SF 3000

  1.1                          A bill for an act 
  1.2             relating to consumer protection; providing consumers' 
  1.3             right to privacy, confidentiality, and secrecy of 
  1.4             their financial records; requiring consumer 
  1.5             authorization for exchange or disclosure of their 
  1.6             financial records; regulating the classification of 
  1.7             data for the Edvest program; prohibiting the obtaining 
  1.8             of information from consumers under false pretenses; 
  1.9             regulating certain check acceptance practices; 
  1.10            providing civil remedies and penalties; amending 
  1.11            Minnesota Statutes 1998, sections 136A.243, by adding 
  1.12            a subdivision; 325F.981, subdivision 1; Minnesota 
  1.13            Statutes 1999 Supplement, section 13.99, by adding a 
  1.14            subdivision; proposing coding for new law in Minnesota 
  1.15            Statutes, chapter 325E; proposing coding for new law 
  1.16            as Minnesota Statutes, chapter 13E; repealing 
  1.17            Minnesota Statutes 1998, section 325F.981, subdivision 
  1.18            2. 
  1.19  BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA: 
  1.20     Section 1.  Minnesota Statutes 1999 Supplement, section 
  1.21  13.99, is amended by adding a subdivision to read: 
  1.22     Subd. 28c.  [EDVEST PROGRAM.] Data on participants in and 
  1.23  beneficiaries of the Edvest program are classified under section 
  1.24  136A.243, subdivision 10. 
  1.25     Sec. 2.  [13E.01] [DEFINITIONS.] 
  1.26     For purposes of this chapter, the terms "consumer," 
  1.27  "financial institution," "nonaffiliated third party," and 
  1.28  "nonpublic personal information" have the meanings given in 
  1.29  section 509 of the federal Gramm-Leach-Bliley Financial Services 
  1.30  Modernization Act, codified as United States Code, title 15, 
  1.31  section 6809, including any federal regulations implementing 
  1.32  that section.  Notwithstanding the definition of nonaffiliated 
  2.1   third party in section 509 of the federal Gramm-Leach-Bliley 
  2.2   Financial Services Modernization Act, including any federal 
  2.3   regulations implementing that section, the term does not include 
  2.4   independent agents acting in their capacity as independent 
  2.5   agents for an insurance company. 
  2.6      Sec. 3.  [13E.02] [PRIVACY OF FINANCIAL DATA.] 
  2.7      Every financial institution doing business in this state 
  2.8   shall comply with sections 502 and 503 of the federal 
  2.9   Gramm-Leach-Bliley Financial Services Modernization Act, 
  2.10  codified as United States Code, title 15, sections 6802 and 6803 
  2.11  respectively, including any federal regulations issued under 
  2.12  authority of section 504 of the act, codified as United States 
  2.13  Code, title 15, section 6804. 
  2.14     Sec. 4.  [13E.03] [DUTY OF CONFIDENTIALITY.] 
  2.15     In addition to complying with section 13E.02, a financial 
  2.16  institution doing business in this state may not disclose 
  2.17  nonpublic personal information about a consumer to any 
  2.18  nonaffiliated third party unless the disclosure is made in 
  2.19  accordance with any of the following: 
  2.20     (1) pursuant to consent granted by the consumer in 
  2.21  accordance with this chapter; 
  2.22     (2) pursuant to the exception in section 502(b)(2) or the 
  2.23  general exceptions in section 502(e) of the Gramm-Leach-Bliley 
  2.24  Financial Services Modernization Act, codified as United States 
  2.25  Code, title 15, sections 6802(b)(2) and 6802(e), including any 
  2.26  federal regulations issued to implement that section; or 
  2.27     (3) for the purpose of reporting a suspected violation of 
  2.28  the law. 
  2.29     Sec. 5.  [13E.04] [CONSENT.] 
  2.30     Subdivision 1.  [USE.] A consent or waiver must not be 
  2.31  required as a condition of doing business with any financial 
  2.32  institution, and any consent or waiver obtained from a consumer 
  2.33  as a condition of doing business with a financial institution 
  2.34  must not be deemed a consent of the consumer for the purpose of 
  2.35  this chapter. 
  2.36     Subd. 2.  [FORM.] A valid consent must be in writing and 
  3.1   signed by the consumer.  The consent signed by the consumer must 
  3.2   be contained on a separate page that also clearly and 
  3.3   conspicuously discloses the following: 
  3.4      (1) the time during which the consent will operate which 
  3.5   must not be longer than five years; 
  3.6      (2) each category of consumer information to be disclosed, 
  3.7   including specifically, but without limitation, the consumer's 
  3.8   social security number, account numbers, account balances, 
  3.9   credit limits, the amount or dates of any transaction, the 
  3.10  identity of persons to whom the consumer's checks are made 
  3.11  payable, and the identity of merchants or other persons honoring 
  3.12  the consumer's credit cards; and 
  3.13     (3) the nonaffiliated third parties to which disclosure may 
  3.14  be made. 
  3.15     Sec. 6.  [13E.05] [PENALTIES.] 
  3.16     The attorney general may seek the remedies set forth in 
  3.17  section 8.31, subdivision 3, against any financial institution 
  3.18  in violation of this chapter. 
  3.19     Sec. 7.  [13E.06] [OTHER LAW.] 
  3.20     This chapter does not limit any rights or remedies 
  3.21  protecting the privacy of information that are available under 
  3.22  other law. 
  3.23     Sec. 8.  Minnesota Statutes 1998, section 136A.243, is 
  3.24  amended by adding a subdivision to read: 
  3.25     Subd. 10.  [DATA ON PARTICIPANTS AND BENEFICIARIES.] Data 
  3.26  on participants in and beneficiaries of the program are private 
  3.27  data on individuals, as defined in section 13.02, except that 
  3.28  the name and address of a beneficiary of an account to which a 
  3.29  state matching grant has been added under section 136A.245 
  3.30  becomes public data when a qualified distribution is made from 
  3.31  the matching grant account. 
  3.32     Sec. 9.  [325E.60] [OBTAINING INFORMATION FROM CONSUMER 
  3.33  UNDER FALSE PRETENSES.] 
  3.34     A person must not request or require a consumer to provide 
  3.35  information about the consumer under false or misleading 
  3.36  pretenses regarding the legal or other necessity for providing 
  4.1   the information.  The remedies and enforcement provisions of 
  4.2   section 8.31 apply to this section. 
  4.3      Sec. 10.  Minnesota Statutes 1998, section 325F.981, 
  4.4   subdivision 1, is amended to read: 
  4.5      Subdivision 1.  [PROVISION OF CREDIT CARD NUMBER.] A person 
  4.6   shall not require as a condition of acceptance of a check, or as 
  4.7   a means of identification, that the person presenting the 
  4.8   check display a credit card or provide a credit card account 
  4.9   number.  If a person presenting a check voluntarily displays a 
  4.10  credit card as a means of identification, the only information 
  4.11  concerning the credit card that may be recorded, physically or 
  4.12  electronically, is the type and issuer of the credit card and 
  4.13  the expiration date.  The credit card account number must not be 
  4.14  recorded.  This subdivision does not require acceptance of a 
  4.15  check without more than one form of identification, other than a 
  4.16  credit card. 
  4.17     Sec. 11.  [REPEALER.] 
  4.18     Minnesota Statutes 1998, section 325F.981, subdivision 2, 
  4.19  is repealed. 
  4.20     Sec. 12.  [EFFECTIVE DATE.] 
  4.21     Sections 2 to 6 are effective June 30, 2001.  Sections 1 
  4.22  and 8 are effective the day following final enactment.