WSBA Info For Lawyers For the Public For the Media CLE
| Bench Bar Guidelines | News Releases | Publications |
Lawyer Directory
Find Legal Help
Job Opportunities
Access to Justice
MCLE Website
Ethics Opinions

Admissions
Bar Leadership
Board of Governors
Committees
Diversity
Law Students
Sections
Young Lawyers
FAQs
WSBA Store
Bar News
Events Calendar
Law Links
Contact Us
Bar News Archives
Home > For the Media > Publications > Bar News > Archives > 2000
May 2000

The Fight for Privacy: Technology and Financial Services Industry Consolidation Impacts on the American Consumer

by U.S. Representative Jay Inslee
This article is sponsored by the WSBA's Civil Rights Committee as part of its mission to provide information and education about the law and legal system to both the public and legal professionals. The article was not authored by the Civil Rights Committee, and any positions and opinions therein are solely those of the author and not of the Committee or the WSBA.

Privacy is its own reward. Like the freedoms of speech and religion, the freedom from the violation of our expected sanctuaries of personal information may have little market, but it has its own fundamental importance to every American.

Our privacy — our freedom from intrusion into our personal lives — is at risk. The risk arises from the corporate consolidation of the financial services industry, the computer-driven interlacing of data banks, and the willingness of some to callously violate our privacy for profit.

Two recent real-life examples demonstrate the emerging threat. In California, a major bank sold a list of thousands of credit card numbers to a telemarketing outfit, which happened to be led by a convicted felon. The telemarketing company promptly charged over $43 million to the unsuspecting bank customers — all without their knowledge or consent. In Minnesota, another major bank sold a list of thousands of its customers' credit card numbers and other personal information to a different telemarketer. When this telemarketer began its round of calls using knowledge of the customers' most intimate financial affairs, people went through the roof — and rightfully so. The bank was caught red-handed but still denied any violation of the law, only ceasing its odious practices for public relations purposes.

When I heard from one of my constituents that his bank in Washington was up to similar tricks, I proposed an amendment to the Financial Services Modernization Act (S900) that would stop this kind of practice. This was the opening salvo in what will be a long and arduous fight to protect American consumers' privacy.

While we were able to pass a first stage of privacy protection in S900, giving consumers the right to demand that banks not transfer their personal financial information out of the bank, there are two problems Congress still needs to address.

First, the burden should not be on consumers to demand that the bank stop violating their privacy. The burden should be on the bank to obtain customers' consent before the information sharing starts. Customers should have the right to "opt in" to information sharing, rather than having the burden of "opting out."

Second, there remains a loophole of titanic proportions, because banks may continue to disclose consumers' private information to affiliated corporations even over the specific objections of the consumers. This was not a problem before the passage of S900, but now banks are allowed to affiliate with hundreds of other institutions in every other business. Banks now have a reason to raid your checking and savings account information for every intrusive marketing scheme known to man.

It is possible that small independent businesses will suffer from not being able to offer consumers the same tailored packages. Of course, consumers may prefer to do business with banks that advertise that they do not share personal information with other businesses. It is necessary to also point out that most consumers would find it egregious for retailers to use personal information to exclude people from opportunities or services. For instance, S900 does not contain the medical privacy provision present in the House-passed version of the bill (H.R.10). As a result, an affiliated insurance company that is not wholly owned by a bank holding company can share medical information with its affiliates. While I am not aware of any company currently using shared medical information as a reason to deny loans to individuals, we must guard against this realistic concern.

he consolidation of financial services poses some interesting regulation and enforcement questions. My fight in Congress to preserve the right of states to enact more stringent consumer privacy protections than those offered at the federal level was successful. Enforcement of privacy laws may fall under a state's jurisdiction if the state has passed stronger laws. At the time of this writing, the Washington State House of Representatives is deliberating over privacy legislation passed by the Washington State Senate. Another 24 state legislatures are also considering privacy legislation.

Certainly, S900 calls for coordinated efforts among federal and state regulators charged with writing the rules for implementation. S900 requires federal banking agencies and other authorities, after consulting with state insurance authorities, to prescribe regulations regarding the disclosure of nonpublic personal information. These federal agencies have submitted proposed regulations for public comment. The regulations will not be finalized until these comments have been reviewed and a report issued (likely to occur in mid-May 2000). The agencies involved include the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of Thrift Supervision, National Credit Union Administration, Secretary of the Treasury, and the Securities and Exchange Commission.

Federal regulations will have a great impact on the actual level of privacy achieved by S900, in part because a category of information, termed "publicly available information," is not subject to S900 disclosure and "opt-out" requirements. The level of privacy protection afforded under S900 will depend on what information the federal agencies decide is "publicly available information." For example, the agencies would have to determine whether the phone number and address provided by a consumer should be protected from third-party information sharing, when that information could also be gained from another public source, such as the telephone book.

The emerging Internet-driven world also presents a host of privacy issues that go well beyond our present concerns regarding the financial services industry. To date, we in Congress have been trying to get leaders in e-commerce to develop and implement meaningful privacy protections without the necessity of governmental action. Many industry leaders, including those in our state, have done so, and others must follow their path if we are to avoid the necessity of congressional action in this field.

Our political ancestors recognized and protected our rights of freedom of speech and religion in the 18th century. It is up to us to protect that tradition against violations of our privacy in the 21st century. We should not fail to do so.Jay Inslee is a member of the U.S. House of Representatives for the First Congressional District of Washington.

The Civil Rights Committee sponsors CLEs, articles and speakers on a variety of civil rights topics. For additional information on this year's Civil Rights Committee activities, contact Sevilla Claydon at 206-622-2086.

Back to table of contents >>





Last Modified: Tuesday, July 01, 2003

 Contact Information
Disclaimer and Copyright Notice | Privacy Policy
SEARCH
SITE INDEX