|
...to share customer information. The law allows sharing of nonpublic information for a number of specific purposes and situations. Consumers must be notified of an institution's privacy policy and be given a chance to "opt-out" of information sharing with nonaffiliated third parties. How well does this work? A three-year longitudinal study of over 100 institutions looking at five elements of privacy statements found widespread compliance with existing privacy laws and extensive fine-tuning of privacy statements over the period. Nevertheless, it also confirmed that much nonpublic information is legally shared among joint-marketers and affiliated institutions, which may be a cause for concern and future legislation.
Introduction
Privacy of personal information, from medical to financial, has come to the forefront in the last few years largely due to publicity on such topics as identity theft, stolen credit card numbers, dissemination of medical history, and the use of unauthorized information by government and business. Media exposure has made people aware of the widespread availability of even the most personal information, such as credit-worthiness and personal spending habits. The availability and exchange of information in today's electronic world brings increasing concerns about violations of privacy. Surveys conducted over the last several years show that Americans are increasingly concerned about privacy issues (Hatch n.d., Mitchell, 1998).
Americans have a constitutional right to privacy regarding governmental interference: therefore, laws protect U.S. citizens against misuse of tax records and information sharing without specific authorization (Hatch n.d.). However, according to Gregory Shaffer (2000), personal information is traded and transferred about each U.S. citizen every five seconds, on average. Privacy breaches range from very serious identity theft incidents to unwanted marketing solicitations. Over the years Congress has acted to protect the privacy of consumer financial information, but, at times, industry lobbyists have intervened to dilute the proposed protections.
Background
The focus of this paper is financial privacy, specifically the protection of nonpublic personal information (NPI), the direction that legislation has taken, and the resulting privacy policies mandated by the privacy laws. The original intent of the Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act (GLB), was to reduce federal and state barriers to affiliation among financial providers such as banks, insurance companies, and securities firms (16 C.F.R. Section 314 Final Rule 2002). GLB enables these providers to affiliate under one corporate umbrella, often resulting in financial "supermarkets." The original Senate version of GLB had no privacy protections. However, two months after Senate passage the privacy issue arose during consideration by the House Commerce Committee. The original House proposal on privacy provided for a consumer opt-in policy before personal information could be shared, and also included a severe limitation on information sharing among affiliates, which lobbyists fought against--and won. The result was a requirement restricting information sharing with unaffiliated third parties via a notice and an opt-out provision necessitating action by consumers if they did not want their information shared (Kemper and Woody 2000; Fact Sheet 24c 2002).
Summary of the Law
The GLB Act, effective November 13, 2000, allows mergers of financial institutions and regulates the disclosure of NPI. The privacy provision of the law is intended to "(1) insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer" (15 U.S.C. section 6801b). The law applies to any financial institution that provides financial products or services to consumers. This definition is broad and covers entities such as mortgage brokers, insurance companies, checkcashing services, automobile dealerships if they arrange financing, accountants, financial advisors, and real estate brokers and appraisers. Traditionally, regulated financial businesses such as banks and brokerage houses are, of course, also covered (16 C.F.R. 313.3k; FTC 2002). In general, such institutions are required to publish a notice to consumers about their privacy policies. Furthermore, if they disclose information about consumers to unaffiliated third parties they must provide a method by which consumers can prevent such disclosure.
Exemptions
The privacy portion of GLB focuses on protecting NPI, which is information that is not otherwise publicly available (15 U.S.C. section 6809 4). GLB includes some exceptions on information-sharing based on transactions that are necessary for the ordinary course of business. These allow financial institutions to provide private information to certain third parties, such as credit reporting agencies or loan servicing operations (15 U.S.C. section 6802e). The exceptions include:
* Information sharing that is necessary for processing or administering a transaction requested or authorized by a customer (313.14).
* Disclosures for the purpose of preventing fraud or responding to judicial process, a subpoena, or complying with federal, state, or local laws (313.15).
* Financial products or services offered through a "joint marketing agreement" with another financial institution with whom there is a written contract (313.13).
The confidentiality of the shared information must be guaranteed, and customers cannot optout of this type of information sharing. (FFC 2002)
Sorting It Out
To determine which requirement applies to a particular firm, the following statutory definitions, provided by the FDIC in its publication "Privacy Choices" (2002),...
NOTE: All illustrations and photos
have been removed from this article.
Looking for additional articles?
Search our database of over 3 million articles.
Looking for more in-depth information on this industry?
Search our complete database of Industry & Market reports by text, subject, publication
name or publication date.
About Goliath
Whether you're looking for sales prospects, competitive information, company
analysis or best practices in managing your organization,
Goliath can help you meet your business needs.
Our extensive business information databases empower business
professionals with both the breadth and depth of credible,
authoritative information they need to support their business
goals. Whether it be strategic planning, sales prospecting,
company research or defining management best practices -
Goliath is your leading source for accurate information.
|
