This is a letter that USPIRG and other leading consumer, privacy and civil liberties groups sent Tuesday 8 May 00 to the government financial regulators condemning a possible delay in enforcement of the privacy provisions of the new Financial Modernization law from November 2000 to July 2001.

American Civil Liberties Union

Center for Democracy and Technology

Consumer Federation of America

Consumer Federation of California

Consumers Union

Eagle Forum

Electronic Privacy Information Center

Free Congress Foundation

Junkbusters, Inc.

National Consumers League

Neighbor To Neighbor

Privacy Rights Clearinghouse

Privacy Journal

Privacy Times

Utility Consumers' Action Network

U.S. Public Interest Research Group

9 May 2000

 The Honorable Alan Greenspan


Board of Governors of the Federal Reserve System

20th and C Streets, N.W.

Washington, D.C.  20551


The Honorable Donna Tanoue


Federal Deposit Insurance Corporation

550 17th Street, N.W.

Washington, D.C.  20429


The Honorable Lawrence Summers


Department of the Treasury

1500 Pennsylvania Ave NW

Washington, DC 20220


The Honorable Ellen Seidman


Office of Thrift Supervision

1700 G Street, N.W.

Washington, D.C.  20552

The Honorable John D. Hawke, Jr.


Office of the Comptroller of the Currency

250 E Street, S.W.

Washington, D.C.  20219


The Honorable Robert Pitofsky


Federal Trade Commission

Room H-159

600 Pennsylvania Avenue, N.W.

Washington, D.C.  20580


The Honorable Norman E. D’Amours


National Credit Union Administration

1775 Duke Street

Alexandria, VA  22314-3428


The Honorable Arthur Levitt


Securities and Exchange Commission

450 5th Street, N.W.

Washington, DC 20549-0609


Dear Sirs and Madams:


On behalf of the members of our broad coalition of organizations concerned with the privacy of citizens and consumers, and on behalf of all consumers of financial services generally, we are writing in response to confirmed reports that the several federal financial agencies may be delaying the compliance date of important new rules designed to implement the financial privacy provisions of Subtitle A of Title V of the Gramm-Leach-Bliley Act (“GLBA” or “the Act”) (Pub. L. No. 106-102, codified at U.S.C. 6801 et seq.).


As you know, our organizations and numerous others believe that the rules imposed by the Act do not provide consumers with adequate protection based on Fair Information Practices. We believe that companies should not have the right to share or sell confidential customer information for secondary purposes without informed opt-in consent. Nevertheless, we strongly support on-time implementation of the Act’s rules effective November 2000 as an important step toward our goal of achieving full financial privacy protection for American consumers.


Indeed, last week the President took the next step toward achieving our shared goal when he proffered his financial privacy protection plan to the Congress. The President’s plan would close some of the loopholes in the Act and, importantly, establishes that all medical information and some sensitive financial information should be protected by a requirement of opt-in consent. The President’s position that the Act is too weak is supported by many of your agencies and some of you have even testified to that effect before the Congress.

Therefore, we find it unacceptable that you are now suggesting that the modest rules proposed by the Act would not be enforced until 15 months from now, instead of by November 2000. We are unalterably opposed to this proposal, which would allow financial institutions to fail to provide consumers with any notice regarding the institution’s privacy policies and practices. Further, this proposal would delay providing customers their new opt-out rights to prevent having their financial information transferred to certain nonaffiliated third parties.

We would note that the financial services industry has had ample notice and time to prepare for these new regulations.  Indeed, the industry supported and argued for adoption of the Act that provides the statutory basis for your rules, arguing against the stronger privacy protections that a broadly bi-partisan group of legislators sought to enact either on the House floor or during the conference on the Gramm-Leach-Bliley Act. Following the enactment of the Act, the financial services industry repeatedly has cited the existence of these new requirements, and of your agencies’ proposed rules, in arguing against adoption of additional financial protections – including those recently proposed by the President. In fact, as far back as November, Hjalma Johnson, the President of the American Bankers Association, issued a news release stating "During the first 100 days of 2000, I would like to see every bank in the country develop a formal privacy policy and make that policy publicly available - 100 percent of banks in 100 days, beginning January 1[i]."

We are hopeful that the  financial industry’s plan to delay and weaken these rules is not  as successful with you as it has been with some state legislatures. Despite strong support for enactment of new privacy laws in several states, no state has yet taken advantage of the Act’s provision allowing stronger state laws. In Washington State, for example, a strong privacy proposal went down to defeat only because industry convinced the legislature to “wait-and-see” how well the “tough” new law would be implemented by Washington, DC. Meanwhile, their cohorts in Washington, DC were apparently trying to convince you that they could not possibly offer consumers either the privacy disclosures or the modest right to opt-out of some third-party transactions by November 2000.

The financial industry’s demands to delay the privacy requirements of Gramm-Leach-Bliley are unacceptable and are not supported by the record.

á        First, disclosure requirements are not new to the financial industry. Virtually every consumer financial law imposes disclosure requirements and the industry routinely complies with 180-day agency requirements. Typically, as is certainly true of this act’s requirements, the regulations mirror the statutory language to such an extent that the true implementation period should be calculated from the date of passage, not the date on which the rules are published.


á        Second, since 1997 the Fair Credit Reporting Act has required financial institutions to implement an opt-out system that only applies to some, not all, information. It is disingenuous for the industry to claim that they have no experience with applying opt-outs to some, but not all, information transfers, since they have been doing it already for three years.


We will be asking the Congressional committees of jurisdiction, as well as the bi-partisan Congressional Privacy Caucus, to examine the recommendation that your agencies grant these massive financial conglomerates a reprieve from rules they knew were coming and knew they could comply with. At a time when consumers are demanding more privacy protection, not less, it would be shocking if you endorsed this plan to delay giving consumers enforceable privacy rights.


Thank you for your consideration of our views in this matter. We look forward to hearing from you.




Greg Nojeim, American Civil Liberties Union

Deirdre Mulligan, Center for Democracy and Technology

Travis Plunkett and Jean Ann Fox, Consumer Federation of America

Sara Nichols, Consumer Federation of California

Frank Torres, Consumers Union

Phyllis Schlafly, Eagle Forum

Andrew Shen, Electronic Privacy Information Center

Lisa Dean, Free Congress Foundation

Jason Catlett, Junkbusters, Inc.

Susan Grant, National Consumers League

Shelley Moskowitz, Neighbor To Neighbor

Beth Givens, Privacy Rights Clearinghouse

Robert Ellis Smith, Privacy Journal

Evan Hendricks, Privacy Times

Jodi Beebe, Utility Consumers' Action Network

Edmund Mierzwinski, U.S. Public Interest Research Group

[i] See ABA press release of 15 November 2000, “ABA President Challenges Bankers To Make Customer Privacy Their Top Priority, Announces New Privacy Task Force” <>