An Act To Protect the Privacy of Consumer Financial Information
Be it enacted by the People of the State of Maine as follows:
PART A
Sec. A-1. 9-A MRSA §3-314, as enacted by PL 2001, c. 262, Pt. A, §1, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a creditor shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the creditor is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24. This subsection does not apply to a supervised financial organization.
2. Opt in; disclosure to nonaffiliated 3rd party. A creditor required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a creditor to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-2. 9-A MRSA §9-310, as corrected by RR 2001, c. 1, §14, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a creditor shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the creditor is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. A creditor required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a creditor to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-3. 9-A MRSA §10-306, as amended by PL 2005, c. 274, §13, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a loan broker shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the loan broker is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. A credit services organization required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a credit services organization to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-4. 9-A MRSA §11-122, as enacted by PL 2001, c. 262, Pt. A, §4, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a merchant who enters into a rental-purchase agreement with a consumer shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the merchant is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24. This subsection does not apply to a supervised financial organization.
2. Opt in; disclosure to nonaffiliated 3rd party. A merchant required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a merchant to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-5. 9-B MRSA §161, sub-§2, ¶M, as enacted by PL 2001, c. 262, Pt. B, §3, is amended to read:
M. The Except as provided in section 162-A, the sharing of information to the extent permitted by the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001). This paragraph is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24; or
Sec. A-6. 9-B MRSA §162-A is enacted to read:
1. Opt in; disclosure to nonaffiliated 3rd party. A financial institution authorized to do business in this State or a credit union authorized to do business in this State may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a financial institution authorized to do business in this State or a credit union authorized to do business in this State to a nonaffiliated 3rd party to the extent such a disclosure is otherwise permitted by this chapter or the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
2. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-7. 9-B MRSA §241, sub-§13, as reallocated by RR 2001, c. 1, §15, is amended to read:
13. Privacy of consumer information. A financial institution authorized to do business in this State or a credit union authorized to do business in this State shall comply with the provisions of section 162-A and the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); or the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001). This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.Any violation of this subsection is an anticompetitive or deceptive practice for the purposes of this chapter and is subject to the remedies provided in this chapter in addition to remedies otherwise provided by law.
Sec. A-8. 24-A MRSA §2215, sub-§1, ¶J, as enacted by PL 1997, c. 677, §3 and affected by §5, is repealed.
Sec. A-9. 24-A MRSA §2215, sub-§1, ¶Q, as amended by PL 2005, c. 127, §2, is further amended to read:
Q. In order to protect the public health and welfare, to state governmental entities only insofar as necessary to enable those entities to perform their duties when reporting is required or authorized by law; or
Sec. A-10. 24-A MRSA §2215, sub-§1, ¶R, as enacted by PL 2005, c. 127, §3, is amended to read:
R. By a regulated insurance entity that is also a covered entity or is a business associate of a covered entity under the standards for privacy of individually identifiable health information, 45 Code of Federal Regulations, Parts 160 and 164 (2004), if the disclosure is made for purposes of treatment, payment or health care operations of the disclosing or receiving entity and is made in full compliance with the requirements of the standards for privacy of individually identifiable health information and any applicable business associate agreement . ; or
Sec. A-11. 24-A MRSA §2215, sub-§1, ¶S is enacted to read:
S. To the extent permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e) as long as the information disclosed does not include health care information.
Sec. A-12. 24-A MRSA §2215, sub-§2 is enacted to read:
2. Opt in; disclosure to nonaffiliated 3rd party. A regulated insurance entity or insurance support organization may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a regulated insurance entity or insurance support organization to a nonaffiliated 3rd party to the extent such a disclosure is permitted by subsection 1 or the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e). As used in this subsection, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-13. 30-A MRSA §3964-A, sub-§4, as enacted by PL 2001, c. 262, Pt. E, §1, is repealed and the following enacted in its place:
4. Privacy of consumer financial information. The privacy of consumer financial information is subject to this subsection. A. Except as provided in paragraph B with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a pawnbroker shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the pawnbroker is a financial institution as defined in those regulations. This paragraph is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
B. A pawnbroker required to comply with paragraph A may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This paragraph does not prohibit the disclosure of nonpublic personal information by a pawnbroker to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
C. As used in this subsection, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-14. 32 MRSA §6146, as enacted by PL 2001, c. 262, Pt. E, §2, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a check cashing business or foreign currency exchange business shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the check cashing business or foreign currency exchange business is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. A check cashing business or foreign currency exchange business required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a check cashing business or foreign currency exchange business to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-15. 32 MRSA §6162, as enacted by PL 2001, c. 262, Pt. E, §3, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, an operator shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the operator is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. An operator required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by an operator to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-16. 32 MRSA §11018, as enacted by PL 2001, c. 262, Pt. E, §4, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a collection agency or repossession company shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the collection agency or repossession company is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. A collection agency or repossession company required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a collection agency or repossession company to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-17. 32 MRSA §16411, sub-§9, as enacted by PL 2005, c. 65, Pt. A, §2, is amended to read:
9. Privacy provisions. A broker-dealer licensed or required to be licensed under this chapter and an investment adviser licensed or required to be licensed under this chapter shall comply with the privacy provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the implementing Regulation S-P, federal Privacy of Consumer Financial Information, 17 Code of Federal Regulations, Part 248 (2001) adopted by the Securities and Exchange Commission. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24. A. A person subject to this chapter may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This paragraph does not prohibit the disclosure of nonpublic personal information by a person subject to this chapter to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e). As used in this paragraph, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
Sec. A-18. 33 MRSA §528, as enacted by PL 2001, c. 262, Pt. E, §5, is repealed and the following enacted in its place:
1. Compliance with federal law and regulations. Except as provided in subsection 2 with respect to disclosure of nonpublic personal information to nonaffiliated 3rd parties, a settlement agent shall comply with the provisions of the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999) and the applicable implementing federal Privacy of Consumer Information regulations, as adopted by the Office of the Comptroller of the Currency, 12 Code of Federal Regulations, Part 40 (2001); the Board of Governors of the Federal Reserve System, 12 Code of Federal Regulations, Part 216 (2001); the Federal Deposit Insurance Corporation, 12 Code of Federal Regulations, Part 332 (2001); the Office of Thrift Supervision, 12 Code of Federal Regulations, Part 573 (2001); the National Credit Union Administration, 12 Code of Federal Regulations, Part 716 (2001); the Federal Trade Commission, 16 Code of Federal Regulations, Part 313 (2001); or the Securities and Exchange Commission, 17 Code of Federal Regulations, Part 248 (2001), if the settlement agent is a financial institution as defined in those regulations. This subsection is not intended to permit the release of health care information except as permitted by Title 22, section 1711-C or Title 24-A, chapter 24.
2. Opt in; disclosure to nonaffiliated 3rd party. A settlement agent required to comply with subsection 1 may not disclose, directly or through an affiliate, to a nonaffiliated 3rd party any nonpublic personal information unless the person to whom the information pertains has affirmatively consented to the disclosure in writing and has not withdrawn that consent. This subsection does not prohibit the disclosure of nonpublic personal information by a settlement agent to a nonaffiliated 3rd party to the extent such a disclosure is permitted by the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6802(b)(2) and (e).
3. Use of terms. As used in this section, unless the context otherwise indicates, the terms "affiliate," "nonaffiliated 3rd party" and "nonpublic personal information" have the same meanings as in the federal Gramm-Leach-Bliley Act, 15 United States Code, Section 6801 et seq. (1999).
PART B
Sec. B-1. Statutory referendum procedure; submission at election; form of question; effective date. This Act must be submitted to the legal voters of the State at a statewide election held in the month of November following passage of this Act. The municipal officers of this State shall notify the inhabitants of their respective cities, towns and plantations to meet, in the manner prescribed by law for holding a statewide election, to vote on the acceptance or rejection of this Act by voting on the following question:
"Do you favor requiring financial services providers to obtain permission from individuals before disclosing nonpublic personal information to nonaffiliated 3rd parties?"
The legal voters of each city, town and plantation shall vote by ballot on this question and designate their choice by a cross or check mark placed within a corresponding square below the word "Yes" or "No." The ballots must be received, sorted, counted and declared in open ward, town and plantation meetings and returns made to the Secretary of State in the same manner as votes for members of the Legislature. The Governor shall review the returns. If a majority of the legal votes are cast in favor of this Act, the Governor shall proclaim the result without delay and this Act becomes effective 30 days after the date of the proclamation.
The Secretary of State shall prepare and furnish to each city, town and plantation all ballots, returns and copies of this Act necessary to carry out the purposes of this referendum.
summary
Currently, state law conforms to the opt-out provisions of the federal Gramm-Leach-Bliley Act regarding the disclosure of nonpublic personal information. This bill puts in place an opt-in requirement so that financial services providers, including banks, credit unions, securities firms and mortgage companies, must have permission from individuals before disclosing nonpublic personal information to nonaffiliated 3rd parties. The bill is contingent on approval by voters at a statewide referendum.