The Clinton administration and Congress in recent weeks have sent the financial industry fair warning: Get serious about protecting customer privacy or face tougher regulations.

Even Vice President Gore has weighed in, endorsing a "Privacy Bill of Rights" that would give consumers more say over how their financial and medical data are used.

"Privacy has now become a mainstream political issue on the same level as fixing Social Security and figuring out what to do with the federal budget surplus," said Martin E. Abrams, vice president of information policy and privacy for Experian in Allen, Tex.

Industry leaders are worried that poor performance by nonfinancial businesses will saddle bankers with regulation they say is unnecessary.

"For banks and financial firms, which have always considered personal information to be sacrosanct, there is real concern there could be a rush to umbrella legislation," said John J. Byrne, senior federal legislative counsel for the American Bankers Association.

But so far policymakers are pursuing narrow initiatives designed to stop specific problems. For example, legislation introduced by House Banking Committee Chairman Jim Leach would make it a federal crime to obtain customer information from financial institutions under false pretenses.

Next week banking regulators are expected to issue an "interagency alert" to warn bankers of the tricks unscrupulous information brokers use to dupe employees into giving out confidential information.

The regulators will also provide guidance on security measures and authentication measures banks should put in place.

The Senate has gone a step beyond Rep. Leach's bill, approving legislation July 30 that would make it a federal crime to steal Social Security numbers and other personal information from any source and make it illegal to use stolen information to open financial accounts or establish lines of credit under a victim's name.

As more companies offer Internet transactions, policymakers are pressuring the industry to disclose on their Web pages how information gleaned from on-line contracts and credit applications will be used. They also want consumers to have an opportunity to stop the data from being shared with third parties.

The Federal Trade Commission complained in June that only 14% of commercial Web sites post any notice of information collection practices. If significant improvement is not demonstrated by yearend, FTC officials have vowed to ask Congress to crack down.

To try and help banks avoid new regulations, the Office of the Comptroller of the Currency established a Privacy Working Group in June to develop model Web page disclosures. That guidance is expected in the fall.

But it is not just the sharing of on-line data that worries federal officials. Last week acting Comptroller Julie L. Williams gave national bank regulators broad authority to investigate possible Fair Credit Reporting Act violations. Recent revisions to the law give companies broader authority to share customer information with affiliates, but requires them to notify consumers how the data will be used and to give an opportunity to "opt out."

The law prohibits regulators from including credit reporting compliance during regular examinations.

But Ms. Williams ordered OCC officials to launch credit reporting investigations if they uncover "any specific information" about violations, including actions discovered during the normal course of a routine exam.

Ms. Williams said policymakers are reacting in part to technology breakthroughs.

"Technology is advancing with such great velocity that it is possible not only to collect data, but also to analyze much more information about individuals than was feasible even a few short years ago," she said.

"If banks are going to provide new kinds of services, they must handle confidential customer information responsibly."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.