Banking Groups' Privacy Pledges Seem Too Weak

With lawmakers and presidential candidates playing hardball on the issue of protecting consumers' financial privacy, industry associations stepped up to the plate last week with a Wiffle bat.

The trade groups dusted off a set of eight voluntary principles they first embraced in 1997. They added pledges to protect medical information sharing among affiliates and to fight identity theft. The package was presented as an extension of their members' "Tradition of Trust" with American consumers.

Agreeing not to share customers' medical information is the centerpiece of the guidelines, as it goes well beyond what is required in the Gramm-Leach-Bliley Act, and the protection from identity theft speaks to a new and growing fear among the American public.

But the majority of the 10 points are simply a restatement of the 1997 agreement.

The guidelines assert that "preserving trust is a core value" of the financial services industry, and urge institutions to communicate their privacy policies to their customers. Institutions, they say, should strive to keep accurate records of customer information, and allow erroneous information to be corrected.

When information is shared with affiliates or third parties, it should be done to benefit the consumer and with restrictions on how it can be used.

The trade groups argued that between banks' volunteering to strengthen their internal privacy policies and Gramm-Leach-Bliley, which created new privacy protections, there is no need for more legislation.

While legislation is not likely to pass this year, momentum is clearly building. Vice President and presidential candidate Al Gore promised Thursday to make consumer privacy protection a "national priority" in a Gore administration.

The day before, House Banking Committee Chairman Jim Leach, R-Iowa, introduced a bill that would make the sharing of consumers' medical information illegal. And on Friday, Rep. Marge Roukema, chairwoman of House Banking's financial institutions subcommittee, said she plans to hold a hearing in July to focus on the existing privacy rules and will discuss whether future legislation is needed.

Additionally, a Clinton administration bill strengthening Gramm-Leach-Bliley's consumer privacy protections is pending in the House and Senate. It would require financial companies to give customers a chance to block information sharing among affiliates. The reform law requires this "opt-out" opportunity to be provided only when a customer's data is shared with third parties.

Pitted against such political momentum, the announcement last Tuesday that the American Bankers Association, the Consumer Bankers Association, and the Financial Services Roundtable had agreed to a set of voluntary guidelines for privacy protection looks somewhat anemic.

The current groundswell of support for more privacy strictures on the industry developed while companies were ostensibly adhering to most of these principles already - so why should banks think that an adjusted version of them will satisfy consumers and legislators?

They should not, says Gilbert T. Schwartz, a partner in the law firm of Schwartz & Ballen. Voluntary guidelines, he says, will not cut it with legislators and privacy advocates.

"I think the legislative proposals being bounced around are on a juggernaut that is going to be difficult to overcome just by putting out statements of policies and principles," Mr. Schwartz said. "There seems to be a feeling that legislation is the only way to address customers and legislators' concerns."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER