Georgia-2009-SB130-Introduced

To amend Chapter 1 of Title 10 of the Official Code of Georgia Annotated, relating to selling and other trade practices, so as to provide a short title; to provide for legislative intent; to provide definitions; to establish procedures and requirements for the electronic lease-purchase of goods; to provide for data and personal information protection practices; to provide that persons entering into electronic lease-purchase agreements shall receive certain information and have certain rights with regard to the goods that are the subject of such agreements; to provide for certain requirements for merchants with regard to websites and data transmission; to provide for related matters; to repeal conflicting laws; and for other purposes.

BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA:

Chapter 1 of Title 10 of the Official Code of Georgia Annotated, relating to selling and other trade practices, is amended by adding a new article to read as follows:

(a) This article shall be known and may be cited as the 'Electronic Lease-Purchase of Goods Act.'

(b) This article is for the purpose of enabling electronic commerce in lease-purchase transactions and to require security measures to safeguard consumer private information, including their identity and financial information.

(a) As used in this article, the term:

(1) 'Advertisement' means a commercial message in any medium, including, but not limited to, radio, print, television, telephone, facsimile, short message service (SMS) messaging, and all forms of electronic or on-line advertising, that promotes, directly or indirectly, a lease-purchase agreement but does not include price tags, window signs, or other in-store merchandising methods.

(2) 'Consumer' means a natural person who is offered or enters into a lease-purchase agreement.

(3) 'Electronic signature' means an electronic or digital method executed or adopted by a party with the intent to be bound by or to authenticate a record which is unique to the person using it, is capable of verification, is under the sole control of the person using it, and is linked to the data in such a manner that if the data is changed, the electronic signature is invalidated.

(4) 'Initial payment' means the amount to be paid before or at the consummation of the lease-purchase agreement or the delivery of the property if delivery occurs after consummation, including the rental payment; service, processing, or administrative charges; the delivery fee; the refundable security deposit; taxes; mandatory fees or charges; and any optional fees or charges agreed to by the consumer.

(5) 'Lease-purchase goods' means personal property used by a lessee primarily for personal, family, or household purposes and acquired under a lease-purchase agreement as defined in Code Section 10-1-681.

(6) 'Merchant' means a person who provides the use of property through a lease-purchase agreement in the ordinary course of business and to whom a customer's initial payment under the agreement is payable.

(7) 'Payment schedule' means the amount and timing of the periodic payments and the total number of all periodic payments that the consumer will make if the customer acquires ownership of the property by making all periodic payments.

(8) 'Periodic payment' means the total payment a consumer will make for a specific rental period after the initial payment, including the rental payment, taxes, mandatory fees or charges, and any optional fees or charges agreed to by the customer.

(9) 'Personal property' means any property that is not real property under the laws of this state at the time that it is offered or made available for lease by a merchant. Such property may be purchased or otherwise obtained by a merchant from any source, including, but not limited to, Internet retailers, wholesalers, and individuals, including a consumer as defined in this Code section.

(10) 'Record' means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form, including both electronic records and printed, typewritten, and tangible records. For the purposes of this article, the term 'record' may also mean recorded verbal communications that include identity verification.

(11) 'Rental payment' means rent required to be paid by a consumer for the possession and use of property for a specific rental period but does not include taxes or any fees or charges.

(b) To the extent that any definitions or requirements as used in this Code section conflict with other laws of the State of Georgia, it is intended that the definitions and requirements contained in this Code section shall supersede such laws for the purposes of this article only.

(a) A merchant who wishes to offer lease-purchase goods to a consumer may enter into such a transaction electronically so long as all of the requirements of Article 23 of this chapter are met in addition to the requirements of this article.

(b) A merchant entering into a transaction with a consumer using electronic media in any form, including, but not limited to, the Internet, telephone, and SMS messaging, may obtain electronic signatures or recorded verbal authorizations from the consumer to do so, consistent with all requirements of Chapter 12 of this title, the 'Georgia Electronic Records and Signatures Act,' and provided that the consumer's affirmative consent to electronic communication is obtained.

(c) A merchant shall utilize the best available data protection practices in the electronic lease-purchase of goods, consistent in all respects with the following:

(1) Data collected from a consumer shall be used only for the specific purpose for which it is collected and shall be relevant and not excessive in relation to the purpose for which it is collected;

(2) A consumer shall expressly consent to the use of electronic communication, including electronic processing and retention of personal data for purposes of this article;

(3) A merchant shall take appropriate technical and organizational measures against unauthorized or unlawful processing of personal information and against accidental loss, theft, or destruction of, or damage to, a consumer's personal data;

(4) A merchant shall have a valid secure sockets layer (SSL) certificate that is 128 bit encryption or greater and issued by a Trusted Root Certification Authority to ensure communication confidentiality;

(5) A merchant shall utilize appropriate internal safeguards and security measures to protect a consumer's private information, including, but not limited to, firewalls, unique system passwords, encryption of data, utilization of antivirus software, internal restriction of access to consumer data, monitoring of access to data, and maintenance of an audit file of all security changes made. A merchant shall maintain an internal security policy handbook detailing its policies and procedures regarding handling and storage of consumer information;

(6) Consistent with the provisions of this subsection, a merchant's servers, including all servers and other computer hardware devices needed for use by the website, including, but not limited to, web servers, data base servers, reporting services, file servers, and e-mail servers, shall be hosted in a reliable, physically secure facility utilizing biometrics and under 24 hour monitoring. All communications to front end servers shall be done with a minimum of 128 bit encryption. All communications to the customer data warehouse shall have the same minimum requirements with the added security of an IP based restriction. The hosting facility personnel shall not be permitted to log in to the data warehouse for any reason. Any replication of the data warehouse shall be carried over a secure connection to the target location. The target location shall have the same minimum security requirements as the source hosting facility. All servers shall have all applicable operating and security system software updates and patches applied to prevent vulnerabilities;

(7) All source code shall be protected in a secure source code repository. Any code containing server passwords and user accounts shall be in restricted areas with verbose access logging. This source while in production shall be in a location that is more secure from hackers;

(8) Any use of web cookies by a merchant shall be limited to the current web session only and shall not contain any personal identifiable information about the customer. Cookies may store nondisclosing details about customers in the form of unique identifiers only known by the company providing the service through the Internet;

(9) A consumer shall be provided with information about safeguards in place designed to protect personal information. It shall be clear to a consumer that all communications with a merchant are being secured by 128 bit SSL encryption, and that if the consumer does not see the secure lock in his or her browser, the consumer should report it immediately to the merchant; and.

(10) A consumer shall have a means of updating personal information on file.

(d) A consumer shall receive a printable electronic copy of the lease-purchase agreement. A consumer may elect to sign a paper copy and submit it to the merchant by facsimile or postal mail rather than entering into the agreement by electronic means.

(e) A merchant shall provide a fully executed electronic copy of the lease-purchase agreement that the consumer may print or store electronically, provided that the consumer shall be responsible for ensuring that the computer or other electronic device used has sufficient memory to store the agreement and any software or hardware needed for the viewing, printing, and storage of the agreement.

(f) A merchant's Internet website shall be compatible with the most recent versions of all commonly used Internet browsers, and a list of compatible browsers shall be posted on the merchant's website. A consumer shall be given affirmative notification of any changes to a merchant's website that may impact the consumer's ability to visit the site, contact the merchant, or access the consumer's electronic copy of the lease-purchase agreement.

(g) A merchant shall maintain a published privacy policy, readily available to consumers visiting the merchant's Internet website, which details the purposes for which a consumer's personal information is being collected and the manner in which it will be used, including identity verification and compliance with all applicable state and federal laws.

(h) A consumer shall have the right to opt out of the disclosure of personal information to third parties and affiliates of a merchant, except where there is an overriding legitimate reason to share the information, such as prevention or detection of a crime.

(i) A merchant shall utilize best industry practices to verify a consumer's identity prior to entering into a lease-purchase agreement, consistent with applicable laws. At a minimum, a merchant shall obtain a consumer's name, social security number, date of birth, and address, and the merchant shall utilize this information as part of its identity verification process.

(j) A merchant shall maintain at least one physical location where a consumer may return lease-purchase goods, make payments, obtain information about his or her account, or other lease related activities. Such location, its local telephone number, and the operating hours thereof shall be disclosed on the merchant's Internet website.

(k) A merchant's Internet website shall clearly disclose a means whereby a consumer may contact the merchant at no cost, such as a toll-free telephone number and a facsimile number, and the hours during which the merchant will be available to respond.

(l) A merchant may elect to ship lease-purchase goods to a consumer by common carrier, provided that the merchant shall develop and maintain a system for a consumer to report problems regarding the sale or delivery to the merchant by telephone, facsimile, or other electronic means. Methods for reporting problems shall be clearly displayed on the merchant's Internet website.

(m) A consumer shall have the right to inspect lease-purchase goods to confirm that they are in good working order upon delivery and to contact the merchant to request a suitable replacement at no cost to the consumer if the lease-purchase goods are not in good working order at the time of delivery.

(n) A consumer shall have the right to return lease-purchase goods to the merchant, either to the merchant's physical location or by common carrier, at the consumer's expense, upon termination of the lease-purchase agreement and consistent with the terms and conditions thereof. No penalty shall be imposed for early termination of a lease-purchase agreement or for the return of an item at any point. The merchant shall clearly disclose this right on its Internet website and in the lease-purchase agreement.

(o) A merchant transacting business under this article may require a consumer to provide one or more means of electronic payment in order to make the initial payment, periodic payments, or rental payments. Such means of payment shall include, but not be limited to, automated clearinghouse (ACH) authorization, wire transfer, credit card, or electronic check.

(p) A merchant transacting business under this article may promote its activities through advertisements or may contract with third party marketing companies to engage in advertising activities on the merchant's behalf. Such third party marketing companies shall be considered independent of the merchant for all purposes related to this article.