Banks and advocacy groups have begun thrashing out their differences. In December, financial institutions, consumer groups, academics and communications experts gathered at a workshop sponsored by the FTC. The discussion was centered on the complexity of privacy notices and ways in which to simplify them. The notices, which present consumers with a company's information sharing policies with various affiliates, were generally criticized for being too lengthy and difficult to read.
The workshop succeeded in clarifying the issues surrounding privacy, participants said. ""This was a first step,"" said Warren. ""It was a learning process and there will be several iterations.""
""We've had a lot of positive feedback about the conference,"" said Laretta Garrison, a spokesperson for the FTC.
There was broad agreement on the need for plain language in privacy notices and a standardized format. ""There was consensus that 'regularization' of the notices was important,"" said Johnson. ""Which to us means coming up with simple paragraphs that describe our policies related to affiliates and to third parties.""
For financial institutions, keeping privacy regulation at the national level and reducing the complexity of compliance is paramount. The threat of additional regulation from states promises to add significantly to the cost of compliance. ""One of the things that is important to us is the ability to handle the requirements in an efficient way,"" said Johnson.
Consensus was also reached on the need to craft easier-to-read notices, including the use of common symbols to aid consumers in comparing policies.
Said the FTC's Garrison, ""A layered notice-meaning one with different levels of detail, with a standard key-was suggested. This would allow a consumer to know at a glance what a company does and would allow them to compare company policies.""
Regarding standardization, the Direct Marketing Association has developed a ""privacy generator"" that allows companies to answer a series of multiple choice questions and create a privacy notice.
The workshop included a presentation by Alan Levy, a scientist at the Food and Drug Administration, on the development of standard nutrition labels for the food industry. He suggested that a type of ""nutrition label"" be developed for information sharing policies. The idea was ""an epiphany regarding the role of the consumer in the privacy notice debate,"" said Warren.
But, Warren added, ""consumers were clamoring for these labels in order to make informed decisions about food purchases, which is in sharp contrast with privacy issues.""
Consumers also need a better understanding of the technology hurdles
financial institutions face in sharing systems and information. ""Consumers don't really think about how the systems interact in credit card and ATM transactions,"" said Warren.
Compliance with privacy regulations exacts a toll on customer service, bankers say. That happened at Bank One when it set up a national 800 number for privacy questions. Because the number wasn't linked to the customer information system, customers wishing to get account information were told they had to call another number. ""I don't think that is an optimal customer service experience,"" said Johnson. ""There are enormous systems and training issues behind privacy initiatives.""
Still, banks and regulators came out of the workshop with a renewed sense of purpose. ""At the end of the day, there was a real commitment by industry and regulators to work together,"" said Warren.