Bill Summary – FastDemocracy

BILL NUMBER: S4413
SPONSOR: MAY

TITLE OF BILL:
An act to amend the general business law, in relation to deletion of a
consumer's financial information after cancellation of an automatic
renewal or continuous service

PURPOSE:
The purpose of this bill is to provide affirmative confirmation that a
consumer's payment method information is removed from a service provid-
ers' records after a request to discontinue the service, or the automat-
ic payment for a service, is made by the consumer.

SUMMARY OF PROVISIONS:
The bill adds a new subdivision 6 to section 527 of the general business
law to define "financial information".
A new subdivision 3-a is added to section 527-a of the general business
law to provide that a consumer's request to cancel an automatic renewal
or continuous service shall result in the deletion of any and all
payment methods held by the business unless retaining such information
is expressly affirmed by the consumer. Such payment information records
shall be deleted within 14 days of request to cancel the service or the
automatic payment or the service.  Additionally, the consumer shall be
notified by mail or electronic means the date upon which the payment
information records were deleted with details about each form of payment
ever authorized or used by the service as a form of payment.
An exception is provided where a business is required to retain a
consumer's financial information due to state or federal law or regu-
lation.

JUSTIFICATION:
Consumers should be confident that cancellation of a service will also
result in the deletion of their payment methods at the time of cancella-
tion; however, it is a legal and common practice for businesses to
retain a customer's financial information after the cancellation of a
service. In fact, some services will admit that they retain payment
method records in a previous customer's "profile" unless specific
request for profile deletion is made by the customer.  The practice of
retaining former customers' financial data without their knowledge can
pose unnecessary financial risk to the customer should the business's
financial data ever be breached or hacked. Customer's credit card and
banking information, along with their personal data, are vulnerable to
misuse in this way even after a consumer has ceased receiving services
from the business. This bill will restore control of customers' finan-
cial data back in the customers' hands.

LEGISLATIVE HISTORY:
2023-2024: S.7851 (May)

FISCAL IMPLICATIONS:
None

EFFECTIVE DATE:
30 days after enactment
Statutes affected: 
S4413: 527 general business law, 527-a general business law