WASHINGTON Though consumers and their advocates may be complaining in the media that privacy notices from financial firms are hard to understand, few are taking their gripes about this issue to bankers themselves, Consumer Bankers Association president Joe Belew said.
So far only about 5% of consumers have asked their banks not to share their financial information with third parties, Mr. Belew said in an interview Thursday.
Reaction from customers has been pretty positive, he said. One banker put it this way: Customers see this as a good business opportunity, a chance to make a business choice about how they want their information used.
The Gramm-Leach-Bliley Act of 1999 contains a provision requiring financial firms to notify customers of how they use and share data and to give them the chance to prevent such data from being passed along to other companies. Federal bank regulators gave institutions until July 1 more than seven months longer than the statute prescribes to comply with the privacy requirements. But most large banking companies have already set their privacy policies and started sending out the notices.
With the mailings under way, people on all sides of the debate are watching customer reaction closely. After all, the conventional wisdom goes, if customers are comfortable with the policies, they wont demand additional state and federal privacy laws. But if they feel the policies do little to protect their data, the floodgates could open for tougher laws.
So far, Mr. Belew said, the tone Im hearing from bankers who are dealing directly with customers is that theres not been any outrage, theres not been any alarm. Rather, customers are beginning to get their arms around the issue of privacy and are feeling comfortable with how banks are protecting their privacy.
The bulk of letters and phone calls to opt-out centers have been from customers with questions about things like identify theft, Mr. Belew said. He acknowledged that pretty complicated and tortured regulations that even confuse lawyers made it difficult for banks to write notices that consumers would understand and regulators accept.
Given what they had to work with, the banks have done an outstanding job, Mr. Belew said as he pulled from a folder a handful of major banking companies privacy notices. They are not written in PhD language. The delivery of the message looks clear. It says things like, We want to tell you about new products and services, heres how we collect new information, and heres how you can opt out of telemarketing if you dont like it.
It is too early to know if that 5% opt-out rate will hold, Mr. Belew said. But so far, he said, bankers have observed that more customers are blocking their information from being shared with outside companies than with bank affiliates.
(Though Gramm-Leach-Bliley does not limit the sharing of customer data among affiliated companies, the regulations under the Fair Credit Reporting Act were recently revised to correspond with the financial reform law. Those regulations require institutions to give customers a chance once a year instead of one time only to block such nontransactional information as customer income from being shared with bank affiliates.)
As required by Gramm-Leach-Bliley, the banking companies have provided customers with a mechanism usually a toll-free phone number, e-mail address, and mailing address to prevent such information-sharing. Several institutions are allowing customers to block more information than they have to by law. For example, First Union Corp. and Bank of America Corp. let them specify ways that the bank may contact them for marketing purposes.
Even the affable Mr. Belew said he considered opting out altogether from receiving telemarketing calls but decided its enough to simply ask individual solicitors to remove him from their calling lists.
He went on to reiterate that the privacy regulations have an upside.
The industry has enhanced its ability to manage information in response to the regulations, he said. Its always been a pretty sophisticated industry in terms of information usage, but even then it was scattered. Now it is more centrally managed.