New Amendments Also Give Banks A 45-Day Window To Share Information Even If A Consumer Says “No”
The latest version of the financial privacy bill released yesterday does not clearly require that a bank must obtain informed written consent before selling private financial information to telemarketers and others outside the company. Other new amendments allow financial institutions a 45-day window to share information with affiliated companies when a consumer opens a new account even if the consumer says “no” (“opts-out”). The bill, SB 1, is scheduled to be considered in a special hearing of the Assembly Banking and Finance Committee on Tuesday.
“The key to protecting privacy is to require a consumer’s informed written consent,” said Jerry Flanagan, consumer advocate for the Foundation for Taxpayer and Consumer Rights. “The lure of huge financial gain is so great that banks will stop at nothing to hoodwink consumers into giving up their privacy. This bill would be helped immensely by five words ‘banks must get written consent.’ If this is Senator Speier’s intent then it must be in writing.”
On June 4, Governor Davis and Senator Speier announced that they had reached a compromise agreement on the long awaited financial privacy legislation. When that compromise language was released to the public two days later, it contained a major loophole that allowed banks to obtain consent over the telephone or to hide consent agreements in financial contracts. Following concerns raised by FTCR and others, Senator Speier announced her intention to correct the problem. However, nothing in the new version of SB 1 released yesterday requires that a bank obtain written consent — it merely provides a mandatory format if a bank chooses to seek written consent. As a result of these changes, a financial institution could be considered in compliance with the bill while inducing a consumer’s consent through discounts offered over the phone or in any other oral agreement:
- Section 4052.5 on page 10 lines 35-39 says that a financial institution “shall not sell, share, transfer, or otherwise disclose non public information to or with any nonaffiliated third party without the explicit prior consent of the consumer.” However, “explicit prior consent” is not defined.
- Section 4053 (a) (1) on page 11, lines 1-10 of the bill, requires that a financial institution obtain a “consent acknowledgment from the consumer that complies with paragraph 2.” Paragraph 2 of 4053 (a) simply states that a financial institution “shall not utilize a form, statement, or writing to obtain consent” unless that “form, statement or writing” meets certain criteria. This language does not require that a written form be used nor does it require that consent must be obtained in writing.
- The explicit requirement that that a financial institution must provide a written notice to the consumer on page 11 lines 4-6 of 4053 (a) has been struck from the bill.
“Governor Davis and Senator Speier should not let banks and insurance use the fine print of this bill to steal the individual’s private information when the purpose of the legislation is to protect consumers from the fine print of financial services contracts,” said Jamie Court, executive director of FTCR and author of the new book Corporateering: How Corporate Power Steals Your Personal Freedom And What To Do About It (Tarcher/Putnam).
In addition, new changes to the bill on page 19 lines 27-40 allow banks to share private financial information with affiliated businesses for up to 45 days even if a consumer has exercised his or her right to “opt out.” This amendment severely undermines the consumer’s ability to control the dissemination of his or her information as well results in a false sense of security that the consumer’s right to “opt out” provides a real protection. For example, a consumer opening a new bank account could choose to “opt out” of information sharing on the day the account is opened, but the bank would be provided a 45 day window to share or sell the newly attained private information before it had to comply with the consumer’s wishes. The financial institution is not required to make the consumer aware of the 45-day exemption
“This loophole gives banks a 45-day license to steal,” said Flanagan.
Additionally, FTCR continues to have concerns with the compromise bill released last week with Governor Davis. Specifically, that compromise would:
- Pre-empt stronger city and county ordinances protecting residents’ financial privacy, including those in Daly City, San Francisco City and County, and San Mateo County. These local ordinances provide greater protections to consumers than those provided in the SB 1 compromise legislation. Specifically, they provide for less sharing among affiliates, more consumer control over with whom information is shared, clear standards that consent must be in writing, as well as mandatory minimum and progressively higher fines for repeat violators.
- Exemptions to retailers to access a consumer’s purchasing history. For example, if a consumer makes purchases with a Sears credit card, Sears can access a list of the consumer’s purchases made at Sears and affiliated retailers and websites — and the consumer has no right to “opt out”. The retailer can then use the consumer’s information without any restrictions.
- Allow organizations and businesses to access a consumer’s purchasing history and private information. New amendments to SB 1 allow any organization or business to receive from a financial institution issuing an affinity card in its name, information about the cardholder’s name, address, and email address, as well as financial information about the consumer’s purchases made at a business bearing the brand name of the organization or business. Amendments released today remove a consumer’s right to opt-out of the sharing of his or her name and address.
- Allow marketers to retain a consumer’s private information. Under new amendments to SB 1, a third party under contract with a bank to market its financial products can retain the consumer’s private information after the activities of the contract are complete.
- Remove protections for consumers enrolled in group benefit plans. The Speier/Davis compromise allows the sharing of information of participants in group benefit plans, workers compensation insurance plans, group insurance or annuity plans, and beneficiaries of trusts. Tens of millions of Californians are covered by these plans. Since many of these plans are job-related benefits, information sharing about these plan participants would include income, job classification, claims history, information on dependents, and retirement assets.
“Senator Speier and Governor Davis must provide clear requirements that consent must be in writing and that a consumer is informed of his or her right to privacy,” said Flanagan.
– 30 –
The Foundation for Taxpayer and Consumer Rights (FTCR) is a non-profit and non-partisan consumer advocacy organization. For more information, visit us on the web at http://www.consumerwatchdog.org