Banking officials clashed with government representatives Thursday over the need for financial privacy laws in cyberspace.
Maintaining a united front at a House Banking subcommittee hearing, bank lobbyists set forth eight privacy principles adopted last week by four national banking trade groups.
The guidelines-which include giving customers the option to prevent disclosures of personal information and limiting corporate employees' access to such data-were Exhibit A in the case that banks can responsibly police themselves.
"Few consumers would patronize a bank that failed to provide an adequate level of privacy," said Marcia Z. Sullivan, government relations director for the Consumer Bankers Association, which has consistently advocated a code of conduct. "It is really easy for a dissatisfied customer to find another bank."
But even before hearing the industry testimony, Rep. Bruce F. Vento said he was skeptical that consumers would be protected without government intervention.
"We have not achieved a critical mass where the profits from greater consumer privacy protections reward and outweigh the losses from the company not being able to use the information," the Minnesota Democrat said.
He called for Congress and regulators to set "benchmarks" for privacy protection, clarifying the meaning of consumer consent and defining how information can be shared with affiliates and outsiders. Such standards, he said, would inspire public confidence and allow electronic commerce to flourish.
The industry's attempt to preempt congressional action with a self- regulatory code ran into two obstacles: a federal consumer advocate's call for legislation and a privacy scholar's critical evaluation of current banking practices.
Leslie L. Byrne, director of the U.S. Office of Consumer Affairs and a former Virginia congresswoman, said new laws are necessary to provide "legislative standardization" of industry and government privacy principles and to guarantee their implementation.
Alan F. Westin, a Columbia University professor and publisher of Privacy and American Business, said that of 50 bank Internet services studied by the Center for Social and Legal Research, which he heads, 39 collected personal and financially sensitive information from consumers but none disclosed their information practices.
Only Crestar Financial Corp., Huntington Bancshares, and NationsBank Corp. informed on-line users of a right to take their names off marketing lists, or said they do not use such lists.
In contrast, Mr. Westin told the financial institutions subcommittee, the Web sites of companies like International Business Machines Corp. and Time Warner provide links to detailed explanations of their privacy policies.
Still, Mr. Westin urged caution on legislation, suggesting that Congress "watch and wait" for two years as the industry gains more Internet experience.
Witnesses disputed whether existing laws sufficiently protect consumers in cyberspace.
Fair Credit Reporting Act amendments that permit affiliated companies to share credit reports and other sensitive data may have gone too far in easing privacy protections, said David Medine, the Federal Trade Commission's associate director for credit practices. The amendments take effect Sept. 30.
"Information-sharing among affiliates is a great potential for mischief," Ms. Byrne said.
Bank lobbyists argued that under the amendments, customers have to be given an opportunity to block any swapping of their financial information.
"Consumers will gain from affiliated parties' sharing information within the corporate family, and the disclosures required by the amendment will ensure that there is an adequate notice to all affected parties," said John J. Byrne, senior counsel and compliance manager of the American Bankers Association.
Mr. Medine, who otherwise encouraged self-regulatory efforts, added that Congress should examine whether the Fair Credit Reporting Act will become outdated by technological developments.
The law addresses the privacy and accuracy of information pooled into large data bases operated by credit bureaus. Advances in computer networking technology may allow merchants to bypass credit bureaus and create financial profiles of consumers from information that they share with each other directly. These profiles would not be covered by the Fair Credit Reporting Act, Mr. Medine said.
