logo
Issues News Reports How You Can Help Results About U.S. PIRG U.S. PIRG Education Fund Jobs

U.S. PIRG Consumer Blog

« Blog taking your comments again | Main | Consumer groups respond to investor protection threats »

March 21, 2007

Feds issue model privacy notice proposal

Banking and financial regulators, led by the FTC, have today jointly issued a proposal for model financial privacy notices. Comments are due 60 days after the rule is published in the Federal Register, which should be in the next few days. You've seen the "I went to ___ and all I got was this lousy t-shirt" promotions. I sometimes think of the privacy notices like those t-shirts. But while fixing the financial privacy notices isn't the same as giving us actual privacy rights, it is a step forward and we support it. MORE.

Background: In 1999, Congress approved the Gramm-Leach-Bliley Financial Modernization Act, allowing mergers between disparate financial firms such as insurance companies, banks and securities firms. The goal of the law was to create one-stop shopping financial supermarkets. During debate on the law, it became clear that many financial firms were engaging in seamy practices involving the sharing and use of confidential customer data without knowledge, let alone consent. For example, Bank of America's predecessor bank, Nationsbank, was fined millions of dollars for allowing the records of conservative certificate of deposit holders to be shared internally with a securities affiliate running a telemarketing boiler room pitching risky stocks. U.S. Bank was fined by several state attorneys general after getting caught giving non-affiliated telemarketers the credit card and checking account numbers of its customers, who were then deceived into paying for supposed free trial offers.

Following an uphill bi-partisan effort led by Reps. Joe Barton (R-TX) and Ed Markey (D-MA) and Sens. Paul Sarbanes (D-MD) and Richard Shelby (R-AL), Congress begrudgingly added Title V to the act. That title required companies to safeguard the integrity of information and prohibited customer records from being shared unless consumers were first notified of information practices. GLBA requires an initial and annual privacy notice. The new law provided a limited opt-out allowing you to limit the sharing of your information with some, but not all, third party companies. Most sharing with affiliates and some third parties is generally allowed by GLBA under a "no-opt" or "no-rights" scheme. GLBA also imposes some limits on the sharing of account numbers with telemarketers. We've never been impressed with these because "free-to-pay" or "pre-acquired account telemarketing" problems have continued, regardless.

Under GLBA, firms covered by the act have provided long, complex, unintelligible privacy notices made worse by the fact that, when all is said and done, your opt-out rights are limited by the underlying statute. Yet every independent privacy and literacy expert who has reviewed the notices believes that most firms went out of their way to hide your limited opt-out rights anyway, and to intentionally confuse you. The banks blamed the complex notices on litigation risk and the recommendations of their lawyers, of course. Right. But some of them have urged better notices.

The new rules will simplify the notices and make your opt-out rights clearer. Ideally, having to explain consumer rights more simply may cause more companies to review and limit their promiscuous sharing policies. We urge you to read the proposed rule and make a comment.

Posted by Ed Mierzwinski at March 21, 2007 10:56 AM

Comments

Post a comment




Remember Me?



218 D. Street, SE Washington, DC 20003
Phone (202) 546-9707
E-mail: