Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:33 AM
Johannah Rodgers
Johannah Rodgers
Connect Directly

A Private Arrangement

Banks and regulators work together to improve the policies that protect personal information.

Banks and regulators work together to improve the policies that protect personal information.

The ink was hardly dry on the Gramm-Leach-Bliley Act when consumer advocacy groups and some regulators began criticizing financial institutions for dragging their feet on the law's privacy provisions. Some two-and-a-half years later, the issue shows no signs of abating.

In December, USAction, a national consumer organization, issued a report saying that bank privacy notices are confusing and misleading, and fail to comply with the law. USAction graded the privacy notices sent out by the 15 top credit card-issuing banks according to clarity of message, depth of content and ease with which a recipient could exercise privacy rights. Three banks were given an "F", six a "D" and none better than a "C."

USAction and other consumer groups have called on Congress to enact stronger financial privacy regulations, including not allowing banks to share information without consent ("opting-in"). They have also asked the federal agencies that regulate privacy notices, including the Federal Deposit Insurance Corporation and the Federal Trade Commission, to ensure that privacy notices be clear and understandable.

Despite the claims and protestations of USAction and other watchdogs, many financial institutions do not see the need for increased privacy regulations. Indeed, industry-sponsored focus groups and consumer surveys have consistently reported a high rate of consumer satisfaction with the notices. According to a survey by Star Systems, a payments processing network, 61 percent of consumers rate their financial institutions as good or excellent at communicating privacy policies.

The discrepancy between consumer groups and banks on the privacy issue is attributable to a lack of communication between the two, according to bank officials.

"I don't think there are substantive conversations going on," said Julie Johnson, chief privacy officer at Bank One. "There is a real disconnect between what our consumer surveys are saying and what advocacy group surveys are saying."

Financial institutions see themselves as making a best-effort attempt at complying with the law and addressing customer concerns regarding privacy. "What we did was draft a policy to comply with the law and we went to real customers and asked them to approve the notices," said Robin Warren, privacy executive at Bank of America. "We've asked the banking regulators whether they have received complaints about the notices and they haven't, so the process is not entirely broken."

Contrary to what consumer advocacy groups are saying, no evidence exists that consumers are agitating for privacy law reform, according to Warren. "Consumer behaviors and actions do not correspond to the consumer advocacy group beliefs about consumers."

Noted Johnson, "Consumers are not calling for more privacy information. If they had, we would have responded."

Advocacy groups say the reason consumers aren't more vocal about privacy is they haven't been given enough information to make an informed decision. Financial institutions say it's because consumers trust them with sensitive information. "Consumers trust their financial institutions. That is part of the reason they chose those institutions in the first place," said Warren.

Consumer groups and financial institutions are also at odds over whether the law goes far enough. Consumer groups would like consumers to be given the right to opt-in, or specifically consent to information sharing. A number of bills aimed at opt-in and other increases in privacy restrictions have been introduced in Washington. "Consumer advocacy groups want the law changed altogether, and they are going to continue to criticize the notices until the law changes," said Bank One's Johnson.


Banks and advocacy groups agree that education, or the lack of it, is a big part of the problem. With the law nearly three years old, many consumers still lack an understanding of the regulations surrounding use of their personal information.

Consumers need to be educated regarding privacy issues before they can make an informed decision, Warren said. "Privacy notices are driven by legislation and regulation. Consumers need to be educated and become more savvy so they can tell us what they want to know about privacy."

Banks and advocacy groups have begun thrashing out their differences. In December, financial institutions, consumer groups, academics and communications experts gathered at a workshop sponsored by the FTC. The discussion was centered on the complexity of privacy notices and ways in which to simplify them. The notices, which present consumers with a company's information sharing policies with various affiliates, were generally criticized for being too lengthy and difficult to read.

The workshop succeeded in clarifying the issues surrounding privacy, participants said. ""This was a first step,"" said Warren. ""It was a learning process and there will be several iterations.""

""We've had a lot of positive feedback about the conference,"" said Laretta Garrison, a spokesperson for the FTC.

There was broad agreement on the need for plain language in privacy notices and a standardized format. ""There was consensus that 'regularization' of the notices was important,"" said Johnson. ""Which to us means coming up with simple paragraphs that describe our policies related to affiliates and to third parties.""

For financial institutions, keeping privacy regulation at the national level and reducing the complexity of compliance is paramount. The threat of additional regulation from states promises to add significantly to the cost of compliance. ""One of the things that is important to us is the ability to handle the requirements in an efficient way,"" said Johnson.


Consensus was also reached on the need to craft easier-to-read notices, including the use of common symbols to aid consumers in comparing policies.

Said the FTC's Garrison, ""A layered notice-meaning one with different levels of detail, with a standard key-was suggested. This would allow a consumer to know at a glance what a company does and would allow them to compare company policies.""

Regarding standardization, the Direct Marketing Association has developed a ""privacy generator"" that allows companies to answer a series of multiple choice questions and create a privacy notice.

The workshop included a presentation by Alan Levy, a scientist at the Food and Drug Administration, on the development of standard nutrition labels for the food industry. He suggested that a type of ""nutrition label"" be developed for information sharing policies. The idea was ""an epiphany regarding the role of the consumer in the privacy notice debate,"" said Warren.

But, Warren added, ""consumers were clamoring for these labels in order to make informed decisions about food purchases, which is in sharp contrast with privacy issues.""

Consumers also need a better understanding of the technology hurdles

financial institutions face in sharing systems and information. ""Consumers don't really think about how the systems interact in credit card and ATM transactions,"" said Warren.

Compliance with privacy regulations exacts a toll on customer service, bankers say. That happened at Bank One when it set up a national 800 number for privacy questions. Because the number wasn't linked to the customer information system, customers wishing to get account information were told they had to call another number. ""I don't think that is an optimal customer service experience,"" said Johnson. ""There are enormous systems and training issues behind privacy initiatives.""

Still, banks and regulators came out of the workshop with a renewed sense of purpose. ""At the end of the day, there was a real commitment by industry and regulators to work together,"" said Warren.

Comment  | 
Email This  | 
Print  | 
More Insights
Copyright © 2018 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service