New York Aims to Limit the Sale Of Customer Data by Card Issuers
Prompted by what it sees as invasions of privacy, the New York attorney general's office is seeking to curb the sale of customer information by credit card companies.
One of the state agency's targets is Citicorp, which recently launched a program that provides marketers with limited access to its vast customer data banks.
Voluntary Restraint Sought
Since state law does not prevent banks from disclosing consumer buying patterns, the attorney general plans to ask credit card firms to give consumers the option of denying marketers access to their files. Failing voluntary compliance, the agency may push for state legislation to bar the practice, officials said.
In the meantime, there is little to stop financial institutions that see a huge potential market for the data.
The privacy concerns were highlighted earlier this year when Citicorp announced plans to offer marketers information from Citibank's data base of 21 million cardholders. Although the Citicorp plan would not give marketers direct access to customer information, there is little to stop a financial institution from providing a broader amount of customer data to third parties, contend privacy advocates.
Legal Route Blocked
The New York State Attorney General's Office, which has aggressively pursued consumer issues, said it is concerned about the plans by Citicorp and other card issuers, but that under existing state law it cannot file suit.
"We're attempting to get voluntary compliance from credit granters that if they wish to engage in this activity, they will make it clear to their customers what they are doing," said Richard Barr, a spokesman for Attorney General Robert Abrams' office.
If that does not work, "we could initiate new legislation that would require credit granters to tell their customers," Mr. Barr said.
The Citicorp service, offered as part of the bank's credit cardreceipt proceesing, would allow merchants to work with Citicorp to do a special mailing to customers. The merchant would get no names directly from Citicorp, but would receive the names of those Citicorp customers who responded to the mailing, said William Ahearn, a Citicorp spokesman.
Getting Off the List
Citicorp does tell customers how they can have their names removed from "the list we use to inform customers of special Citibank offers, discounts, and services," Mr. Ahearn said.
But the notice in its customer brochures does not specifically say that Citicorp may make names available to other marketers.
No company has yet taken Citicorp up on its offer, which has been available for about two months, Mr. Ahearn said.
American Express Corp. has offered a program similar to Citicorp's for a decade. But American Express officials said they already inform customers that information may be made available to third-party marketers, giving them the option to remove their names from such lists.
Other card issuers may be eyeing the market, industry observers said, but most lack the sophisticated technology needed to extract the data from their customer files.
A Question of Ownership
The limits of privacy rights regarding consumer data are confusing, observers said. In Europe, for example, companies that have access to financial data are considered mere caretakers of data, and consumers actually own financial data about themselves. In the United States, financial institutions are considered to have greater ownership.
"The property battle is a losing one for the consumer," said a legal specialist in privacy issues who asked not to be identified. According to legal precedent, "once a consumer goes into the stream of commerce by negotiating a [credit] check, the bank owns that information."
Congress is also eyeing the activities of credit granters. The chairman of the House subcommittee on consumer affairs, Esteban E. Torres, D-Calif., is said to be looking into the various marketing programs offered by financial institutions. Federal law limits the uses of consumer data by credit-reporting bureaus, but banks are left relatively unchecked.
