Mark S. Young practically grew up at First National Bank of Orwell, Vt., whose building has also been the family home for three generations.

The bank is where Mr. Young's playpen was kept. It is where he shot BB guns with his three older brothers, and where he lost the tip of his ring finger at age 6 when trying to stop the vault from swinging shut.

It is also where he remembers his father, then the bank's president, coming unglued when an examiner would raise questions about a customer's loan within earshot of other customers.

The younger Mr. Young, now the president and chief executive of the $26 million-asset bank - whose sole office sits off Route 22A, a scenic road set against rolling hills - is equally protective of his customers' privacy.

"I say to the bank examiner, 'You forget you're not in Boston, where chances are if you mention a name in the lobby, no one is going to know who it is,' " Mr. Young said. "Here you mention a name and it's somebody's neighbor, cousin, friend, or brother."

Mr. Young says he tells employees he will fire them immediately if he hears they leaked information from the bank. He even built an addition to the house/bank in 1989 primarily to ensure privacy when meeting with customers to discuss loan requests.

But ask Mr. Young about Gramm-Leach-Bliley's requirement that all financial institutions send customers a copy of their privacy policy, and he scoffs: The law is "nothing except a nuisance."

"I have no patience for Gramm-Leach-Bliley, quite honestly," said Mr. Young, 48, whose great-grandfather the bank hired as a telegraph operator in 1880. "If you don't respect somebody's privacy and their personal information in a bank sitting in a town of 1,100 people, you wouldn't be here. I'd be out of business."

The 1999 law required all financial institutions to give customers a chance to block the sharing of confidential information with affiliates or outside companies. But because the smallest banks typically do not share information to begin with, Mr. Young and bankers like him consider the privacy provision superfluous.

There are more than 7,200 banks and thrifts in the United States with assets of $200 million or less, and more than 1,100 of them have assets of $25 million or less. All were required to send out privacy notices by July 1 and will have to keep doing so each year.

In mid-June all 12 of First National Bank of Orwell's employees gathered at a lunch table to attach labels and stuff envelopes for each of the 5,200 customers. Mr. Young said his bank spent $3,000 to send privacy notices to "customers who were going to pitch them in the trash.

"It was a total waste of money and time."

Executives of other small banks echoed his sentiments.

Leon Moore, the president of $166 million-asset Bank of Floyd in Floyd, Va., is grateful that Gramm-Leach-Bliley let it offer insurance and other financial products, but he gets downright testy when the discussion turns to privacy.

"It cost $16,800 to send out those stupid notices that most people didn't even read," he said. "At this point it means a $16,800 dead weight annually, and we are going to have to sell $16,000 worth of insurance products to break even on it.

"Unfortunately," he continued, "I don't think regulators or Congress looked at the ramifications there would be expense-wise. The effort adds another layer of regulatory burden just to send that notice out."

Karen Dorway, the director of research at Bauer Financial in Coral Gables, Fla., said many of the smallest banks felt that complying with the privacy provision of Gramm-Leach-Bliley was unnecessary, because they generally do not sell customer information or have affiliations with companies that share it.

"It was an amazing burden," she said, especially considering that "privacy was a nonissue for customers." Though some small banks outsourced the task, many put together mailings on their own. Some said they had to get special software, hire lawyers to draft and approve notices, and organize employees and even hire extra help to prepare and mail them.

"And for them, the small banks with a limited number of persons, just trying to … get the stuff out the door was an issue," said Ms. Dorway, whose company, a research firm, works with banks with $300 million of assets or less.

Karen Thomas, the director of regulatory affairs for the Independent Community Bankers Association, said most community banks also feel they are "paying for the transgressions of others" - since some say the privacy issue was stirred up by accusations against some large national banks.

Attitudes, however, seem to change as the asset size of a bank increases.

Ronald J. Gentile, the president and CEO of $659 million-asset Warwick Savings Bank in Warwick, N.Y., said that it "took privacy very seriously" before Gramm-Leach-Bliley, so the issue was really just cost. And though the provision caused some confusion among customers, he said that getting the notices out to customers was a "nonevent," and that "most people are happy we are protecting them."

"Once I got done with the cons - cost, education, and time - the bottom line is it was helpful," he said.

Diane M. Casey, the president and CEO of America's Community Bankers in Washington, said a host of challenges still remain - from training employees to answer customers' privacy questions to revising privacy policies as more small banks form alliances.

Banks may also find they have to adapt their policies to changes in federal and state law. For example, a consumer-driven privacy bill making its way through the California Assembly would require customer permission for sharing confidential information with third parties but allow sharing among affiliates if customers could opt out.

"I think we're just at the beginning of the privacy burden," Ms. Casey said.


From Our Archive

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.