Unless you've taken measures to prevent it, financial institutions are passing around your Social Security number, financial records and personal information like old photos at a family reunion. The information you've given banks, insurance companies and other financial institutions quietly fuels the modern financial services industry, where credit scores determine creditworthiness and customers are corralled into databases. But the California Legislature may change all that. This week, the state's lawmakers will decide the fate of a landmark consumer-privacy bill from state Sen. Jackie Speier that would create privacy standards that exceed federal law. "At issue here is who really has control of your personal information," says Tena Friery, research director of the Privacy Rights Clearinghouse, a nonprofit consumer advocacy site. "Once your bank sells your personal information to a third-party marketer or a telemarketer, that bank has lost all control over it, and it can be passed from one source to another." Not only do financial institutions make millions of dollars by selling your personal information, they stand to make millions more by tailoring marketing pitches based on what they've found out about you from others. Credit-card mailings, promotional emails about mortgage products and telemarketer phone calls are the public symptoms of this widespread phenomenon. It's more than an annoyance. As the flow of information has increased, so have the number of identity theft complaints. Last year, the Federal Trade Commission estimated that 750,000 people were victims of identity theft, a figure they expect to double by 2005. The problem with federal regulation, according to many consumer groups, is that it doesn't provide strong privacy protections for consumers, something the California bill, called SB773, is attempting to remedy.