STATE OF NEW YORK
        ________________________________________________________________________
                                         4778--A
            Cal. No. 604
                               2015-2016 Regular Sessions
                    IN SENATE
                                     April 15, 2015
                                       ___________
        Introduced  by Sen. VENDITTO -- read twice and ordered printed, and when
          printed to be committed to the Committee  on  Consumer  Protection  --
          recommitted to the Committee on Consumer Protection in accordance with
          Senate  Rule  6,  sec.  8  --  reported favorably from said committee,
          ordered to first and  second  report,  ordered  to  a  third  reading,
          amended  and  ordered  reprinted,  retaining its place in the order of
          third reading
        AN ACT to amend the general business law,  in  relation  to  prohibiting
          issuers  from accepting nonpublic personal information of holders from
          a third-party
          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:
     1    Section 1. The general business law is amended by adding a new section
     2  518-b to read as follows:
     3    §  518-b. Prohibited credit card user information requests. 1. Issuers
     4  of credit cards and debit cards are prohibited from accepting or  solic-
     5  iting the nonpublic personal information of a holder from a third-party.
     6  Provided,  however, that no provision of this section shall be deemed to
     7  prohibit an issuer of a credit card or  debit  card  from  accepting  or
     8  soliciting from a banking organization, as defined in section two of the
     9  banking  law,  the  nonpublic  personal  information of a holder for the
    10  purpose of verifying the identity of such holder and preventing improper
    11  or unauthorized use.
    12    2. Nonpublic personal information shall have the same meaning as in 15
    13  U.S.C. § 6809(4).
    14    3. This  section  shall  not  prohibit  the  disclosure  of  nonpublic
    15  personal information to a third party:
    16    (a)  As  necessary  to  effect,  administer,  or enforce a transaction
    17  requested or authorized by the consumer;
    18    (b) In order to service or process  a  financial  product  or  service
    19  requested or authorized by the consumer;
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD10403-03-6

        S. 4778--A                          2
     1    (c) In order to maintain or service the consumer's account held by the
     2  issuer of the credit or debit card; or
     3    (d) To protect against or prevent actual or potential fraud, unauthor-
     4  ized transactions, claims, or other liability.
     5    4. A violation of the provisions of this section by an issuer shall be
     6  punishable  by  a  civil  penalty not to exceed two thousand dollars for
     7  each such violation.
     8    § 2. This act shall  take  effect  on  the  first  of  September  next
     9  succeeding the date on which it shall have become a law.