WASHINGTON - Two-thirds of the Web sites operated by the 50 largest banks do not offer the privacy protections mandated by the Gramm-Leach-Bliley Act, according to a report issued Thursday by PricewaterhouseCoopers.
The accounting firm found privacy policies were clearly and conspicuously posted on 49 of the 50 banks' sites. However, 65% do not clearly state what customer information is collected, and 67% do not say whether this information is shared with affiliates or third parties, PricewaterhouseCoopers said.
Bank trade groups blasted the report as alarmist and misleading.
"To issue a release in August of 2000 is a tad premature," John Byrne, senior counsel at the American Bankers Association, said in an interview. "This survey is not relevant in my mind as to whether or not banks will be prepared next July."
"This is the point where our banks are coming into compliance," a spokeswoman for the Financial Services Roundtable said. "Are we all the way there? Not yet, but we are making good progress."
Compliance is not required until July of next year, but the necessary changes will take time, the firm said. "Our survey indicates that many banks will struggle to meet the operational, training, and management changes necessary to meet the deadline," said PricewaterhouseCoopers partner Maryann Murphy.
The financial reform law originally required banks to meet the privacy protections by Nov. 13, but banks convinced regulators to make compliance voluntary until July 1.
While Gramm-Leach-Bliley's privacy provisions apply to a broad range of customer interactions with financial services firms, the survey focused only on disclosures and other requirements that apply to Web sites.
Thirty-four of the sites disclose that the bank may share customer information with third parties, but only 14 of those notify customers of their right to "opt out" of such arrangements, as the law requires. Only nine offer a "reasonable" way for customers to do so, PricewaterhouseCoopers said.