This is a letter that USPIRG and other leading consumer, privacy and civil liberties groups sent Tuesday 8 May 00 to the government financial regulators condemning a possible delay in enforcement of the privacy provisions of the new Financial Modernization law from November 2000 to July 2001.
American Civil Liberties Union
Center for Democracy and Technology
Consumer Federation of America
Consumer Federation of California
Electronic Privacy Information Center
Free Congress Foundation
National Consumers League
Neighbor To Neighbor
Privacy Rights Clearinghouse
U.S. Public Interest Research Group
9 May 2000
The Honorable Alan Greenspan
Board of Governors of the Federal Reserve System
20th and C Streets, N.W.
Washington, D.C. 20551
The Honorable Donna Tanoue
Federal Deposit Insurance Corporation
550 17th Street, N.W.
Washington, D.C. 20429
The Honorable Lawrence Summers
Department of the Treasury
1500 Pennsylvania Ave NW
Washington, DC 20220
The Honorable Ellen Seidman
Office of Thrift Supervision
1700 G Street, N.W.
Washington, D.C. 20552
The Honorable John D. Hawke, Jr.
Office of the Comptroller of the Currency
250 E Street, S.W.
Washington, D.C. 20219
The Honorable Robert Pitofsky
Federal Trade Commission
600 Pennsylvania Avenue, N.W.
Washington, D.C. 20580
The Honorable Norman E. DAmours
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428
The Honorable Arthur Levitt
Securities and Exchange Commission
450 5th Street, N.W.
Washington, DC 20549-0609
Dear Sirs and Madams:
On behalf of the members of our broad coalition of organizations concerned with the privacy of citizens and consumers, and on behalf of all consumers of financial services generally, we are writing in response to confirmed reports that the several federal financial agencies may be delaying the compliance date of important new rules designed to implement the financial privacy provisions of Subtitle A of Title V of the Gramm-Leach-Bliley Act (GLBA or the Act) (Pub. L. No. 106-102, codified at U.S.C. 6801 et seq.).
As you know, our organizations and numerous others believe that the rules imposed by the Act do not provide consumers with adequate protection based on Fair Information Practices. We believe that companies should not have the right to share or sell confidential customer information for secondary purposes without informed opt-in consent. Nevertheless, we strongly support on-time implementation of the Acts rules effective November 2000 as an important step toward our goal of achieving full financial privacy protection for American consumers.
Indeed, last week the President took the next step toward achieving our shared goal when he proffered his financial privacy protection plan to the Congress. The Presidents plan would close some of the loopholes in the Act and, importantly, establishes that all medical information and some sensitive financial information should be protected by a requirement of opt-in consent. The Presidents position that the Act is too weak is supported by many of your agencies and some of you have even testified to that effect before the Congress.
Therefore, we find it unacceptable that you are now suggesting that the modest rules proposed by the Act would not be enforced until 15 months from now, instead of by November 2000. We are unalterably opposed to this proposal, which would allow financial institutions to fail to provide consumers with any notice regarding the institutions privacy policies and practices. Further, this proposal would delay providing customers their new opt-out rights to prevent having their financial information transferred to certain nonaffiliated third parties.
We are hopeful that the financial industrys plan to delay and weaken these rules is not as successful with you as it has been with some state legislatures. Despite strong support for enactment of new privacy laws in several states, no state has yet taken advantage of the Acts provision allowing stronger state laws. In Washington State, for example, a strong privacy proposal went down to defeat only because industry convinced the legislature to wait-and-see how well the tough new law would be implemented by Washington, DC. Meanwhile, their cohorts in Washington, DC were apparently trying to convince you that they could not possibly offer consumers either the privacy disclosures or the modest right to opt-out of some third-party transactions by November 2000.
The financial industrys demands to delay the privacy requirements of Gramm-Leach-Bliley are unacceptable and are not supported by the record.
á First, disclosure requirements are not new to the financial industry. Virtually every consumer financial law imposes disclosure requirements and the industry routinely complies with 180-day agency requirements. Typically, as is certainly true of this acts requirements, the regulations mirror the statutory language to such an extent that the true implementation period should be calculated from the date of passage, not the date on which the rules are published.
á Second, since 1997 the Fair Credit Reporting Act has required financial institutions to implement an opt-out system that only applies to some, not all, information. It is disingenuous for the industry to claim that they have no experience with applying opt-outs to some, but not all, information transfers, since they have been doing it already for three years.
We will be asking the Congressional committees of jurisdiction, as well as the bi-partisan Congressional Privacy Caucus, to examine the recommendation that your agencies grant these massive financial conglomerates a reprieve from rules they knew were coming and knew they could comply with. At a time when consumers are demanding more privacy protection, not less, it would be shocking if you endorsed this plan to delay giving consumers enforceable privacy rights.
Thank you for your consideration of our views in this matter. We look forward to hearing from you.
Greg Nojeim, American Civil Liberties Union
Deirdre Mulligan, Center for Democracy and Technology
Travis Plunkett and Jean Ann Fox, Consumer Federation of America
Sara Nichols, Consumer Federation of California
Frank Torres, Consumers Union
Andrew Shen, Electronic Privacy Information Center
Lisa Dean, Free Congress Foundation
Jason Catlett, Junkbusters, Inc.
Susan Grant, National Consumers League
Shelley Moskowitz, Neighbor To Neighbor
Beth Givens, Privacy Rights Clearinghouse
Robert Ellis Smith, Privacy Journal
Evan Hendricks, Privacy Times
Edmund Mierzwinski, U.S. Public Interest Research Group
[i] See ABA press release of 15 November 2000, ABA President Challenges Bankers To Make Customer Privacy Their Top Priority, Announces New Privacy Task Force <http://www.aba.com/aba/ABANews&Issues/PR_111599PrivacyTaskForce.asp>