Main Menu

Home
Joining ARMA
Contact Us
Newsletters
Vendor List
ARMA Members Link
ARMA-AZ Events
Other ARMA Events
ARMA Store
Presentations
Scholarship Information
Thank You!
 
Legislative Information

House Bill 2351 will make it mandatory for companies to shred or incinerate customer/personal records, will make it a class 1 misdemeanor to possess such information, and make one liable for damages for the use of that information without consent. 

House Bill 2352 will prevent credit card, or purchasing key card companies, and card issuers, from marketing information (i.e. shopping patterns and spending history) of specific cardholders without permission. 

Both bills, if they pass, are slated to be effective as of March 31, 2002. 
 
House Bill 2351

--------------------------
House Engrossed
--------------------------
State of Arizona
House of Representatives
Forty-fifth Legislature
First Regular Session
2001
--------------------------
HOUSE BILL 2351
--------------------------

AN ACT

AMENDING TITLE 44, ARIZONA REVISED STATUTES, BY ADDING CHAPTER 29; RELATING TO CUSTOMER RECORDS.

Be it enacted by the Legislature of the State of Arizona:

Section 1. Title 44, Arizona Revised Statutes, is amended by adding chapter 29, to read:

CHAPTER 29

CUSTOMER RECORDS

ARTICLE 1. GENERAL PROVISIONS

44-7201. Definitions

FOR THE PURPOSES OF THIS CHAPTER:

1. "BIOMETRIC IDENTIFIER" MEANS A RETINA OR IRIS SCAN OR IMAGE, FINGERPRINT, VOICEPRINT, OR RECORD OF HAND OR FACE GEOMETRY.

2. "BUSINESS" MEANS A SOLE PROPRIETORSHIP, CORPORATION, BUSINESS TRUST, BUSINESS ASSOCIATION, GENERAL PARTNERSHIP, LIMITED PARTNERSHIP, LIMITED LIABILITY COMPANY OR OTHER SIMILAR ENTITY THAT IS FORMED OR ORGANIZED UNDER THE LAWS OF THIS STATE, ANY OTHER STATE, THE UNITED STATES OR ANY FOREIGN COUNTRY, INCLUDING A FINANCIAL INSTITUTION OR THE PARENT OR SUBSIDIARY OF THE FINANCIAL INSTITUTION.

3. "CUSTOMER" MEANS AN INDIVIDUAL WHOSE PERSONAL INFORMATION IS PROVIDED TO A BUSINESS FOR THE PURPOSE OF PURCHASING OR LEASING A PRODUCT OR OBTAINING A SERVICE FROM THE BUSINESS.

4. "DISPOSE" DOES NOT INCLUDE THE SALE OF RECORDS, THE TRANSFER OF RECORDS FOR VALUE, OR DELIVERY OF RECORDS OR RECEIPTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS.

5. "PERSONAL INFORMATION" MEANS ANY INFORMATION THAT IDENTIFIES, RELATES TO, DESCRIBES OR IS CAPABLE OF BEING ASSOCIATED WITH A PARTICULAR INDIVIDUAL IF IT INCLUDES THE PERSON'S NAME AND AT LEAST FOUR OF THE FOLLOWING: MOTHER'S MAIDEN NAME, SIGNATURE, SOCIAL SECURITY NUMBER, BIOMETRIC IDENTIFIER, RESIDENCE OR MAILING ADDRESS, TELEPHONE NUMBER, PASSPORT NUMBER, DRIVER LICENSE NUMBER, NONOPERATING IDENTIFICATION LICENSE NUMBER, INSURANCE POLICY NUMBER, MEDICAL INFORMATION, EMPLOYMENT, EMPLOYMENT HISTORY, BIRTH DATE, BANK ACCOUNT NUMBER, CREDIT CARD NUMBER, DEBIT CARD NUMBER OR ANY OTHER FINANCIAL INFORMATION.

6. "RECORDS" MEANS ANY MATERIAL, REGARDLESS OF THE PHYSICAL FORM, ON WHICH INFORMATION IS RECORDED OR PRESERVED BY ANY MEANS, INCLUDING IN WRITTEN OR SPOKEN WORDS, AND THAT IS GRAPHICALLY DEPICTED, PRINTED OR ELECTROMAGNETICALLY TRANSMITTED. RECORDS DO NOT INCLUDE PUBLICLY AVAILABLE DIRECTORIES THAT CONTAIN INFORMATION AN INDIVIDUAL HAS VOLUNTARILY CONSENTED TO HAVE PUBLICLY DISSEMINATED OR LISTED, SUCH AS A NAME, ADDRESS OR TELEPHONE NUMBER.

44-7202. Business records; destruction; liability; penalty

A. A BUSINESS MAY NOT DISPOSE OF RECORDS CONTAINING PERSONAL INFORMATION UNLESS THE BUSINESS OR OTHER PERSON UNDER CONTRACT WITH THE BUSINESS MAKES A GOOD FAITH EFFORT TO DO ANY OF THE FOLLOWING:

1. SHRED THE RECORDS BEFORE THE DISPOSAL OF THE RECORDS.

2. ERASE THE PERSONAL INFORMATION CONTAINED IN THE RECORDS BEFORE THE DISPOSAL OF THE RECORDS.

3. MODIFY THE RECORDS TO MAKE THE PERSONAL INFORMATION UNREADABLE BEFORE THE DISPOSAL OF THE RECORDS.

B. IF A BUSINESS VIOLATES SUBSECTION A OF THIS SECTION AND UPON A SHOWING OF ACTUAL FINANCIAL HARM AS A RESULT OF THE VIOLATION TO THE INDIVIDUAL WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS:

1. UPON THE FIRST VIOLATION, THAT BUSINESS SHALL BE SENT A WRITTEN WARNING BY CERTIFIED MAIL RETURN RECEIPT REQUESTED. THE WARNING SHALL IDENTIFY THE NATURE OF THE VIOLATION.

2. UPON ANY SUBSEQUENT VIOLATION, THAT BUSINESS SHALL BE FINED NOT MORE THAN $250 FOR EACH VIOLATION.

C. FOR PURPOSES OF SUBSECTION B OF THIS SECTION, ACTS ARISING OUT OF THE SAME DISPOSAL ACTIVITY OR OCCURRENCE SHALL BE A SINGLE VIOLATION.

D. ANY PERSON WHO, WITHOUT THE CONSENT OF THE BUSINESS OR THE INDIVIDUAL WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS, KNOWINGLY POSSESSES A RECORD THAT WAS DISPOSED OF BY A BUSINESS IS GUILTY OF A CLASS 1 MISDEMEANOR. NOTHING IN THIS SECTION SHALL PRECLUDE A PROSECUTION PURSUANT TO SECTION 13-2008.

E. ANY PERSON WHO, FOR ANY PURPOSE, USES PERSONAL INFORMATION CONTAINED IN RECORDS THAT WAS DISPOSED OF BY A BUSINESS IS LIABLE TO THE INDIVIDUAL WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS AND TO THE BUSINESS THAT DISPOSED OF THOSE RECORDS FOR AN AMOUNT OF DAMAGES RESULTING FROM THE USE OF THE PERSONAL INFORMATION. THIS PARAGRAPH DOES NOT APPLY TO A PERSON WHO USES PERSONAL INFORMATION WITH THE CONSENT OF THE INDIVIDUAL WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS OR OF THE BUSINESS THAT DISPOSED OF THOSE RECORDS.

 

(AMENDMENTS TO HB2351)

--------------------------
COMMITTEE ON JUDICIARY
SENATE AMENDMENTS TO H.B. 2351
(Reference to House engrossed bill)
--------------------------

Page 1, strike lines 20, 21 and 22, insert:
"4. "DISPOSE" DOES NOT INCLUDE THE FOLLOWING:
(a) THE SALE OF RECORDS.
(b) THE TRANSFER OF RECORDS FOR VALUE.
(c) THE DELIVERY OF RECORDS OR RECEIPTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS.
(d) THE RETURN OF RECORDS OR DOCUMENTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS."

Line 41, after "BUSINESS" strike remainder of line

Line 42, strike "BUSINESS"

Line 43, after "SHRED" insert "OR INCINERATE"

Page 2, strike lines 5 through 14, insert:
"4. ENTER INTO A CONTRACT WITH A THIRD PARTY TO DISPOSE OF THE RECORDS IF IN THE CONTRACT THE THIRD PARTY AGREES TO BOTH OF THE FOLLOWING:
(a) DESTROY THE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
(b) ENSURE THAT NO UNAUTHORIZED PERSON WILL HAVE ACCESS TO PERSONAL INFORMATION CONTAINED IN THE RECORDS FROM THE TIME THE THIRD PARTY TAKES POSSESSION OF THE RECORDS UNTIL THE THIRD PARTY DESTROYS THOSE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
B. COMPLIANCE WITH SUBSECTION A OF THIS SECTION IS AN AFFIRMATIVE DEFENSE FOR A BUSINESS TO ANY CLAIM AGAINST THAT BUSINESS ARISING OUT OF THE USE OF PERSONAL INFORMATION CONTAINED IN RECORDS THAT WERE DISPOSED OF BY THAT BUSINESS."
Reletter to conform
Amend title to conform
3/26/01
11:56 AM
S: ES/jas

 

--------------------------
PROPOSED AMENDMENT
SENATE AMENDMENTS TO H.B. 2351
(Reference to House engrossed bill)
--------------------------

Page 1, line 5, strike "CUSTOMER" insert "BUSINESS"

Line 10, strike the second comma

Strike lines 20, 21 and 22, insert:
"4. "DISPOSE" DOES NOT INCLUDE THE FOLLOWING:
(a) THE SALE OF RECORDS.
(b) THE TRANSFER OF RECORDS FOR VALUE OR TO A RELATED ENTITY.
(c) THE DELIVERY OF RECORDS OR RECEIPTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS.
(d) THE RETURN OF RECORDS OR DOCUMENTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS."

Line 25, strike "PERSON'S" insert "INDIVIDUAL'S"

Line 26, after "FOLLOWING" insert "PERSONAL IDENTIFIERS OF THE INDIVIDUAL"; after the colon strike remainder of line

Strike lines 27 through 31 insert:
"(a) MOTHER'S MAIDEN NAME.
(b) SIGNATURE.
(c) SOCIAL SECURITY NUMBER.
(d) BIOMETRIC IDENTIFIER.
(e) RESIDENCE OR MAILING ADDRESS.
(f) TELEPHONE NUMBER.
(g) PASSPORT NUMBER.
(h) DRIVER LICENSE NUMBER.
(i) NONOPERATING IDENTIFICATION LICENSE NUMBER.
(j) INSURANCE POLICY NUMBER.
(k) MEDICAL INFORMATION.
(l) EMPLOYMENT OR EMPLOYMENT HISTORY.
(m) BIRTH DATE.
(n) BANK ACCOUNT NUMBER.
(o) CREDIT CARD NUMBER.
(p) DEBIT CARD NUMBER.
(q) ANY OTHER FINANCIAL INFORMATION."

Page 1, line 41, after "BUSINESS" strike remainder of line

Line 42, strike "BUSINESS"

Line 43, after "SHRED" insert "OR INCINERATE"

Page 2, strike lines 5 through 14, insert:
"4. ENTER INTO A CONTRACT WITH A THIRD PARTY TO DISPOSE OF THE RECORDS IF IN THE CONTRACT THE THIRD PARTY AGREES TO DO BOTH OF THE FOLLOWING:
(a) DESTROY THE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
(b) ENSURE THAT NO UNAUTHORIZED PERSON WILL HAVE ACCESS TO PERSONAL INFORMATION CONTAINED IN THE RECORDS FROM THE TIME THE THIRD PARTY TAKES POSSESSION OF THE RECORDS UNTIL THE THIRD PARTY DESTROYS THOSE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
B. COMPLIANCE WITH SUBSECTION A OF THIS SECTION IS AN AFFIRMATIVE DEFENSE FOR A BUSINESS TO ANY CLAIM AGAINST THAT BUSINESS ARISING OUT OF THE USE OF PERSONAL INFORMATION CONTAINED IN RECORDS THAT WERE DISPOSED OF BY THAT BUSINESS."
Reletter to conform

Line 18, strike "NOTHING IN"; strike "SHALL PRECLUDE" insert "DOES NOT PROHIBIT"

Line 21, strike "WAS" insert "WERE"

Line 23, strike "AN AMOUNT OF"

After line 27, insert:
"E. THIS SECTION DOES NOT APPLY TO ANY FEDERAL, STATE OR LOCAL LAW ENFORCEMENT AGENCY OR AN EMPLOYEE OR AGENT OF ANY FEDERAL, STATE OR LOCAL LAW ENFORCEMENT AGENCY WHO IS ACTING WITHIN THE SCOPE OF THAT EMPLOYEE'S OR AGENT'S OFFICIAL CAPACITY."
Amend title to conform
3/27/01
3:27 PM
S: JS/jas

 

--------------------------
PROPOSED AMENDMENT
SENATE AMENDMENTS TO H.B. 2351
(Reference to House engrossed bill)
--------------------------

Page 1, line 5, strike "CUSTOMER" insert "BUSINESS"

Line 10, strike the second comma

Strike lines 20, 21 and 22, insert:
"4. "DISPOSE" DOES NOT INCLUDE THE FOLLOWING:
(a) THE SALE OF RECORDS.
(b) THE TRANSFER OF RECORDS FOR VALUE.
(c) THE DELIVERY OF RECORDS OR RECEIPTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS.
(d) THE RETURN OF RECORDS OR DOCUMENTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS."

Line 25, strike "PERSON'S" insert "INDIVIDUAL'S"

Line 26, after "FOLLOWING" insert "PERSONAL IDENTIFIERS OF THE INDIVIDUAL"; after the colon strike remainder of line

Strike lines 27 through 31 insert:
"(a) MOTHER'S MAIDEN NAME.
(b) SIGNATURE.
(c) SOCIAL SECURITY NUMBER.
(d) BIOMETRIC IDENTIFIER.
(e) RESIDENCE OR MAILING ADDRESS.
(f) TELEPHONE NUMBER.
(g) PASSPORT NUMBER.
(h) DRIVER LICENSE NUMBER.
(i) NONOPERATING IDENTIFICATION LICENSE NUMBER.
(j) INSURANCE POLICY NUMBER.
(k) MEDICAL INFORMATION.
(l) EMPLOYMENT OR EMPLOYMENT HISTORY.
(m) BIRTH DATE.
(n) BANK ACCOUNT NUMBER.
(o) CREDIT CARD NUMBER.
(p) DEBIT CARD NUMBER.
(q) ANY OTHER FINANCIAL INFORMATION."

Page 1, line 41, after "BUSINESS" strike remainder of line

Line 42, strike "BUSINESS"

Line 43, after "SHRED" insert "OR INCINERATE"

Page 2, strike lines 5 through 14, insert:
"4. ENTER INTO A CONTRACT WITH A THIRD PARTY TO DISPOSE OF THE RECORDS IF IN THE CONTRACT THE THIRD PARTY AGREES TO DO BOTH OF THE FOLLOWING:
(a) DESTROY THE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
(b) ENSURE THAT NO UNAUTHORIZED PERSON WILL HAVE ACCESS TO PERSONAL INFORMATION CONTAINED IN THE RECORDS FROM THE TIME THE THIRD PARTY TAKES POSSESSION OF THE RECORDS UNTIL THE THIRD PARTY DESTROYS THOSE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
B. COMPLIANCE WITH SUBSECTION A OF THIS SECTION IS AN AFFIRMATIVE DEFENSE FOR A BUSINESS TO ANY CLAIM AGAINST THAT BUSINESS ARISING OUT OF THE USE OF PERSONAL INFORMATION CONTAINED IN RECORDS THAT WERE DISPOSED OF BY THAT BUSINESS."
Reletter to conform

Line 18, strike "NOTHING IN"; strike "SHALL PRECLUDE" insert "DOES NOT PROHIBIT"

Line 21, strike "WAS" insert "WERE"

Line 23, strike "AN AMOUNT OF"
Amend title to conform
3/27/01
10:04 AM
S: JS/jas

 

--------------------------
PROPOSED AMENDMENT
SENATE AMENDMENTS TO H.B. 2351
(Reference to House engrossed bill)
--------------------------

Page 1, strike lines 20, 21 and 22, insert:
"4. "DISPOSE" DOES NOT INCLUDE THE FOLLOWING:
(a) THE SALE OF RECORDS.
(b) THE TRANSFER OF RECORDS FOR VALUE.
(c) THE DELIVERY OF RECORDS OR RECEIPTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS.
(d) THE RETURN OF RECORDS OR DOCUMENTS TO THE CUSTOMER OR TO THE PERSON WHOSE PERSONAL INFORMATION IS CONTAINED IN THE RECORDS."

Line 41, after "BUSINESS" strike remainder of line

Line 42, strike "BUSINESS"

Line 43, after "SHRED" insert "OR INCINERATE"

Page 2, strike lines 5 through 14, insert:
"4. ENTER INTO A CONTRACT WITH A THIRD PARTY TO DISPOSE OF THE RECORDS IF IN THE CONTRACT THE THIRD PARTY AGREES TO BOTH OF THE FOLLOWING:
(a) DESTROY THE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
(b) ENSURE THAT NO UNAUTHORIZED PERSON WILL HAVE ACCESS TO PERSONAL INFORMATION CONTAINED IN THE RECORDS FROM THE TIME THE THIRD PARTY TAKES POSSESSION OF THE RECORDS UNTIL THE THIRD PARTY DESTROYS THOSE RECORDS PURSUANT TO PARAGRAPH 1, 2 OR 3 OF THIS SUBSECTION.
B. COMPLIANCE WITH SUBSECTION A OF THIS SECTION IS AN AFFIRMATIVE DEFENSE FOR A BUSINESS TO ANY CLAIM AGAINST THAT BUSINESS ARISING OUT OF THE USE OF PERSONAL INFORMATION CONTAINED IN RECORDS THAT WERE DISPOSED OF BY THAT BUSINESS."
Reletter to conform
Amend title to conform
3/26/01
11:56 AM
S: ES/jas

 

House Bill 2352

--------------------------
State of Arizona
House of Representatives
Forty-fifth Legislature
First Regular Session
2001
--------------------------
HOUSE BILL 2352
--------------------------

AN ACT

AMENDING TITLE 44, ARIZONA REVISED STATUTES, BY ADDING CHAPTER 29; RELATING TO CREDIT CARD COMPANIES.

Be it enacted by the Legislature of the State of Arizona:

Section 1. Title 44, Arizona Revised Statutes, is amended by adding chapter 29, to read:

CHAPTER 29

CREDIT CARD MARKETING INFORMATION

ARTICLE 1. GENERAL PROVISIONS

44-7201. Definitions

FOR THE PURPOSES OF THIS CHAPTER:

1. "CARDHOLDER" MEANS A CONSUMER TO WHOM A CREDIT CARD IS ISSUED, EXCEPT THAT IF MORE THAN ONE CREDIT CARD HAS BEEN ISSUED FOR THE SAME ACCOUNT, ALL PERSONS WHO HOLD A CREDIT CARD UNDER THE SAME ACCOUNT MAY BE TREATED AS A SINGLE CARDHOLDER.

2. "CREDIT CARD" MEANS ANY CARD, PLATE, COUPON BOOK OR OTHER SINGLE CREDIT DEVICE THAT IS USED ON PRESENTATION TO OBTAIN MONEY, PROPERTY, LABOR OR SERVICES ON CREDIT. CREDIT CARD DOES NOT INCLUDE THE FOLLOWING:

(a) ANY SINGLE CREDIT DEVICE USED TO OBTAIN TELEPHONE PROPERTY, LABOR OR SERVICES IN ANY TRANSACTION UNDER PUBLIC UTILITY TARIFFS.

(b) ANY DEVICE THAT MAY BE USED TO OBTAIN CREDIT PURSUANT TO AN ELECTRONIC FUND TRANSFER BUT ONLY IF THE CREDIT IS OBTAINED UNDER AN AGREEMENT BETWEEN A CONSUMER AND A FINANCIAL INSTITUTION TO EXTEND CREDIT WHEN THE CONSUMER'S ASSET ACCOUNT IS OVERDRAWN OR TO MAINTAIN A SPECIFIED MINIMUM BALANCE IN THE CONSUMER'S ASSET ACCOUNT.

(c) ANY KEY OR CARD KEY THAT IS USED AT AN AUTOMATED DISPENSING OUTLET TO OBTAIN OR PURCHASE PETROLEUM PRODUCTS AND THAT IS USED PRIMARILY FOR BUSINESS RATHER THAN PERSONAL OR FAMILY PURPOSES.

3. "MARKETING INFORMATION" MEANS THE CATEGORIZATION OF CARDHOLDERS THAT IS COMPILED BY A CREDIT CARD ISSUER, THAT IS BASED ON A CARDHOLDER'S SHOPPING PATTERNS, SPENDING HISTORY OR BEHAVIORAL CHARACTERISTICS DERIVED FROM ACCOUNT ACTIVITY AND THAT IS PROVIDED TO A MARKETER OF GOODS OR SERVICES OR A SUBSIDIARY OR AFFILIATE ORGANIZATION OF THE COMPANY THAT COLLECTS THE INFORMATION FOR CONSIDERATION. MARKETING INFORMATION DOES NOT INCLUDE:

(a) AGGREGATE DATA THAT DOES NOT IDENTIFY A CARDHOLDER BASED ON THE CARDHOLDER'S SHOPPING PATTERNS, SPENDING HISTORY OR BEHAVIORAL CHARACTERISTICS DERIVED FROM ACCOUNT ACTIVITY.

(b) ANY COMMUNICATION TO ANY PERSON IN CONNECTION WITH ANY TRANSFER, PROCESSING, BILLING, COLLECTION, CHARGE BACK, FRAUD PREVENTION, CREDIT CARD RECOVERY OR ACQUISITION OF OR FOR CREDIT CARD ACCOUNTS.

44-7202. Credit cards; marketing information; nondisclosure; civil action

A. IF A CREDIT CARD ISSUER DISCLOSES MARKETING INFORMATION CONCERNING A CARDHOLDER TO ANY PERSON, THE CREDIT CARD ISSUER SHALL PROVIDE A WRITTEN NOTICE TO THE CARDHOLDER THAT CLEARLY AND CONSPICUOUSLY DESCRIBES THE CARDHOLDER'S RIGHT TO PROHIBIT THE DISCLOSURE OF MARKETING INFORMATION THAT CONCERNS THE CARDHOLDER AND THAT DISCLOSES THE CARDHOLDER'S IDENTITY. THE CREDIT CARD ISSUER SHALL PROVIDE THE NOTICE IN TEN POINT TYPE AND SHALL ADVISE THE CARDHOLDER OF THE CARDHOLDER'S ABILITY TO RESPOND EITHER BY COMPLETING A PREPRINTED FORM OR BY CALLING A TOLL FREE TELEPHONE NUMBER.

B. A CREDIT CARD ISSUER COMPLIES WITH THE REQUIREMENTS OF SUBSECTION A BY PROVIDING THE NOTICE TO THE CARDHOLDER:

1. AT LEAST SIXTY DAYS BEFORE THE CREDIT CARD ISSUER INITIALLY DISCLOSES MARKETING INFORMATION CONCERNING THE CARDHOLDER.

2. FOR ALL NEW CREDIT CARDS ISSUED ON OR AFTER APRIL 1, 2002, ON THE FORM CONTAINING THE NEW CREDIT CARD WHEN THE CREDIT CARD IS DELIVERED TO THE CARDHOLDER.

3. AT LEAST ONCE PER CALENDAR YEAR, TO EVERY CARDHOLDER WHO IS ENTITLED TO RECEIVE AN ANNUAL STATEMENT OF BILLINGS RIGHTS PURSUANT TO 12 CODE OF FEDERAL REGULATIONS 226.9 (REGULATION Z). THE CREDIT CARD ISSUER MAY INCLUDE THE NOTICE REQUIRED BY THIS PARAGRAPH ON OR WITH ANY PERIODIC STATEMENT OR WITH THE DELIVERY OF THE RENEWAL CARD.

C. THE CARDHOLDER'S ELECTION TO PROHIBIT DISCLOSURE OF MARKETING INFORMATION IS EFFECTIVE ONLY FOR MARKETING INFORMATION THAT IS DISCLOSED TO ANY PARTY BEGINNING THIRTY DAYS AFTER THE CREDIT CARD ISSUER HAS RECEIVED THE CARDHOLDER'S ELECTION TO PROHIBIT DISCLOSURE. THIS DOES NOT APPLY TO THE DISCLOSURE OF MARKETING INFORMATION BEFORE THE CARDHOLDER'S NOTIFICATION TO THE CREDIT CARD ISSUER OF THE CARDHOLDER'S ELECTION.

D. AN ELECTION TO PROHIBIT DISCLOSURE OF MARKETING INFORMATION TERMINATES WHEN THE CREDIT CARD ISSUER RECEIVES NOTICE FROM THE CARDHOLDER THAT THE CARDHOLDER'S ELECTION TO PROHIBIT DISCLOSURE IS NO LONGER EFFECTIVE.

E. THIS SECTION DOES NOT APPLY TO ANY COMMUNICATION OF MARKETING INFORMATION BY A CREDIT CARD ISSUER TO ANY OF THE FOLLOWING:

1. A PARTY TO OR MERCHANT SPECIFIED IN THE CREDIT CARD AGREEMENT OR TO ANY PERSON WHOSE NAME APPEARS ON THE CREDIT CARD OR ON WHOSE BEHALF THE CREDIT CARD IS ISSUED.

2, A CONSUMER REPORTING AGENCY PURSUANT TO CHAPTER 11, ARTICLE 6 OF THIS TITLE.

3. A THIRD PARTY IF THE THIRD PARTY IS RESPONSIBLE FOR CONVEYING INFORMATION FROM THE CREDIT CARD ISSUER TO ANY OF ITS CARDHOLDERS.

F. TO THE EXTENT THE FAIR CREDIT REPORTING ACT (15 UNITED STATES CODE SECTIONS 1681 THROUGH 1681u) PREEMPTS THE REQUIREMENTS OF THIS SECTION AS TO COMMUNICATION BY A CREDIT CARD ISSUER TO A CORPORATE SUBSIDIARY OR AFFILIATE, THE CREDIT CARD ISSUER MAY COMMUNICATE INFORMATION ABOUT A CARDHOLDER TO A CORPORATE SUBSIDIARY OR AFFILIATE TO THE EXTENT AND IN THE MANNER ALLOWED BY THE FAIR CREDIT REPORTING ACT.

G. IF FEDERAL LAW REQUIRES DISCLOSURE TO CARDHOLDERS REGARDING THE USE OF PERSONAL INFORMATION, COMPLIANCE WITH THE FEDERAL LAW IS DEEMED TO BE COMPLIANCE WITH THIS SECTION.

H. ANY PERSON WHO IS AGGRIEVED BY A VIOLATION OF THIS ARTICLE MAY BRING A CIVIL ACTION IN A COURT OF APPROPRIATE JURISDICTION TO RECOVER ACTUAL DAMAGES, OBTAIN AN INJUNCTION OR ANY OTHER REMEDY AVAILABLE AT LAW OR EQUITY AND RECOVER REASONABLE ATTORNEY FEES.

Sec. 2. Effective date

This act is effective from and after March 31, 2002.

 


   
 


Sarbanes-Oxley Act of 2002 H.R. 3763 - Summary of Provisions.   Legislative update by ARMA International that summaries the records and information requirements as provided for in the text of the law.   (SEE THE TEXT OF LAW BELOW)
 
Sarbanes-Oxley Act of 2002 H.R. 3763 - Text of law.   United States House of Representatives bill, as amended by the Senate, and enacted on July 30, 2002.  This bill address auditing and reporting practices raised by the Enron, and Arthur Anderson debacles.
 
Arizona Senate Bill 1284 - Sale of information.   Regardless of any law to the contrary, no person, business entity, state agency or political subdivision is authorized to sell information about a person or business entity within the state of Arizona unless prior authorization is given in writing. 
 
Arizona Senate Bill 1415 HE - Timely production of public records under the act.   If a person asks a public records custodian to mail him a record, the custodian has 20 working days to notify the requesting person that the record will be "timely produced", and that the record may be examined on site because the custodian "lacks a reasonable capacity" to reproduce it, or that the request must be "clarified." 
 
Arizona House Bill 2704 - Social security numbers.   Limits and conditions and exceptions thereof are put on the use of a person's social security number, including to provide that no person, or entity, may intentionally communicate or otherwise make an individual's social security number available to the general public. 
 
Arizona House Bill 2351 - Personal information.   This will make it mandatory for all companies to shred or incinerate customer/personal records, will make it a class 1 misdemeanor to possess such information, and make one liable for damages for the use of that information without consent. 
 
Arizona House Bill 2352 - Personal information.   This will prevent all credit card, or purchasing key card companies, and any card issuers, from the marketing of information (i.e. shopping patterns and spending history) of specific cardholders without permission.
 
Department of Defense ERMS Criteria - Design standards DoD 5015.2 STD.
FYI - Revision 1 of design criterial standard for electronic records management software applications - May 2001.  
 
Joomla Templates by JoomlaShack Joomla Templates