Thursday, November 19, 2009

Agencies release new consumer privacy rights notice forms


Consumer groups: New format is clearer, but should be mandatory

By Connie Prater

Consumers may start to see a new look in those oh-so-boring-but-important privacy rights notices that they get in the mail each year from their banks, brokers, insurance companies and credit card issuers.

Agencies release new consumer privacy rights notice forms
WHAT NEW PRIVACY NOTICES
MEAN FOR CONSUMERS

What: Federal agencies released samples of simplified, consumer-friendly privacy rights notices that banks and other financial institutions can send to customers.

Key points: The forms are not mandatory; banks can continue to mail out the old, legal notices.

Why it's important: Consumers have the right to opt out of having their personal information shared with third-party companies. This helps filter out junk mail and telemarketing calls and reduces the risk of identify theft through data breaches.

View the sample privacy notice.

Federal agencies released samples of model privacy rights notices Tuesday that are designed to be consumer-friendly and easier to understand. Instead of two to three pages of tiny, gray type, the new notices are set up in tables with clear language and larger print. However, the new model privacy rights forms are not mandatory, so some consumers may continue to get the old legalese-rich notices.

Privacy rights advocates called the new model forms an improvement and urged banks and other financial institutions to adopt the new format. Others, however, said if banks and other institutions aren't required to use the consumer-friendly forms, consumers will lose out.

"Obviously this is a lot more consumer friendly than the hodgepodge of privacy notices that have gone out in the past," says Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, a San Diego-based nonprofit consumer advocacy group. "In our experience, we found that most individuals just receive the notices, don't bother to read them and toss them out."

"Hopefully, now that they may be in a more user-friendly format, a greater percentage of consumers will take the time to read these notices and have a better understanding of what types of information may be disclosed and to whom that information may be disclosed," Stephens added.

What the law says
By law, a host of financial institutions -- from insurance companies to brokerage firms to credit card issuers -- must send initial and then yearly notices informing consumers of their rights to keep information collected by the firms private. Companies must often share personal information about its clients with contractors who process transactions or maintain credit card and bank accounts. Law enforcement officials may also gain access to credit card and other private financial information if investigating criminal acts.

Since the form isn't mandatory, it can't be useful to consumers unless all banks issue the notices using the model form.

-- Michelle Jun
Consumers Union

Companies in the financial services industry also often share information about their clients with other marketers that then attempt to sell other products and services to consumers. If you ever wonder why you're getting junk mail or calls from a company you've never heard of after you purchase life insurance or open a new checking account, it may be because your contact information, salary or credit score may have been shared by your bank or insurance agent. Identity theft experts say the more information is shared, the more vulnerable consumers become to data breaches. Consumers who do not wish to have their information shared with other, nonaffiliated companies are allowed to opt out.

The law that requires the privacy rights notices is the Gramm-Leach-Bliley Act, named after the U.S. lawmakers who sponsored the 1999 legislation. The act requires financial institutions to disclose:

  • Their policies and procedures for collecting information about clients.
  • Whether other companies (both affiliated with the institutions and third-party outsiders) receive information about the consumer.
  • What steps the company takes to safeguard the consumer's personal information.
  • How consumers can opt out of having certain information disclosed to nonaffiliated third-party companies.

Ability to compare privacy safeguards
According to a joint press release issued by eight federal regulatory agencies, the Financial Services Regulatory Relief Act of 2006 requires the agencies to develop more reader-friendly notices that allow consumers to compare privacy policies of different companies.

"Because the privacy rule allows institutions flexibility in designing their privacy notices, notices have been formatted in various ways and as a result have been difficult to compare, even among financial institutions with identical practices," according to the privacy rights notice guidelines issued Tuesday.

Stephens from the privacy group said the "model notices may provide an opportunity for consumers to compare different financial institutions and see which ones are providing notices that are more privacy-friendly and enable individuals to, in some part, make a decision about the financial institutions they wish to patronize."

Michelle Jun, an advocate from Consumers Union, the nonprofit owner of Consumer Reports magazine, said it will be difficult for consumers to make those comparisons if all banks and financial institutions don't use the new forms.

"It's worthless if it's optional," said Jun. She likened the simplified, table format of the new model forms to the Schumer box required on credit card applications and solicitations. "Since the form isn't mandatory, it can't be useful to consumers unless all banks issue the notices using the model form."

A spokeswoman for the Federal Trade Commission (FTC), one of the agencies that developed the model forms, said the consumer-friendly disclosures are not mandatory because the 2006 law stated they were to be optional for financial firms. Those institutions that use the new disclosure forms will be exempt (also called having a safe harbor) from the law's other requirements.

In addition to the FTC, the agencies issuing the guidelines were: the Federal Reserve, the Comptroller of the Currency, the Office of Thift Supervision, the National Credit Union Administration, the Securities and Exchange Commission, the Commodities Futures Trading Commission and the Federal Deposit Insurance Corp.