The federal appeals court in Atlanta has ruled that two banks must face charges that they improperly revealed customer account data to the government.
The decision, by the U.S. Court of Appeals for the 11th Circuit, is the third major ruling in two years holding banks responsible for violating the confidentiality of account data.
Lawyers said the decisions should serve as wake-up calls to banks that a 1992 law intended to shield the industry from these types of suits is not as effective as many assumed.
"You really have to be careful in what you release," said John J. Byrne, senior counsel at the American Bankers Association. "You can't be stupid about it. You need to have procedures and follow them."
The latest case involves Coutts & Co., International Bank of Miami, and NationsBank Corp., all three of which were served a warrant in 1996 requiring them to turn over accounts held by Maria Del Carmen Miranda De Villalba and "all related individuals and entities."
As part of its submission to the government, the banks included stored electronic information and other data for individuals not specifically named in the subpoena. These individuals sued the banks, claiming willful violations of the Electronic Communications Privacy Act on 1986, the Right to Financial Privacy Act of 1978, and Federal Reserve Board Regulation J.
A federal judge dismissed the suit in August 1996, ruling that Congress explicitly barred the public from suing banks that disclose account data to the government in response to a government order.
The plaintiffs appealed and the Atlanta court agreed, ruling that Congress did not bar all invasion of privacy actions. Instead, the court said banks may be liable if they disclose information not specifically referred to in a government order. The banks have consistently asserted that the disclosures were legal and protected by the safe harbor provision.
Elliot H. Berman, a partner in the Milwaukee law firm Godfrey & Kahn, said banks should appoint a single person or office to handle all subpoenas and other government orders. It then should keep a detailed history of how it responds to each demand.
"You need a consistent approach to complying with subpoenas," he said. "You can run into trouble if you have person A in Des Moines responding one way and person B in Topeka responding a different way."
Banks then may rely on this consistent approach to fend off lawsuits by showing it made a good-faith effort to follow the government order without revealing unnecessary customer data, he said.
"Banks are amply protected if they follow common sense policies and procedures," Mr. Byrne said. "Banks need to be consistent in how they respond to subpoenas and report possible violations of law. It is only when you stray from policies and procedures that you risk getting into trouble."