STATE OF NEW YORK ________________________________________________________________________ 4778--A Cal. No. 604 2015-2016 Regular Sessions IN SENATE April 15, 2015 ___________ Introduced by Sen. VENDITTO -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection -- recommitted to the Committee on Consumer Protection in accordance with Senate Rule 6, sec. 8 -- reported favorably from said committee, ordered to first and second report, ordered to a third reading, amended and ordered reprinted, retaining its place in the order of third reading AN ACT to amend the general business law, in relation to prohibiting issuers from accepting nonpublic personal information of holders from a third-party The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. The general business law is amended by adding a new section 2 518-b to read as follows: 3 § 518-b. Prohibited credit card user information requests. 1. Issuers 4 of credit cards and debit cards are prohibited from accepting or solic- 5 iting the nonpublic personal information of a holder from a third-party. 6 Provided, however, that no provision of this section shall be deemed to 7 prohibit an issuer of a credit card or debit card from accepting or 8 soliciting from a banking organization, as defined in section two of the 9 banking law, the nonpublic personal information of a holder for the 10 purpose of verifying the identity of such holder and preventing improper 11 or unauthorized use. 12 2. Nonpublic personal information shall have the same meaning as in 15 13 U.S.C. § 6809(4). 14 3. This section shall not prohibit the disclosure of nonpublic 15 personal information to a third party: 16 (a) As necessary to effect, administer, or enforce a transaction 17 requested or authorized by the consumer; 18 (b) In order to service or process a financial product or service 19 requested or authorized by the consumer; EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD10403-03-6S. 4778--A 2 1 (c) In order to maintain or service the consumer's account held by the 2 issuer of the credit or debit card; or 3 (d) To protect against or prevent actual or potential fraud, unauthor- 4 ized transactions, claims, or other liability. 5 4. A violation of the provisions of this section by an issuer shall be 6 punishable by a civil penalty not to exceed two thousand dollars for 7 each such violation. 8 § 2. This act shall take effect on the first of September next 9 succeeding the date on which it shall have become a law.