The Office of the Comptroller of the Currency is distributing guidelines explaining how a bank may share customer data among affiliates without violating privacy laws.
The guidelines urge banks to make it easy for consumers to block the distribution of confidential data, but they do not prescribe specific steps institutions must take. Rather, they describe programs used successfully by some banks to comply with the Fair Credit Reporting Act, which requires that consumers be given the chance to opt out of data-sharing programs.
"This is good," said Richard M. Whiting, acting executive director of the Bankers Roundtable. "It does not proscribe specific steps that need to be taken. It allows management to devise systems that are unique to its own corporate culture and corporate practices."
Marcia Sullivan, director of government relations at the Consumer Bankers Association, said she is pleased that the OCC gave banks flexibility in devising compliance procedures.
"They really made it very clear that ... these are examples and not examination standards," Ms. Sullivan said. "The biggest concern that we've ever had with these guidelines is that examiners may have concluded them as requirements."
The guidelines, unveiled Monday, come after months of warnings from regulators for banks to do a better job guarding customer privacy. Congress also is considering imposing restrictions on the sharing of customer data among affiliates.
The agency broke the guidance into three broad areas. One gives examples of banks' disclosure statements. For instance, some banks disclose the names of affiliated companies with whom the information is being shared. Some institutions go beyond what the law requires by disclosing the types of information being shared, such as repayment data or information taken from a loan application.
The second area in the guidelines addresses how banks make consumers aware of disclosures. Effective methods of presenting the FCRA-mandated disclosure include printing it on a stand-alone page, putting it in bold type, or highlighting it.
The final section describes how some banks make it convenient for consumers to block data sharing. Methods include providing self-addressed postcards, telephone lines, or Web sites that customers can use to inform the bank of their decision.
