Skip to main content /TECH with /TECH

Watchdog group rips firms on privacy practices


By Patrick Thibodeau

(IDG) -- A privacy watchdog group has released a report that's largely critical of the privacy practices offered by financial institutions.

Among the best practices cited in the study by the Center for Democracy and Technology (CDT) in Washington are those used by First Union in Charlotte, N.C., which offered its Internet customers an online form for opting out of marketing deals and for limiting the sharing of personal data.

Drawing criticism in the report was Community First Bankshares in Fargo, N.D., which requires online banking customers who want get off of its marketing lists to telephone to receive a form that has to be returned by regular mail. INFOCENTER
Related Stories
Visit an IDG site

Privacy advocates said the latter practice would likely frustrate consumers. But Community First is hardly alone: Only 22 percent of the 100 companies surveyed offer consumers a "convenient online means" of preventing data-sharing, the report said.

"We have systems that are robust and strong enough to do important things like move money, but not apparently robust enough to allow privacy choice," said Peter Swire, former chief privacy counselor for the Clinton administration and currently a visiting professor of law at the George Washington University Law School, at a press conference where the report was released.

But Pat Staples, senior vice president of market development at Community First, defended the call-in policy and said that asking customers to speak with a customer service representative helps the bank understand a customer's particular privacy concerns. It also helps the bank educate customers and get information that may help it improve its privacy practices. "We really are trying to collect that data, trying to understand what the primary reasons are why people are calling in," she said.

Community First at least offers its customers a chance to opt out of data-sharing with marketing partners and affiliates. Under the Gramm-Leach-Bliley Act, the 1999 financial modernization law, a bank can share information with affiliates and marketing partners without a customer's permission. Many of the companies in the survey didn't offer consumers a choice on data-sharing unless they had to under the law. The act only requires bank to offer an opt-out option for data-sharing with unaffiliated third parties.

Gramm-Leach-Bliley also gives banks, insurance and security companies the ability to merge while setting privacy restrictions on customer data. But the privacy protections outlined in the bill have come under fire from privacy advocates and from members of Congress who argue that the law allows banks to broadly share data with any company with which it has a marketing agreement, such as telemarketers.

Sen. Paul Sarbanes (D-Md.), who heads the Senate Banking Committee, has been a leading critic of the Gramm-Leach-Bliley Act and has introduced a bill, S.30, that would toughen the privacy rules.

The CDT said it plans to file complaints with federal regulators against six or seven mortgage lenders that it believes are following Gramm-Leach-Bliley requirements. The U.S. Federal Trade Commission may receive those complaints as early as today.

The report's authors hope that the study leads to better practices among online bankers. "There are best practices out there," said Ari Schwartz, associate director at the CDT. "There is an industry standard that the rest of the financial community could live up to."

• The Center for Democracy and Technology

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top