WASHINGTON - Two influential state attorneys general on Thursday promised to continue prosecuting banks that violate consumer privacy laws and to push for broader enforcement powers.
Minnesota Attorney General Mike Hatch said Thursday that he is optimistic his state will enact legislation next month making it harder for banks to use information about their customers.
The Minnesota legislation would adopt all of the privacy protections contained in the Gramm-Leach-Bliley Act but change its "opt out" to an "opt in." That would require banks to gain a customer's written consent before information about him could be shared with third parties.
The federal law's opt-out provision requires banks to notify customers of their privacy rights, but leaves it to the customer to contact the bank to bar any information sharing. Rules implementing the law have been proposed and are expected to be finalized in May and effective in November.
"That law didn't do anything. It's a negative because it creates the perception that something was done," Mr. Hatch said at a meeting of the Congressional Privacy Caucus here.
But the federal law specifically gives states the right to enact more stringent measures, which would mean banks would have to meet various standards. So industry lobbyists are closely watching Mr. Hatch and the Minnesota legislature. They know a loss in Minnesota could create a domino effect in state houses across the country.
Joining Mr. Hatch was New York Attorney General Eliot Spitzer who also supported requiring financial institutions to get explicit customer permission before sharing information with unaffiliated third parties. He told lawmakers that more restrictions must be put on data sharing among bank holding company affiliates, too.
If a state adopts tougher laws, it could force industry lobbyists back to the negotiating table on Capitol Hill to accept a stricter, uniform federal law, Mr. Spitzer predicted.
A Minnesota Senate vote could occur as early as next week. "It is a little premature to say it is going to pass," said Steve Johnson, government relations manager for the Minnesota Bankers Association. He noted that House and Senate committees have passed different bills, and that Gov. Jesse Ventura has not weighed in on the matter.
Like the rest of the industry, Mr. Johnson said Minnesota bankers are urging lawmakers to give the federal law a chance to work.
"I don't see an opt-in bill passing," said Mathew Street, associate general counsel for the American Bankers Association, who noted that unrelated political conflicts in Minnesota and expected attempts to attach the bill to other privacy legislation could doom it.
Mr. Hatch has been a leading advocate of tough privacy protections since the summer when he forced Minneapolis-based U.S. Bancorp to stop sharing information with third parties and to give customers the opportunity to block the transfer of data to affiliates for direct marketing purposes by simply making a toll-free call.
Sen. Richard C. Shelby, speaking at the National Association of Attorneys General spring meeting here, urged states to aggressively pass and enforce privacy laws to goad Congress into strengthening the federal privacy protections.
"The state attorneys general are on the front lines all over on privacy-related matters,'' the Alabama Republican said Thursday. "There is much that we on the federal level could learn from the privacy protection efforts that you have already undertaken in your respective states."
Lawmakers from both sides of the political aisle agreed. "We need states to be aggressive," Rep. Jay Inslee, D-Wash., said later at the privacy caucus meeting. "We encourage you in that regard."
Sen. Shelby renewed his attack on the privacy provisions of Gramm-Leach-Bliley, describing them as "a sham" and calling for tougher laws that would require financial institutions to get the "prior, affirmative consent" of customers to share information with affiliates or third parties. He also criticized Gramm-Leach-Bliley for failing to require financial institutions, as part of their mandatory annual privacy disclosures, to say which companies they are sharing information with or how the data would be used.
"The reality is that the provisions are porous and do not provide the consumer with sufficient information to make an informed decision on the true ability to opt out of information sharing," he said. "The new law falls far short of what American consumers want and, I believe, deserve."
Meanwhile, federal regulators detailed the contents of the proposed privacy rules at a forum hosted by the Federal Deposit Insurance Corp. on Thursday. They reminded the audience that comments on the pending rules are due March 31.
Michele Heller contributed to this report.
- FDIC to Re-Broadcast March 23d Public Forum on Privacy by March 30 (Source: FDIC)
- Inaugural Congressional Privacy Caucus Briefing - Statement of Sen. Richard C. Shelby (Source: U.S. Senate Website)
Editor's Note: Each link opens a new browser window. We have no control over the content or availability of sites not part of American Banker Online.