Bill Text


Bill PDF |Add To My Favorites |Track Bill | print page

AB-386 California Right to Financial Privacy Act.(2023-2024)

SHARE THIS: share this bill in Facebook share this bill in Twitter
Date Published: 10/10/2023 09:00 PM
AB386:v94#DOCUMENT

Assembly Bill No. 386
CHAPTER 433

An act to amend Section 7480 of the Government Code, relating to privacy.

[ Approved by Governor  October 08, 2023. Filed with Secretary of State  October 08, 2023. ]

LEGISLATIVE COUNSEL'S DIGEST


AB 386, Stephanie Nguyen. California Right to Financial Privacy Act.
Existing law, the California Right to Financial Privacy Act, generally provides for the confidentiality of, and restricts access to, the financial records of people who transact business with, or use the services of, financial institutions or for whom a financial institution has acted as a fiduciary. Existing law establishes an exception by authorizing various state and local agencies, when certification is made to a bank, credit union, or savings association by specified law enforcement entities that a crime report has been filed that involves the alleged fraudulent use of orders drawn upon a bank, credit union, or savings association in this state, to request from such a bank, credit union, or savings association, and requires the bank, credit union, or savings association to furnish, a statement setting forth certain information with respect to a customer account specified by the requesting party, for a period of 30 days before, and up to 30 days following, the date of occurrence of the alleged illegal act involving the account.
This bill would expand the period covered by that statement of information to a period 90 days before, and up to 60 days following, the date of occurrence. The bill would require specified additional items of information to be included in the statement about the account.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 7480 of the Government Code is amended to read:

7480.
 Nothing in this chapter shall prohibit any of the following:
(a) The dissemination of any financial information that is not identified with, or identifiable as being derived from, the financial records of a particular customer.
(b) When any police, sheriff’s department, district attorney, or special agent with the Department of Justice in this state certifies to a bank, credit union, or savings association in writing that a crime report has been filed that involves the alleged fraudulent use of drafts, checks, access cards, or other orders drawn upon any bank, credit union, or savings association in this state, the police, sheriff’s department, district attorney, special agent with the Department of Justice, or a county adult protective services agency when investigating the financial abuse of an elder or dependent adult, or a long-term care ombudsperson when investigating the financial abuse of an elder or dependent adult, may request a bank, credit union, or savings association to furnish, and a bank, credit union, or savings association shall furnish, a statement setting forth the following information with respect to a customer account specified by the requesting party for a period 90 days before, and up to 60 days following, the date of occurrence of the alleged illegal act involving the account:
(1) The number of items dishonored.
(2) The number of items paid that created overdrafts.
(3) The dollar volume of the dishonored items and items paid which created overdrafts and a statement explaining any credit arrangement between the bank, credit union, or savings association and customer to pay overdrafts.
(4) The dates and amounts of deposits and debits and the account balance on these dates.
(5) A copy of the signature card, including the signature and any addresses appearing on a customer’s signature card.
(6) New bank cards issued.
(7) Change of address requests received.
(8) Power of attorney or trust documents submitted or executed.
(9) The date the account opened and, if applicable, the date the account closed.
(10) Surveillance photographs and video recordings of persons accessing the crime victim’s financial account via an automated teller machine (ATM) or from within the financial institution for dates on which illegal acts involving the account were alleged to have occurred. Nothing in this paragraph does any of the following:
(A) Requires a financial institution to produce a photograph or video recording if it does not possess the photograph or video recording.
(B) Affects any existing civil immunities as provided in Section 47 of the Civil Code or any other provision of law.
(11) A bank, credit union, or savings association that provides the requesting party with copies of one or more complete account statements prepared in the regular course of business shall be deemed to be in compliance with paragraphs (1), (2), (3), and (4).
(c) When any police, sheriff’s department, district attorney, or special agent with the Department of Justice in this state certifies to a bank, credit union, or savings association in writing that a crime report has been filed that involves the alleged fraudulent use of drafts, checks, access cards, or other orders drawn upon any bank, credit union, or savings association doing business in this state, the police, sheriff’s department, district attorney, special agent with the Department of Justice, a county adult protective services office when investigating the financial abuse of an elder or dependent adult, or a long-term care ombudsperson when investigating the financial abuse of an elder or dependent adult, may request, with the consent of the accountholder, the bank, credit union, or savings association to furnish, and the bank, credit union, or savings association shall furnish, a statement setting forth the following information with respect to a customer account specified by the requesting party for a period 30 days before, and up to 30 days following, the date of occurrence of the alleged illegal act involving the account:
(1) The number of items dishonored.
(2) The number of items paid that created overdrafts.
(3) The dollar volume of the dishonored items and items paid which created overdrafts and a statement explaining any credit arrangement between the bank, credit union, or savings association and customer to pay overdrafts.
(4) The dates and amounts of deposits and debits and the account balance on these dates.
(5) A copy of the signature card, including the signature and any addresses appearing on a customer’s signature card.
(6) The date the account opened and, if applicable, the date the account closed.
(7) Surveillance photographs and video recordings of persons accessing the crime victim’s financial account via an automated teller machine (ATM) or from within the financial institution for dates on which illegal acts involving this account were alleged to have occurred. Nothing in this paragraph does any of the following:
(A) Requires a financial institution to produce a photograph or video recording if it does not possess the photograph or video recording.
(B) Affects any existing civil immunities as provided in Section 47 of the Civil Code or any other provision of law.
(8) A bank, credit union, or savings association doing business in this state that provides the requesting party with copies of one or more complete account statements prepared in the regular course of business shall be deemed to be in compliance with paragraphs (1), (2), (3), and (4).
(d) For purposes of subdivision (c), consent of the accountholder shall be satisfied if an accountholder provides to the financial institution and the person or entity seeking disclosure, a signed and dated statement containing all of the following:
(1) Authorization of the disclosure for the period specified in subdivision (c).
(2) The name of the agency or department to which disclosure is authorized and, if applicable, the statutory purpose for which the information is to be obtained.
(3) A description of the financial records that are authorized to be disclosed.
(e) (1) The Attorney General, a supervisory agency, the Franchise Tax Board, the State Board of Equalization, the Employment Development Department, the Controller, or an inheritance tax referee when administering the Prohibition of Gift and Death Taxes (Part 8 (commencing with Section 13301) of Division 2 of the Revenue and Taxation Code), a police or sheriff’s department or district attorney, a county adult protective services office when investigating the financial abuse of an elder or dependent adult, a long-term care ombudsperson when investigating the financial abuse of an elder or dependent adult, a county welfare department when investigating welfare fraud, a county auditor-controller or director of finance when investigating fraud against the county, or the Department of Financial Protection and Innovation when conducting investigations in connection with the enforcement of laws administered by the Commissioner of Financial Protection and Innovation, from requesting of an office or branch of a financial institution, and the office or branch from responding to a request, as to whether a person has an account or accounts at that office or branch and, if so, any identifying numbers of the account or accounts.
(2) No additional information beyond that specified in this section shall be released to a county welfare department without either the accountholder’s written consent or a judicial writ, search warrant, subpoena, or other judicial order.
(3) A county auditor-controller or director of finance who unlawfully discloses information they are authorized to request under this subdivision is guilty of the unlawful disclosure of confidential data, a misdemeanor, which shall be punishable as set forth in Section 7485.
(f) The examination by, or disclosure to, any supervisory agency of financial records that relate solely to the exercise of its supervisory function. The scope of an agency’s supervisory function shall be determined by reference to statutes that grant authority to examine, audit, or require reports of financial records or financial institutions as follows:
(1) With respect to the Commissioner of Financial Protection and Innovation by reference to Division 1 (commencing with Section 99), Division 1.1 (commencing with Section 1000), Division 1.2 (commencing with Section 2000), Division 1.6 (commencing with Section 4800), Division 2 (commencing with Section 5000), Division 5 (commencing with Section 14000), Division 7 (commencing with Section 18000), Division 15 (commencing with Section 31000), and Division 16 (commencing with Section 33000), of the Financial Code.
(2) With respect to the Controller by reference to Title 10 (commencing with Section 1300) of Part 3 of the Code of Civil Procedure.
(3) With respect to the Administrator of Local Agency Security by reference to Article 2 (commencing with Section 53630) of Chapter 4 of Part 1 of Division 2 of Title 5 of the Government Code.
(g) The disclosure to the Franchise Tax Board of (1) the amount of any security interest that a financial institution has in a specified asset of a customer or (2) financial records in connection with the filing or audit of a tax return or tax information return that are required to be filed by the financial institution pursuant to Part 10 (commencing with Section 17001), Part 11 (commencing with Section 23001), or Part 18 (commencing with Section 38001), of the Revenue and Taxation Code.
(h) The disclosure to the State Board of Equalization of any of the following:
(1) The information required by Sections 6702, 6703, 8954, 8957, 30313, 30315, 32383, 32387, 38502, 38503, 40153, 40155, 41122, 41123.5, 43443, 43444.2, 44144, 45603, 45605, 46404, 46406, 50134, 50136, 55203, 55205, 60404, and 60407 of the Revenue and Taxation Code.
(2) The financial records in connection with the filing or audit of a tax return required to be filed by the financial institution pursuant to Part 1 (commencing with Section 6001), Part 2 (commencing with Section 7301), Part 3 (commencing with Section 8601), Part 13 (commencing with Section 30001), Part 14 (commencing with Section 32001), and Part 17 (commencing with Section 37001), of Division 2 of the Revenue and Taxation Code.
(3) The amount of any security interest a financial institution has in a specified asset of a customer, if the inquiry is directed to the branch or office where the interest is held.
(i) The disclosure to the Controller of the information required by Section 7853 of the Revenue and Taxation Code.
(j) The disclosure to the Employment Development Department of the amount of any security interest a financial institution has in a specified asset of a customer, if the inquiry is directed to the branch or office where the interest is held.
(k) The disclosure by a construction lender, as defined in Section 8006 of the Civil Code, to the Registrar of Contractors, of information concerning the making of progress payments to a prime contractor requested by the registrar in connection with an investigation under Section 7108.5 of the Business and Professions Code.
(l) Upon receipt of a written request from a local child support agency referring to a support order pursuant to Section 17400 of the Family Code, a financial institution shall disclose the following information concerning the account or the person named in the request, whom the local child support agency shall identify, whenever possible, by social security number:
(1) If the request states the identifying number of an account at a financial institution, the name of each owner of the account.
(2) Each account maintained by the person at the branch to which the request is delivered, and, if the branch is able to make a computerized search, each account maintained by the person at any other branch of the financial institution located in this state.
(3) For each account disclosed pursuant to paragraphs (1) and (2), the account number, current balance, street address of the branch where the account is maintained, and, to the extent available through the branch’s computerized search, the name and address of any other person listed as an owner.
(4) Whenever the request prohibits the disclosure, a financial institution shall not disclose either the request or its response, to an owner of the account or to any other person, except the officers and employees of the financial institution who are involved in responding to the request and to attorneys, employees of the local child support agencies, auditors, and regulatory authorities who have a need to know in order to perform their duties, and except as disclosure may be required by legal process.
(5) No financial institution, or any officer, employee, or agent thereof, shall be liable to any person for (A) disclosing information in response to a request pursuant to this subdivision, (B) failing to notify the owner of an account, or complying with a request under this paragraph not to disclose to the owner, the request or disclosure under this subdivision, or (C) failing to discover any account owned by the person named in the request pursuant to a computerized search of the records of the financial institution.
(6) The local child support agency may request information pursuant to this subdivision only when the local child support agency has received at least one of the following types of physical evidence:
(A) Any of the following, dated within the last three years:
(i) Form 599.
(ii) Form 1099.
(iii) A bank statement.
(iv) A check.
(v) A bank passbook.
(vi) A deposit slip.
(vii) A copy of a federal or state income tax return.
(viii) A debit or credit advice.
(ix) Correspondence that identifies the child support obligor by name, the bank, and the account number.
(x) Correspondence that identifies the child support obligor by name, the bank, and the banking services related to the account of the obligor.
(xi) An asset identification report from a federal agency.
(B) A sworn declaration of the custodial parent during the 12 months immediately preceding the request that the person named in the request has had or may have had an account at an office or branch of the financial institution to which the request is made.
(7) Information obtained by a local child support agency pursuant to this subdivision shall be used only for purposes that are directly connected with the administration of the duties of the local child support agency pursuant to Section 17400 of the Family Code.
(m) (1) As provided in paragraph (1) of subdivision (c) of Section 666 of Title 42 of the United States Code, upon receipt of an administrative subpoena on the current federally approved interstate child support enforcement form, as approved by the federal Office of Management and Budget, a financial institution shall provide the information or documents requested by the administrative subpoena.
(2) The administrative subpoena shall refer to the current federal Office of Management and Budget control number and be signed by a person who states that they are an authorized agent of a state or county agency responsible for implementing the child support enforcement program set forth in Part D (commencing with Section 651) of Subchapter IV of Chapter 7 of Title 42 of the United States Code. A financial institution may rely on the statements made in the subpoena and has no duty to inquire into the truth of any statement in the subpoena.
(3) If the person who signs the administrative subpoena directs a financial institution in writing not to disclose either the subpoena or its response to any owner of an account covered by the subpoena, the financial institution shall not disclose the subpoena or its response to the owner.
(4) No financial institution, or any officer, employee, or agent thereof, shall be liable to any person for (A) disclosing information or providing documents in response to a subpoena pursuant to this subdivision, (B) failing to notify any owner of an account covered by the subpoena or complying with a request not to disclose to the owner, the subpoena or disclosure under this subdivision, or (C) failing to discover any account owned by the person named in the subpoena pursuant to a computerized search of the records of the financial institution.
(n) The dissemination of financial information and records pursuant to any of the following:
(1) Compliance by a financial institution with the requirements of Section 2892 of the Probate Code.
(2) Compliance by a financial institution with the requirements of Section 2893 of the Probate Code.
(3) An order by a judge upon a written ex parte application by a peace officer showing specific and articulable facts that there are reasonable grounds to believe that the records or information sought are relevant and material to an ongoing investigation of a felony violation of Section 186.10 or of any felony subject to the enhancement set forth in Section 186.11.
(A) The ex parte application shall specify with particularity the records to be produced, which shall be only those of the individual or individuals who are the subject of the criminal investigation.
(B) The ex parte application and any subsequent judicial order shall be open to the public as a judicial record unless ordered sealed by the court, for a period of 60 days. The sealing of these records may be extended for 60-day periods upon a showing to the court that it is necessary for the continuance of the investigation. Sixty-day extensions may continue for up to one year or until termination of the investigation of the individual or individuals, whichever is sooner.
(C) The records ordered to be produced shall be returned to the peace officer applicant or their designee within a reasonable time period after service of the order upon the financial institution.
(D) Nothing in this subdivision shall preclude the financial institution from notifying a customer of the receipt of the order for production of records unless a court orders the financial institution to withhold notification to the customer upon a finding that the notice would impede the investigation.
(E) Where a court has made an order pursuant to this paragraph to withhold notification to the customer under this paragraph, the peace officer or law enforcement agency who obtained the financial information shall notify the customer by delivering a copy of the ex parte order to the customer within 10 days of the termination of the investigation.
(4) An order by a judge issued pursuant to subdivision (c) of Section 532f of the Penal Code.
(5) No financial institution, or any officer, employee, or agent thereof, shall be liable to any person for any of the following:
(A) Disclosing information to a probate court pursuant to Sections 2892 and 2893.
(B) Disclosing information in response to a court order pursuant to paragraph (3).
(C) Complying with a court order under this subdivision not to disclose to the customer, the order, or the dissemination of information pursuant to the court order.
(o) Disclosure by a financial institution to a peace officer, as defined in Section 830.1 of the Penal Code, pursuant to the following:
(1) Paragraph (1) of subdivision (a) of Section 1748.95 of the Civil Code, provided that the financial institution has first complied with the requirements of paragraph (2) of subdivision (a) and subdivision (b) of Section 1748.95 of the Civil Code.
(2) Paragraph (1) of subdivision (a) of Section 4002 of the Financial Code, provided that the financial institution has first complied with the requirements of paragraph (2) of subdivision (a) and subdivision (b) of Section 4002 of the Financial Code.
(3) Paragraph (1) of subdivision (a) of Section 22470 of the Financial Code, provided that any financial institution that is a finance lender has first complied with the requirements of paragraph (2) of subdivision (a) and subdivision (b) of Section 22470 of the Financial Code.
(p) When the governing board of the Public Employees’ Retirement System or the State Teachers’ Retirement System certifies in writing to a financial institution that a benefit recipient has died and that transfers to the benefit recipient’s account at the financial institution from the retirement system occurred after the benefit recipient’s date of death, the financial institution shall furnish the retirement system with the name and address of any coowner, cosigner, or any other person who had access to the funds in the account following the date of the benefit recipient’s death, or if the account has been closed, the name and address of the person who closed the account.
(q) When the retirement board of a retirement system established under the County Employees Retirement Law of 1937 certifies in writing to a financial institution that a retired member or the beneficiary of a retired member has died and that transfers to the account of the retired member or beneficiary of a retired member at the financial institution from the retirement system occurred after the date of death of the retired member or beneficiary of a retired member, the financial institution shall furnish the retirement system with the name and address of any coowner, cosigner, or any other person who had access to the funds in the account following the date of death of the retired member or beneficiary of a retired member, or if the account has been closed, the name and address of the person who closed the account.
(r) When the Franchise Tax Board certifies in writing to a financial institution that (1) a taxpayer filed a tax return that authorized a direct deposit refund with an incorrect financial institution account or routing number that resulted in all or a portion of the refund not being received, directly or indirectly, by the taxpayer; (2) the direct deposit refund was not returned to the Franchise Tax Board; and (3) the refund was deposited directly on a specified date into the account of an accountholder of the financial institution who was not entitled to receive the refund, then the financial institution shall furnish to the Franchise Tax Board the name and address of any coowner, cosigner, or any other person who had access to the funds in the account following the date of direct deposit refund, or if the account has been closed, the name and address of the person who closed the account.