3 § 706. Notice to consumer of this act. Not later than sixty days after the effective date of this act, a creditor shall send to each consumer, whose account was in existence on the effective date of this act, and with the first billing statement on any consumer credit plan issued or offered to a new consumer after the effective date of this act and upon each subsequent renewal of a consumer's account a written notice (by any means reasonably assuring the receipt thereof by the consumer) which describes the procedures to be followed under section seven hundred three of this act. § 707. Penalties. Any creditor, having received a notice from a consumer as provided in section seven hundred three of this act, who fails to comply with the requirements of that section: 1. If such an amount is not in fact a billing error, forfeits any rights to collect from the consumer any finance charge or other charge imposed by the creditor in connection with the amount so specified, from the date of the mailing of such notice to the date the creditor complies with section seven hundred three of this act; and 2. If such amount is in fact a billing error, is liable to the consumer in an amount equal to the sum of: (a) the actual damages sustained by the consumer as a result of the failure of the creditor to comply with such section; (b) twice the amount of the billing error shown in the statement of the consumer's account except that liability under this paragraph shall not be greater than one hundred dollars; and (c) in the case of any successful action to enforce the foregoing liability, the costs of the action together with a reasonable attorney's fee as determined by the court. 3. If such amount is in fact a billing error but the creditor shows by a preponderance of evidence that the violation was not intentional and resulted from bona fide error made despite the maintenance of procedures reasonably adopted to avoid any such error, the creditor shall be liable to the consumer only to the extent of the actual damages sustained by the consumer as a result of the failure of the creditor to comply with such section and the costs of any action brought to enforce collection of such erroneous bill together with a reasonable attorney's fee as determined by the court. § 3. This act shall take effect on the first day of November next succeeding the date on which it shall have become a law. STATE OF NEW YORK) 88: I have compared the preceding with the original law on file in this office, and do hereby certify that the same is a correct transcript there from and of the whole of said original law. JOHN P. LOMENZO LAWS OF NEW YORK.-By Authority CHAPTER 408 AN ACT to amend the general business law, in relation to giving notice to consumer by creditor of procedure in creditor billing Became a law June 5, 1973, with the approval of the Governor. Passed by a majority vote, three-fifths being present The People of the State of New York, represented in Senate and Assembly, do enact as follows: Section 1. Section seven hundred six of the general business law, as added by a chapter of the laws of nineteen hundred seventy-three entitled "An Act to amend the general business law, in relation to creditor billing errors", is hereby amended to read as follows: § 706. Notice to consumer of this act. Not later than sixty days after the effective date of this act, a creditor shall send to each consumer, whose account was in existence on the effective date of this act, and with or before the first billing statement on any consumer credit plan issued or offered to a new consumer after the effective date of this act and upon each subsequent renewal of a consumer's account a written notice (by any means reasonably assuring the receipt thereof by the consumer) which describes the procedures to be followed under section seven hundred three of this act. Provided, however, that with respect to an existing account on which there is no debit or credit balance on the effective date of this act, a creditor shall have the option of sending such notice with or before the first billing statement issued on such account after the effective date of this act. § 2. This act shall take effect on the first day of November next succeeding the date on which it shall have become a law. EXPLANATION Matter in italics is new; matter in brackets [] is old law to be omitted. STATE OF NEW YORK) Department of State) 88: I have compared the preceding with the original law on file in this office, and do hereby certify that the same is a correct transcript therefrom and of the whole of said original law. JOHN P. LOMENZO Secretary of State STATE OF NORTH DAKOTA ALLEN I. OLSON, ATTORNEY GENERAL, Re: S. 3418, sponsored by Senators Ervin, Muskie, and Percy. Senator SAM J. ERVIN JR., Chairman, Committee on Government Operations, U.S. Senate, Washington, D.C. DEAR SENATOR ERVIN: Your inquiry dated June 25, 1974, concerning our assessment and judgment of the captioned bill can now be answered with candor and with meaningful suggestion for the reason that this writer has completed a working draft of our new rules and guidelines governing the security, privacy, completeness and correctness of information in our also new Criminal Offender Records System, since receipt of your letter in our office. We will be glad to send copy of our newly drawn rules and guidelines if you and your committee would see a need for it. However, as your committee and you, we have been extremely patient and careful in our State so as to make our paramount concern the insuring of fairness, accuracy and privacy in criminal offender records, with secondary consideration for right to challenge inaccurate or incomplete records by the aggrieved individual, physical security of records and equipment, strictly controlled dissemination of criminal offender records to qualified criminal justice agencies and limited dissemination for analytical and research purposes. We will have an absolute prohibition against collection or dissemination of raw intelligence data (we do not like computer banks filled row on row with senseless and trivial information about citizens, hanging like the Sword of Damocles over people, ready to fall and literally destroy a lifetime-long and carefully built reputation by one unwarranted innuendo from a computer, programmed into the machine we know not when, by whom, or even why). Our rules and guidelines also contain sanctions, under both civil and criminal law for misuse or violation of any of the proposed rules. If my testimony would be required by your committee, I would be available on reasonable prior notice. I certainly do not consider myself an expert in the criminal offender records field, but my long experience as a prosecutor and as liaison officer for the North Dakota Attorney General's Office convinces me that your bill is not overly harsh or drastic or revoluntionary. It simply is a bill that will do the job and seal up the unconscionable and unwarranted leakage and exchange of highly personal information gathered under the guise of criminal offender record information, then freely and callously traded, bartered, and sold for profit over and over again. Your bill will help insure to every American in generations to come that Big Brother does not need to know more about us as individuals than is necessary to govern and guide us as free men; and not as the pathetic targets of every muckraking and frustrated demagogue who relies on what "his" computer "has on" the citizen. We commend your committee for your efforts and concern. CONRAD J. ZIEGLER, Special Assistant Attorney General. STATE OF OHIO OFFICE OF THE ATTORNEY GENERAL, Columbus, Ohio, July 19, 1974. Hon. SAM J. ERVIN, Jr., Chairman, Committee on Government Operations, DEAR SENATOR ERVIN: This is in reference to your letter dated June 25, 1974 in which you enclosed Senate Bill #3418 and requested my comments on this and other federal legislation. Please be advised that this Office is deeply involved in the computerization of the Criminal Justice System in Ohio. The Bureau of Criminal Identification and Investigation, which is a section within this Office, has primary responsibility for the design, development and operation of Criminal Histories, Offender Track ing System and the Uniform Crime Reports within the Criminal Justice Information System (CJIS). The CJIS concept and design is being managed by a CJIS Steering Committee made up of representatives from law enforcement, corrections, courts, the State Data Center, regional planning units and this Office. A separate sub-committee titled, "Security and Privacy" reviews all matters concerning the design and implementation as it related to individual privacy and systems security. It reviews all proposed, pending and existing legislation. It relies on technical memoranda and the Law Enforcement Assistance Administration (LEAA) in making its recommendations to the Steering Committee as a whole. System design in the State of Ohio is now well advanced. Implementation is projected for September, 1975. Therefore, the Steering Committee and this Office are most interested in monitoring and commenting on any legislation which impacts that system. Regarding the proposed legislation now before the United States Congress, I would make the following observations: This Office and the Steering Committee completely agree that any computerization of criminal records and its attending data must respect the individual's constitutional right to privacy. In addition, this legislation should recognize law enforcement's responsibility to insure that while it is performing its tasks, it balances its responsibility with the individual's right to privacy. Furthermore, the legislation should allow the states to take maximum advantage of existing and future technical advancements in this area. The legislation should also be defined in a very careful manner to insure that its provisions are not technically or financially impractical. In order to accomplish this, the legislation should continue to seek advice and imput from law enforcement and computer experts during its drafting. Any legislation should also allow for and recognize the advantage in the interface wih existing state systems and state legislation. Careful consideration should be given to the technical memoranda produced by LEAA and Project SEARCH. In regard to Senate Bill #3418, 3633, the Hruska Bill and others which this Office has reviewed, I would make the following observations: If legislation will create a federal Privacy Control Board, it should be managed by law enforcement experts and technicians who are familiar with the problems and practicalities. This management should be subject to legal review, possibly by the Attorney General. In addition, if the individual states have set up the machinery and legislation for the same or stricter review, the federal government should leave to those individual states a degree of independence in designing their systems. Finally, it is recommended that there be closer coordination with the federal agencies which are involved in this matter. In this regard, it is suggested that those individuals in LEAA who are responsible for granting funds to the states. for CJIS projects be constantly consulted since they, through their conditions to grant awards, have already "legislated" certain restrictions on states. In conclusion, let me express my appreciation to you for allowing me and my staff to comment on this matter. As future legislation and testimony becomes available, this Office is willing and able to participate in this dialogue. Should you desire this Office's view on any specific technical or legal provision within any specific piece of legislation, please do not hesitate to contact me. Again, thank you for your consideration in this matter, and please be assured of this Office's cooperation in all matters of mutual concern. Very truly yours, WILLIAM J. BROWN, OFFICE OF THE DIRECTOR, OHIO DEPARTMENT OF ADMINISTRATIVE SERVICES, Hon. SAM J. ERVIN, Jr., Chairman, Committee on Government Operations, DEAR SENATOR ERVIN: On behalf of Governor John J. Gilligan, I am pleased to reply to your letter of June 25, 1974. Ohio State Government has been concerning with the "right of privacy" and the Department of Administrative Serv ices has implemented a policy of prohibiting the exchange of personal information except when such exchange either (1) is required by law, (2) is the result of an existing contract, or (3) will benefit the welfare of the citizens of Ohio. Our experience has shown that the regulation of the exchange of information quite often has to be dealt with on a case by case basis; this is particularly true in the use of mailing lists. The following examples are included to illustrate the problem: The legislature has required that Ohio pharmacists, in order to renew their licenses, complete certain continuing education programs. Ohio State University and other institutions have established programs which will enable pharmacists to fill this requirement. So that pharmacists can be informed of these programs, we have allowed accredited institutions to use our mailing list of licensed pharmacists. The Department of Public Welfare has used files of dentists, doctors, pharmacists and nurses in order to validate its file of Medicaid Providers. Mailing lists are not being sold where the purpose is direct mailings to individuals of promotional material. Similarly, our experience suggests that stringent restriction on the use of Social Security Numbers would play havoc with beneficial and justifiable uses of this number which are already entente in both the private and public sectors. The Social Security Number is a tool; the real issues are protection of the confidentiality of the information which is with it and the use of that information. In addition, our experience indicates that there ought to be a board which could address the unique cases which will have to be considered under this kind of regulation. As I pointed out above, we have had to take a flexible approach in our regulation of mailing lists. We feel that it would be impossible for the law to deal with privacy safeguards in the detail needed for flexibility. Furthermore, placing the responsibility for administering this law in an existing agency would most likely mean that the regulator would have to regulate himself. As far as which systems should be covered by this legislation, I would like to make two points: 1. The legislation should cover both criminal justice and non-criminal justice systems. The need for legislation is especially pressing in the criminal justice area and, because of this, criminal justice systems should not be exempted. Making this legislation apply to criminal justice information should not, however, preclude legislation which specifically applies to criminal justice. That area may require additional safeguards. 2. Legislation to cover the private sector is needed at the Federal level to cover the private sector. It is impossible for the states to write bills effectively covering those organizations which are involved in interstate commerce. Turning to S. 3418. I would like to make a few comments: 1. We applaud the approach taken in this bill, especially the following: a. The Federal Privacy Board; b. The fact that all information systems are covered; c. The completeness of the safeguards outlined in Title II. 2. Sudden abolition of requirements for individuals to furnish Social Security Numbers (Section 203) is potentially dangerous. A revolt against divulging the number could render non-functional many existing systems operated by the State of Ohio. The economic consequences would be great. We would prefer to have Section 203 apply to new systems only and that the Board be given some authority over the use of the Social Security Number. 3. The philosophy of Federal legislation should be to encourage the State to enact their own laws for the protection of privacy, as in S. 2963, rather than having the Federal Government take all responsibility and then delegate it as in Section 103(a)(3). In Ohio, at least, there is strong interest in creating statutory safeguards and we expect some action in the near future. 4. The economic impact of maintaining a "a complete and accurate record... of every access to any personal information in a system" (Section 201(a) (9)) should be examined. If you record every access to every record then you must establish what is essentially another "personal information system". Also, recording every access to every record would be vastly more expensive than recording each use of a system. 5. The length of any statement concerning disputed information (Section 201 (a) (5) (c)) will have a profound impact on the cost of storage of information in a computerized system, especially if the data is kept on a direct access medium. 6. Information processors and the criminal justice community should be represented on any board. However, the composition of the board should be weighted in favor of the general citizenry. |