• FreeAdvice has a new Terms of Service and Privacy Policy, effective May 25, 2018.
    By continuing to use this site, you are consenting to our Terms of Service and use of cookies.

Consumer/Customer Privacy Rights

Accident - Bankruptcy - Criminal Law / DUI - Business - Consumer - Employment - Family - Immigration - Real Estate - Tax - Traffic - Wills   Please click a topic or scroll down for more.

LinxUs

Member
What is the name of your state? CA

I had my personal information sent by a financial institution in response to a subpoena in a court case that has now settled. Along with my personal information, I had my bank records, transactions, SSN, home address, etc. compromised in the matter.

I looked it up and apparently in California Civil Code 1985.3, financial institutions MUST provide a notice to its customers prior to sending anything, or that it has sent something of my privacy to a third-party even with issuance of a subpeona. I also looked too, and this is supported by the Gramm-Leach-Bliley Act (Federal law) showing the same thing. However, I cannot raise a lawsuit under the act.

The California Supreme Court decision in Valley Bank of Nevada v. Superior Court (1975) 15 Cal.3d 652, in which the court held that before a bank could release confidential information to a civil litigant about a bank customer, the bank was first required to take “reasonable steps” to notify the customer that the customer’s records were being sought. The Supreme Court wrote, “efore confidential customer information may be disclosed in the course of civil discovery proceedings, the bank must take reasonable steps to notify its customer of the pendency and nature of the proceedings and to afford the customer a fair opportunity to assert his interests by objecting to disclosure, by seeking an appropriate protective order, or by instituting other legal proceedings to limit the scope or nature of the matters sought to be discovered.” (Id. at p. 658; see also Lantz v. Superior Court (1994) 28 Cal.App.4th 1839, 1848 (Lantz).)

In addition, it must show its options to opt out, which this "financial institution" does not provide.

Obviously I have merits to raising a case, but my question is what exactly can I be sueing for? Breach of Contract? Civil Rights? Invasion of Privacy? Can I recover attorney fees?
 


Debt Guy

Senior Member
what exactly can I be sueing for? Breach of Contract? Civil Rights? Invasion of Privacy? Can I recover attorney fees?

Your question leads me to believe that you have not actually read GLEBA -- you should. Laws such a GLEBA are typically strict liability statutes and provide for a specified penalty for violation. Sometimes, they provide for actual damages. Usually, they provide for attorney fees for the consumer assuming the consumer prevails.

Caution that if the judge deems your lawsuit frivolous, s/he can award the defendant their attorney fees against you. Ouch.

Are you planning on bringing this action pro se or will you be hiring an attorney?

If the former, I suggest you buy a clue regarding matters of a legal nature where the defendant is a major deep pockets financial institutions with lawyers out the wazoo. Do you have the knowledge and motivation to pursue this?

You may wish to discuss this with an attorney. Try www.naca.net to find a local attorney who represents consumers.
 

LinxUs

Member
Reponse

Debt Guy:

Thanks for the response. I've read the GLB Act, and there are severe criminal penalties that can only be brought by the U.S. Attorney General (which can't represent me). So that why I am uncertain if I can raise a lawsuit under this. As I understand it, the penalties were meant to be amended under the bill Financial Institution Privacy Protection Act of 2003, which did not pass (according to govtrack).

I would hire a lawyer or work with someone interested in a class action lawsuit (based on the company's representation, there will be others). Since the company is California-based, it also violates California's statues as I described earlier and the cited cases relevent. I've talked to a number of attorneys about the matter and the only problem they raised is how I was damaged or harmed from the release of my information. Most attorneys--at least the one's I talked to--had an interest but thought it may not be worth the money. But its hard for me to decipher which ones are just selling me their practice.

At this time I am taking reasonable steps to determine what options I have under the law, communicating with the financial institution, etc. to determine my next course of action. Thanks for the advice on a frivolous lawsuit. Although I do not necessarily think I would be bringing a frivolous lawsuit. I simply would like to know the extent to which my information was provided and who else has recieved it. Since, for example, my SSN is non-public information and can royally screw me in the internet world, I need to know how it could be compromised. They [the financial institution] don't care to tell me where they sent my information to and refuse to provide me with the information. So if they are going to be non-complaint to my rather reasonable requests, I think thats pretty unacceptable. If your bank provided all of your information, SSN, home address, telephone number, maiden name, name, aliases, transactions, etc. to someone you don't know, wouldn't you like to know that? Especially if the information sent has ABSOLUTELY no relevence to that person. Its unfortunate that I would have to get an attorney and do a lawsuit, but legally and morally, I have a right to know.

No doubt the laws were broken, that's pretty consensual with everyone (attorneys and laymans alike) but is it seems that people are wondering if its worth time/effort. It seems too everyone agrees I should explore this matter. After reading the GLB Act, it seems I personally cannot raise a lawsuit under the GLB Act (only the U.S. attorney general can), or at least I don't have remedies under the law (just for penalties brought by the government). So going back to square one on how I can bring this forward.
 

Debt Guy

Senior Member
OK. I went back and re-read the original post.

If I understand what happened, your bank received a subpoena for certain information. They supplied the required information. You are saying that the bank violated your privacy rights when they answered the subpoena.

Do I have that right?

If so, the bank is in a real Catch-22. Ignore the subpoena and be sanctioned by the court. Comply and risk violation of privacy laws. What can they do?

It has been a real long time since I read GLEBA and even longer since I was a banker. My instincts say that the bank has an "exemption from the privacy laws" when answering to a court order. Now, I don't know that GLEBA says that. I do know that the FDCPA contains a similar exemption for the exposure of a collector from improper disclosure when responding to a court order. In my mind, the two scenarios are analogous. But, then as a banker I always acted based on my sense of what was right and what was wrong and usually told the lawyers to stick it (sometimes to my regret).

Your comments remind me that certain federal laws are actionable only by the government through their regulatory/enforcement body. When I really think about it, I probably was off-base when I said that GLEBA was a strict liability statute. I am accustomed to thinking about FDCPA which does not require the plaintiff to prove damage to prevail.

Some of the comments you are getting from the attorneys you are talking to is telling. You really have not been damaged. It does not seem anyone is leaping to the fore to take the case on contingency -- which means they see a whopping lot of work and modest chance of reward.

You seem bright and capable of learning. I'm thinking now that you would have to pursue this pro se. That is a very tall mountain to climb. Maybe you just have to let it go?
 

LinxUs

Member
Further response

Thanks for the reply. Actually, the company is Paypal and since they are very closely considered a ‘financial institution’, the attorneys I talked to said I could treat them as such. Therefore I believe they have to comply with the Gramm-Leach-Bliley Act.

I do not recall how they obtained my social security number; it is possible I gave it to them to increase my monthly withdrawal.

Anyways, I found out about this a few months later and read the subpoena. It was very broad and asked for ANY information about my account and ANY information about accounts with my name, address, etc. This was so broad, had I been properly notified, I could have easily filed a motion to quash discovery and would of prevailed—according to attorneys.

I agree with you and believe you are right that banks do not have to comply with ‘privacy rights’ as they may be exempt. Also, the GLB Act is unclear whether or not they need to send a notice when complying with a civil order. I believe they do. I believe it is meant to mirror the Rights to Financial Privacy Act, when it definitely requires a notice under law.

Under Section 1985.3 of the California Civil Rules of Procedure, I caught them like a cat in a fishbowl. Any medical institution, bank, financial institution, education institution, debt collector, mortgage, money wiring, etc. service or agency MUST provide a notice to their customer with the last known address, regarding a civil subpoena, to ‘opt out’ of their information being provided. I know for sure this was broken. Based on what happened, its ironclad. Also, based on their User Agreement, I can only file a lawsuit in California anyways.

I had an attorney take active interest in it, but it all comes down to how I was damaged. Was I really hurt by it? I say I was. This information leveraged the third-party’s ability to “harress” me based on my credit information, my banking information, so forth. Isn’t this where I can argue emotional distress? Aren’t they responsible for providing my SSN? I imagine if Paypal tries to weasel out of being a ‘financial institution’ there is strict laws against the disclosure of privacy rights? Also, as I said, I believe there could be many others and pretty sure a class action lawsuit would interest any attorney.
 

Debt Guy

Senior Member
As you wish.

I am not a CA expert. I spent a lot of years as a banker. When the bank receives a subpoena, you comply. End of conversation. Then you notify the consumer if so required by law. The beef is between the court and the consumer and the bank has no dog in that fight.

Seems to me that you are focusing on getting even with the wrong party. You've not shared the underlying story of woe. I'm guessing you lost in the courtroom and now you are trying to recover your loss from an innocent third party. Sigh.

You lost me on the "opt-out" business. You can opt-out of the financial institution sharing certain information with 3rd parties -- like marketing companies. If you are going to go into court and argue that you can opt-out of the financial institution complying with a subpoena -- well, you better have a buttload of botox if you intend to keep a straight face (copyright 2008 dcatz).

I don't see any damages. Claiming emotional distress is pretty far-fetched. Personally, I hope you have no success with this since we don't need another fruit loop precedent from some whacko judge. But, if it happens, then California will be the place for it -- take away the fruits and the nuts and all you got left are flakes.
 

Find the Right Lawyer for Your Legal Issue!

Fast, Free, and Confidential
data-ad-format="auto">
Top