

or otherwise disclose nonpublic personal information to or with any nonaffiliated third party

without the express prior consent of the consumer” is noted by RLD to be significant

The act provides for civil money penalties for the negligent disclosure of nonpublic personal in-

formation not to exceed two thousand five hundred dollars ($2,500) per person, and five hundred

thousand dollars ($500,00.00) for violations applied to release of information on more than one

person.

The Administrative Office of the Courts points out that Section 7.A provides for a privacy notice

to be sent from the financial institution to the consumer, but does not state how soon after the

Act becomes law a notice must be sent.

PERFORMANCE IMPLICATIONS

According to the Administrative Office to the Courts, FY05 is the second year that the courts are

participating in performance based budgeting. This bill may have an impact on the measures of

the courts in the following areas: Cases disposed as a percent of cases filed, Percent change in

case filings by case type, Clearance rate.

FISCAL IMPLICATIONS

There is no appropriation included in HB364

The Administrative Office of the Courts (AOC) reports that there will be a minimal administra-

tive cost for statewide update, distribution, and documentation of statutory changes and that any

additional fiscal impact on the judiciary would be proportional to the enforcement of the pro-

posed law and commenced prosecutions.

ADMINISTRATIVE IMPLICATIONS

No administrative implications were reported by RLD, AOC or the Attorney General’s Office.

CONFLICT, DUPLICATION, COMPANIONSHIP, RELATIONSHIP

RLD asserts that HB364 duplicates the Financial Privacy Provisions of the Federal Gramm-

Leach-Bliley Financial Modernization Act of 1999.

TECHNICAL ISSUES

According to RLD, investment broker or dealers, investment companies, and investment advisors

are regulated by the Securities Division and not the Financial Institutions Division as describeed

on page 20 line 11 through 15.

The Administrative Office of the Courts suggests providing a time period during which a finan-

cial institution must send a privacy notice to a consumer following the effective date of the Act.

WHAT WILL BE THE CONSEQUENCES OF NOT ENACTING THIS BILL.

pg_0004

House Bill 364 -- Page 4

According to RLD, the Financial Institutions Division would continue to operate under the Fed-

eral Gramm-Leach-Bliley Financial Modernization Act of 1999 that requires financial institu-

tions to provide notices to their customers about their information sharing practices, and both

customers and consumers may “opt out” if they do not want their information shared with nonaf-

filiated third parties.

POSSIBLE QUESTIONS

Is there a benefit to having a state Act which, according to RLD, replicates a federal regulation.

EM/lg