Privacy fears complicate deregulation

Long-awaited financial supermarkets, where customers can pick up a checking account in Aisle 1, insurance in Aisle 3 and stocks in Aisle 11, have hit an unexpected wall: the growing concern over privacy.

Congress repealed restrictive Depression-era banking laws last year, clearing the way for financial supermarkets, but federal banking regulators this month threw up the potential roadblock.

They proposed a rule requiring companies to tell customers who is viewing their personal information and what these people plan to do with it.

The Comptroller of the Currency, the Federal Reserve Board, the Federal Deposit Insurance Corp. and the Treasury Department released the proposal jointly and, in an unusual interagency approach, the Securities Exchange Commission and the Federal Trade Commission will soon release a similar one.

Consumer advocates, meanwhile, pledge to carry on their fight state-by-state for regulations limiting the ability of companies to divulge customers’ private information to affiliates, meaning, for example, that banker Peter couldn’t tell broker Paul how much customer Mary has to invest.

The financial industry fears that such restrictions would hurt their ability to sell all things to all people, a notion that is driving many financial industry mergers.

The proposed rules implementing provisions in last year’s financial deregulation bill would require companies to disclose their privacy policies and to give consumers the right to prevent companies from disclosing information about them to unaffiliated companies.

Key issues for the industry include how the agencies define non-public personal information.

“How you define that determines how much of a burden [the industry will] have on handling this,” says Dean DeBuck, spokesman for the Office of the Comptroller of the Currency. Disclosures must be given to customers on how companies handle non-public information.

The comptroller asked for public comment by March 31 on whether the definition should include information that is available publicly, such as in telephone books, or whether it should only include information that is not publicly available.

In a press briefing, Federal Reserve officials stated that they believe the rules should cover only information not publicly available.

The banking industry agrees with the Fed, says John Byrne, senior counsel to the American Bankers Association. To define basic information, such as names and addresses, as non-public “makes no sense,” he says.

Another area the industry is concerned about is a proposal requiring disclosure of who has access to the information and the circumstances under which it can be divulged.

“I don’t think it’s relevant to a bank customer to know anything other than employees of our bank only have access to personal financial information if it’s in their job description, or if there’s a business reason to have access to that information,” Mr. Byrne says. “You should not have to get a list of how many offices in how many banks have access to what information. It’s way too proprietary.”

The third point Mr. Byrne sees as a bone of contention is whether a company that sells customer information to a third party should have to monitor how the third party uses the information. The law stipulates that companies can not resell customer information they buy from unaffiliated companies.

It should be up to the government to enforce the law, Mr. Byrne says, not the industry.

But Edmund Mierzwinski, consumer program director of the U.S. Public Interest Research Group in Washington, says the regulations don’t go nearly far enough.

“These regulations are based on a bad law and will not protect consumers,” he says. “No matter how broadly the agencies interpret technical terms in the act, the bottom line is that this is only an opt-out, and that opt-out is only some of the time.

His group wants legislation requiring companies to get approval from consumers before they share private information with affiliates. Although the federal proposal would require only that companies allow consumers to prohibit sharing information with unaffiliated companies, it also specifies that states can enact stronger consumer protections.