The Federal Deposit Insurance Corp. on Monday issued guidance for banks that collect customer information over the Internet.
In a letter to the 6,000 institutions it supervises, the FDIC said Web site owners should tell consumers how their personal information is being gathered and how it will be used. They should also give consumers an opportunity to review their own data, restrict its use, correct mistakes, or stop collection altogether, the agency wrote.
The FDIC's guidance follows repeated warnings by the Federal Trade Commission and other bank regulators that new federal privacy laws will be enacted unless industry privacy protection practices improve.
The FDIC recently completed an informal survey of bank Web pages that showed privacy disclosures are "frequently absent."
The FDIC urged banks to institute policies outlining appropriate and inappropriate uses of data, and to create internal controls to enforce those policies. The agency also warned banks that hire outside parties to operate their Web sites to keep close tabs on how vendors handle customer data. "Banks that lose control of consumers' information are subject to liability and reputation risk," the agency wrote.
Despite the warnings, however, FDIC representatives in an interview expressed opposition to privacy legislation. "We would rather see the industry self-regulate than to see new legislation or regulations passed," said Ronald F. Bieker, deputy director for compliance and consumer affairs. New laws "could very well stifle" innovative efforts to promote privacy and would be costly both to banks and bank regulators, Mr. Bieker said.
The agency pledged to have its examiners discuss on-line privacy during the course of routine compliance examinations. Mr. Bieker said the agency will also respond to specific consumer complaints.
More than 700 FDIC-supervised institutions maintain Web sites, most of which obtain information from customers, the agency noted.
Data collected on-line are used not only for internal marketing purposes but in some cases are rented or sold to third parties.
The Office of the Comptroller of the Currency plans to issue on-line privacy guidance for national banks in the fall.