Visa, MasterCard Move to Defuse Privacy Issue

Visa U.S.A. and MasterCard International want federal regulators to know that they and their members are a step ahead on the potentially hot issue of consumer privacy.

Each of the card associations has developed a set of privacy principles, in large part aimed at preempting congressional action.

Though no pending privacy legislation is particularly alarming to the bank card industry, the government is expected to issue privacy principles soon as guidelines for corporate America. Similarly, the vast majority of state legislatures do not have onerous privacy proposals on their agendas.

But there are lingering fears that government action could eventually burden the private sector, and MasterCard and Visa are trying to look after their members' interests.

Sally Katzen, who chairs the Privacy Working Group of the White House's Information Infrastructure Task Force and oversees the government's privacy efforts, has said that the government should play a role in implementing policies on personal privacy, but that the forthcoming principles will not be enacted into law.

Visa announced its 10 principles last week, and MasterCard's U.S. board will vote on a similar statement this month.

The associations want to be legislatively proactive, but they also say it is important to satisfy consumers' concerns regarding how information about them is handled.

Visa said its principles are intended to "enhance members' relationships with consumers, and to protect members against erosion that might occur should consumers lose confidence in the security of their information."

Visa and MasterCard expect banks to use the principles as a foundation on which to build their own privacy policies.

Only a handful of card issuers have formal principles in place, including Citibank, which served as an adviser to Visa. In addition representatives from First Chicago Corp., Chase Manhattan Bank, First USA Inc., Bank of America, and Banc One Corp., took part in developing Visa's principles.

Citibank and Banc One also worked with MasterCard.

"The principles don't represent anything that our members aren't actually doing," acknowledged Visa spokeswoman Susan Murdy. "They may not be extraordinary, but we are reaching a wide audience."

And indeed, the principles are so general that most consumers would expect their banks to have such basic policies in place.

Still, privacy experts hail the association's efforts as being meaningful. They contend that Visa and MasterCard are bringing the issue of consumer privacy to the forefront.

Moreover, if card issuers successfully communicate their policies to customers, it creates an environment in which, "consumers reward companies with good privacy principles and punish others that don't have such policies," said Robert R. Belair, a lawyer who specializes in privacy matters and is an editor of the newsletter Privacy & American Business.

Alan F. Westin, editor and publisher of the privacy newsletter believes that two of Visa's principles have an edge.

Mr. Westin pointed to Visa's suggestions regarding members communicating their policies to customers and giving customers an opportunity to be excluded from lists sold to companies that want marketing information.

However, the latter principle targets companies that are not affiliated with the card issuer.

"This principle raises the question of affiliated parties," like subsidiaries of the parent company, said Mr. Westin. "Should opt-out apply to affiliated parties?" he asked.

In the end this may be an issue that is decided by legislators.

Already, Maine and California have passed laws that require issuers to provide their cardholders with opt-out notices.

Recognizing the significance of third-party marketing practices, Ms. Murdy said that Visa used stronger language in this principle. Visa's principle stipulates that issuers "shall honor its cardholders' requests to exclude their names from such marketing lists."

Visa's principles are nearly identical to Citibank's privacy policies.

That is not surprising. Citibank adopted its principles in 1991 and Clinton W. Walker, a Citibank lawyer, served on both Visa and MasterCard's privacy committees.

Citibank, however, includes two provisions that Visa does not.

Citibank promises its customers that it will exchange information only with "reputable credit reporting agencies" and the bank promises that it will "safeguard" information it receives about noncustomers, "just as we do information about our existing customers."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER