Minnesota's attorney general has accused U.S. Bancorp of selling confidential customer data to a telemarketer, which in turn allegedly debited customers' accounts without their written permission.
The charges were leveled in a four-count lawsuit filed Wednesday in U.S. District Court in St. Paul, and they were forcefully denied by the Minneapolis-based banking company.
The filing, centering on U.S. Bancorp's three-year relationship with the telemarketing firm MemberWorks Inc., fed a growing firestorm over consumer privacy. Comptroller of the Currency John D. Hawke Jr. sparked the controversy Monday with a scathing speech, condemning some industry information practices as "seamy, if not downright unfair and deceptive."
By Wednesday, lawmakers were demanding a legislative crackdown. "It's not whether we should do anything, but what we should do," said Sen. Paul S. Sarbanes, D-Md.
Sen. Charles E. Schumer, D-N.Y., introduced legislation Wednesday that would require bank holding companies to get written customer permission before disclosing information to telemarketers and other outside parties.
Rep. John J. LaFalce, D-N.Y., said he would offer a bill Thursday that would restrict the sharing of credit card information for telemarketing purposes, among other protections.
The House Banking Committee said its financial institutions subcommittee would hold hearings on privacy July 21 and 22.
"As a Minnesota court filing underscores, privacy is an issue that demands continued oversight," said committee Chairman Jim Leach, R-Iowa.
U.S. Bancorp allegedly violated the federal Fair Credit Reporting Act and three Minnesota laws. Donn Waage, spokesman for the $76 billion-asset company, said the charges are false. "U.S. Bancorp takes customer privacy very seriously and has strict policies in place to protect that privacy," he said.
Though industry officials did not want to comment specifically on the U.S. Bancorp case, they are clearly concerned about its potential impact on financial reform legislation.
Edward L. Yingling, chief lobbyist of the American Bankers Association, said Congress should not muddle the reform bill with provisions aimed at protecting customer privacy. "You cannot really address this issue in depth in financial modernization," he said.
"Our biggest concern has always been that (Congress will) go after a perceived abuse, rather than a real abuse, with some broad brush," said Marcia Sullivan, director of government relations at the Consumer Bankers Association.
The Minnesota attorney general, Mike Hatch, claimed that Stamford, Conn.-based MemberWorks paid U.S. Bancorp more than $4 million plus commissions in exchange for information such as checking account and Social Security numbers, as well as data typically obtained from credit bureaus such as bankruptcy scores and other predictors of consumer behavior.
David Ramp, Minnesota's lead attorney on the case, said the bank had been acting like a credit bureau and therefore could not sell customer data for marketing purposes.
If it loses, U.S. Bancorp could be forced to pay hundreds of millions of dollars in damages for the federal law violation alone. Any of the 16 other western or midwestern states served by U.S. Bancorp could seek to join the Minnesota suit or file its own.
Government and private sector attorneys acknowledged that the parameters of the Fair Credit Reporting Act are not clear for banks. "The laws are very ill-defined at this time," said David W. Roderer, of counsel at Goodwin, Procter & Hoar. "This may give us greater definition than we currently have."
Three of the four counts in the Minnesota suit allege that U.S. Bancorp's relationship with MemberWorks violated state laws prohibiting fraud, false advertising, and deceptive trade practices.
According to the complaint, in exchange for periodic payments and a cut of the sales, U.S. Bancorp agreed to provide MemberWorks reams of data on many of its credit card and checking account customers, including 330,000 Minnesota cardholders.
The telemarketer would then call the customers and pitch low-cost medical and dental plans that could be paid for by automatic debit from their checking or charges to their credit cards.
Minnesota alleged that U.S. Bancorp violated state law when it allowed MemberWorks to obtain verbal, not written, authorization for debiting customer accounts. The state also charged that U.S. Bancorp and MemberWorks falsely led customers to believe that the telemarketer did not possess key personal information about them.
The suit said U.S. Bancorp's practices affect "the economic health and well-being of Minnesota residents," and that the company's Web site and credit card privacy notices contain "false, misleading and untrue information regarding the lack of confidentiality."
In Washington on Wednesday, the banking industry took a pummeling at the first in a series of Senate Banking Committee hearings on privacy. One lawmaker dubbed them "commercial peeping toms" and another shared personal stories about corporate Big Brotherism.
Many criticized financial companies for stubbornly refusing to support even basic privacy protections. Rep. Edward J. Markey Jr. scoffed at industry claims the problem can be solved through disclosure.
"(That) is a lot like saying a burglar has to leave behind a note as they're stealing all of your property," he said.
But the hearing showed that lawmakers are still struggling to figure out how to protect consumers' rights without overextending the reach of government or unfairly interfering with the ability of financial companies to use cutting-edge information technology to better serve customers.
Sen. Sarbanes and several other Democrats urged adoption of their bill to bar disclosure of account balances and transactional data as well as require banks to get permission from customers before selling confidential information to, or sharing it with, an unaffiliated third party.
Banks could continue sharing customer information among affiliates unless the person objects. They would also have to disclose how their information is used and let customers verify the data's accuracy.
Rep. Markey and Rep. John D. Dingell, D-Mich., plan to offer a similar plan today as an amendment to the financial reform bill in the House Commerce Committee.
