HP0102, LD 144, item 1, An Act To Protect the Privacy of Consumers Who Use Credit Cards for Online Purchases of Products

An Act To Protect the Privacy of Consumers Who Use Credit Cards for Online Purchases of Products

Be it enacted by the People of the State of Maine as follows:

Sec. 1. 10 MRSA c. 210-C is enacted to read:

CHAPTER 210-C

CONSUMER PRIVACY FOR ONLINE PURCHASES OF PRODUCTS

§ 1350-J. Definitions

As used in this chapter, unless the context otherwise indicates, the following terms have the following meanings.

1. Electronic downloadable product. "Electronic downloadable product" means a product, service, subscription or any other consideration in which the product, service, subscription or consideration is provided by means of a download to a computer, telephone or other electronic device.

2. Entity. "Entity" means a person, firm, partnership, association or corporation.

3. Online transaction involving an electronic downloadable product. "Online transaction involving an electronic downloadable product" means a credit card transaction for the purchase of an electronic downloadable product.

4. Personal identification information. "Personal identification information" means information concerning a cardholder, other than information set forth on the credit card, including, but not limited to, the cardholder’s address and telephone number.

§ 1350-K. Online credit card transactions; permitted uses of personal identification information

1. Acceptance of credit card; use of personal identification information. An entity accepting a credit card may require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product to provide personal identification information only if that entity requires that information solely for the detection, investigation or prevention of fraud, theft, identity theft or criminal activity or for enforcement of the terms of sale.

2. Disposal of personal identification information. An entity accepting a credit card as payment shall destroy or dispose of the personal identification information the entity requires pursuant to this section in a secure manner after the information is no longer needed for the purposes authorized under this section. The entity accepting the credit card may not aggregate the personal identification information the entity requires pursuant to this section with any other personal identification information and may not share the personal identification information the entity requires pursuant to this section with any other entity unless:

A. The entity is required to do so by state or federal law;

B. The entity is contractually obligated to share the information with another entity to verify the information or complete the transaction;

C. Necessary for the detection, investigation or prevention of fraud, theft, identity theft or criminal activity; or

D. Necessary for enforcement of the terms of sale.

§ 1350-L. Consumer accounts; electronic downloadable products

1. Account required. An entity that provides an electronic downloadable product may require a consumer to establish an account as a condition for the purchase of an electronic downloadable product and may require a consumer to provide personal identification information to establish, maintain or update that account. Except as provided in subsection 2, the personal identification information collected pursuant to this subsection may be used only for the establishment, maintenance or updating of the account or to process a credit card transaction.

2. Opt-in for collection of personal identification information. Concurrent with completing an online transaction involving an electronic downloadable product, or when establishing an account pursuant to subsection 1, a consumer may elect to provide personal indentification information by opting in to the collection and use of that information if the consumer is simultaneously notified of the following:

A. That providing the information is not required to complete the transaction;

B. The purpose of the request; and

C. The intended use of the information.

3. Opt-out. A consumer must be provided with an opportunity to opt out of the collection of personal identification information before an online transaction involving an electronic downloadable product is completed.

§ 1350-M. Enforcement; penalties

1. Enforcement. The appropriate state regulators within the Department of Professional and Financial Regulation shall enforce this chapter for any entity that is licensed or regulated by those regulators. The Attorney General shall enforce this chapter for all other persons.

2. Civil violation. An entity that violates this chapter commits a civil violation and is subject to the following:

A. A fine of not more than $250 for the first violation and $1,000 for each subsequent violation, except that a civil penalty may not be assessed for a violation of this chapter if the defendant shows by a preponderance of the evidence that the violation was not intentional and resulted from a bona fide error made notwithstanding the defendant’s maintenance of procedures reasonably adopted to avoid that error;

B. Equitable relief; or

C. Enjoinment from further violations of this chapter.

3. Cumulative effect. The rights and remedies available under this section are cumulative and do not affect or prevent rights and remedies available under federal or state law.

summary

This bill authorizes a person, firm, partnership, association or corporation that offers for purchase an electronic downloadable product to require, as a condition of accepting a credit card for payment, that a consumer provide personal identification information only if that person, firm, partnership, association or corporation requires that information solely for the detection, investigation or prevention of fraud, theft, identity theft or criminal activity or for enforcement of the terms of sale. The bill requires any personal identification information collected for these purposes to be destroyed after it is no longer needed and also prohibits the further sharing of that information.

The bill authorizes a person, firm, partnership, association or corporation that offers for purchase an electronic downloadable product to require that a consumer establish an account as a condition for the purchase of a downloadable product and to require that a consumer provide personal identification information, as long as the consumer is provided an opportunity to opt out of the collection of personal identification information before completing the online transaction.

HP0102 LD 144	Session - 127th Maine Legislature		LR 87 Item 1
	Bill Tracking, Additional Documents	Chamber Status

Bill Tracking		Chamber Status
Amendments	Testimony, Public Hearings & Work Sessions		Committee Information for this Bill
Other Documents			Title & Section

Search Bill Text		Search Bill Status
Bill Directory	Current Committees		Legislative Information
Download MS-Word, Printed PDF		Maine Legislature

Office of Legislative Information 100 State House Station Augusta, ME 04333		voice: (207) 287-1692 fax: (207) 287-1580 tty: (207) 287-6826
Word Viewer for Windows		Disclaimer