[CTRL] Many Banks Fall Short in Providing Online Privacy Choices to Customers (fwd)

[Yardbird]

-Caveat Lector-

CDT POLICY POST Volume 7, Number 7, August 30, 2001

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:
(1) Many Banks Fall Short in Providing Online Privacy Choices to Customers
(2) Background on Banking Privacy
(3) CDT Files Complaint with FTC Against Online Mortgage Companies
(4) Online Privacy Issues May Heat Up when Congress Returns

----------------------------------------------------------------------

(1) MANY BANKS FALL SHORT IN PROVIDING ONLINE PRIVACY CHOICES TO CUSTOMERS

Online banks are not giving consumers convenient, online opportunities to
limit disclosure of their personal financial information, forcing customers
to use more cumbersome offline mechanisms to opt-out of data sharing,
according to a recent CDT study.

The study, released August 29, found that, of 100 banks studied that offer
their customers the ability to open accounts online and use other banking
services online (such as bill payment, mortgage quotes, and much more),
only 22% provide their customers equally convenient online means of
preventing information sharing with other companies.

Of greatest concern, the study found that several mortgage companies
offering online services were not giving their customers any notice of
their privacy practices.  This seems to be in direct violation of the
new federal banking law, the Gramm-Leach-Bliley Act ("GLB"), which went
into effect on July 1.

CDT's report also found the surprising result that some of the bigger
banks have the fewest online privacy options, with almost half offering
little or no ability for customers to opt-out of information sharing
with third parties.

But the news wasn't all bad.  Some banks give customers a wide range of
online and offline options for limiting disclosure of data. Among the
banks that led the way with best practices were the Internet Bank, which
promised not to share customers' information without their affirmative
consent (opt-in), and First Union, which provides customers a secure
online Web site to remove their information from various kinds of sharing
and offers a toll free number for assistance as well.

Based on the results of the study, CDT made the following recommendations:

* Financial institutions should follow the best practices identified in
  the study.  Thirteen institutions adhered to an opt-in policy for
  unaffiliated third-party sharing.  Seven banks offered customers the
  opportunity to opt-out through a range of means, including the
  opportunity to opt-out online.  Others should be living up to these
  standards, as a minimum.

* Policy makers should carefully consider the exceptions in the GLB law.
  Many large institutions that do not share information with third parties
  reserve the right to share with affiliates and "marketing partners" and
  the law allows them to do so without offering any opt-out.

* The Federal Trade Commission should look into the practices of the
  online mortgage companies that do not give consumers notice of their
  privacy practices.  The FTC has oversight responsibility under the GLB
  law for various institutions, including the independent mortgage
  companies.  These companies fared worst in the study.

* Policy makers considering broader Internet privacy legislation should
  learn from the lessons of the GLB Act.  Requiring an opt-out choice
  for the financial industry has not yet given consumers easy-to-use
  controls over disclosure and use of personal financial information.

The full report, entitled "Online Banking Privacy: A Slow, Confusing
Start to Giving Customers Control Over Their Information," is online:
http://www.cdt.org/privacy/financial/010829onlinebanking.pdf [PDF- 7 MB]

----------------------------------------------------------------------

(2) BACKGROUND ON BANKING PRIVACY

Privacy, especially Internet privacy, has become one of the most important
issues in the lives of Americans.  At the same time, consumers are eager
to take advantage of the convenience of online services, including online
banking.  Over a quarter of Americans who have gone online have used the
Internet to bank or invest.   Failure to address privacy concerns will
hamper growth of this online marketplace and undermine the consumer trust
that is essential to sustained online usage.

A recent attempt to address privacy concerns is the Gramm-Leach-Bliley Act
of 1999 ("GLB"), which deregulated financial institutions and implemented
a series of privacy standards that went into effect July 1, 2001.

Title V of GLB requires banks and other financial institutions to disclose
to their customers their information gathering and sharing practices.
Further, personal financial information may not be shared with unaffiliated
third parties unless the customer is given an opportunity, commonly
referred to as opt-out, to prevent such sharing.  The law's opt-out
requirement does not apply to the internal use of information and the
sharing of information with affiliates and "marketing partners," allowing
banks to share information with those entities without giving customers
any choice. When the GLB law was passed, many advocates criticized these
privacy provisions as too weak.

In recent months, as a result of GLB, almost every American has received
one or more privacy notices in the mail from a financial institution such
as a credit card company, insurance agent, stock broker or bank.  Privacy
experts have criticized these printed notices as complex and confusing.

Due to the unique concerns that Americans have with online privacy, CDT
decided to look at how institutions offering online financial services
were complying with the privacy provisions of GLB .

In particular, we wanted to see if financial institutions offering online
services were also offering online privacy choices to their customers.
In marketing online services, financial institutions consistently refer to
ease and convenience.  It seems only logical that the banks should provide
consumers with a similarly convenient set of privacy choices online. Our
study found that many banks were missing an opportunity to make online
opt-outs easier for consumers.

For more general information on financial privacy, see:

* The Privacy Rights Clearinghouse Financial Information Page:
  http://www.privacyrights.org/financial.htm

* Consumers Union's Financial Privacy Page:
  http://consumersunion.org/i/Financial_Services/Financial_Privacy/

----------------------------------------------------------------------

(3) CDT FILES COMPLAINT WITH FTC AGAINST ONLINE MORTGAGE COMPANIES

In the course of surveying online financial institutions, we found that a
number of online mortgage companies did not offer adequate notice of their
privacy practices when they collected personal information from consumers.
One, Sterling Mortgage, responded by promising to post a privacy policy
soon.  Five others did not respond, so we filed a complaint with the
Federal Trade Commission, which has jurisdiction over online mortgage
company compliance with GLB.

Our complaint asks the FTC to investigate and, if appropriate, order the
companies to post the required privacy policy or take other action as
required by law.

The five companies named in the complaint are

* Advantage Mortgage - http://www.advantagemortgageonline.com
* Ameriwest Mortgage - http://www.ameriwest.com
* Central New England Mortgage - http://www.newenglandmortgages.com
* G.M. Mortgage - http://www.gmmortgage.net
* Online Mortgage Corporation - http://www.mortgageweb.com

In recent years, the FTC has shown growing interest in privacy issues. The
new Chairman of the Commission has expressed an interest in receiving
specific complaints about privacy violations. CDT will be on the lookout
for other privacy violations that merit the Commission's attention.

The CDT complaint is online at
http://www.cdt.org/privacy/financial/010829ftc.shtml

----------------------------------------------------------------------

(4) ONLINE PRIVACY ISSUES MAY HEAT UP WHEN CONGRESS RETURNS

Consumer privacy issues, which were high on Congress' agenda at the end of
last year, seemed to have fallen in priority this year, but that may change
with Congress' return next week from its August recess.

In the Senate, several privacy bills have been introduced, but the major
actors from last year, including the Commerce Committee Chairman and
Ranking Member Senator Fritz Hollings (D-SC) and Senator John McCain (R-AZ),
have not yet introduced legislation.  However, the Commerce Committee's
recent hearings revealed intense interest on the part of a number of
Senators.  CDT expects to see further legislation introduced in the next
couple of months, along with efforts to develop a set of protections that
could attract wide sponsorship.

The House Commerce Committee has held several hearings on various online
privacy issues.  Senior Republicans are likely to introduce a bill this
Fall, but efforts at a bi-partisan approach have yet to begin.

You can follow the major online consumer privacy bills at CDT's Privacy
Legislation Page -- http://www.cdt.org/legislation/107th/privacy/

----------------------------------------------------------------------

Detailed information about online civil liberties issues may be found at
  http://www.cdt.org/.

This document may be redistributed freely in full or linked to
  http://www.cdt.org/publications/pp_7.07.shtml.

Excerpts may be re-posted with prior permission of [EMAIL PROTECTED]

Policy Post 7.07 Copyright 2001 Center for Democracy and Technology




--
To subscribe to CDT's Activist Network, sign up at:
  http://www.cdt.org/join/

If you ever wish to remove yourself from the list, unsubscribe at:
  http://www.cdt.org/action/unsubscribe.shtml

If you just want to change your address, you should unsubscribe
yourself and then sign up again or contact: [EMAIL PROTECTED]
--
Michael Clark, Grassroots Webmaster
[EMAIL PROTECTED]
PGP Key available on keyservers

Center for Democracy and Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
http://www.cdt.org/
voice: 202-637-9800
fax: 202-637-0968

<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance�not soap-boxing�please!  These are
sordid matters and 'conspiracy theory'�with its many half-truths, mis-
directions and outright frauds�is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.

Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
 <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>

http:[EMAIL PROTECTED]/
 <A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]

To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]

Om