Banks Brace for State Action on Privacy
The federal bill, which sets the parameters under which banks, insurance companies and securities firms can enter each others' businesses, was passed this month by the House, 362-57, and the Senate, 90-8, and was expected to be signed by President Clinton sometime next week.
It allows banks to share private information about their customers with affiliated entities under the same corporate umbrella and to share certain information with third parties for marketing purposes unless consumers have opted out of having their information shared.
However, the legislation permits states to enact more stringent privacy restrictions, and some states have indicated they will do so.
"We plan to step up to the plate because Congress has failed to provide adequate privacy protections for consumers," said Leslie Sandberg, press secretary for Minnesota State Attorney General Mike Hatch. "We plan to look at what consumers want in terms of what they want banks to do with their personal information and we will look at what our options are."
She said, however, that it was "too early to speculate" what courses of action might be available.
In June, Hatch's office sued U.S. Bancorp, Minneapolis, accusing one of the bank's subsidiaries of sharing some confidential customer data with an outside marketing firm. The banking company settled the suit for about $3 million.
"I would expect that the battle next year will be moved from the national level to the state level in some states," said Kenneth Guenther, executive vice president at the Independent Community Bankers of America, a Washington trade group representing 5,400 community banks. "I'm not sure which states, but I think some states will take up the battle. It's a very hot issue with consumers right now."
Charlotte Birch, a spokeswoman for the American Bankers Association, Washington, said several states already have some consumer privacy laws, and the ABA opposes expanding those with additional restrictions specifically for banks.
California, Vermont and Minnesota have been reported to be considering legislation that would toughen the privacy provisions of the Gramm-Leach-Bliley Act.
However, one source in a state attorney general's office who asked not to be identified said that state legislatures might be hesitant to create laws that overstep the privacy limitations imposed by Congress.
Meanwhile, both California and Vermont are at the helm of a multistate task force of attorneys general that is investigating the privacy policies of several large banking institutions.
Julie Brill, assistant attorney general for Vermont, declined to discuss the endeavor in detail, but she did confirm that a multistate investigation of bank privacy practices was still under way. The California attorney general's office did not return phone calls seeking comment.
Some reports have speculated that the task force could attempt to file a multistate lawsuit against the banks - much like states did against tobacco companies.
Jack Norris, the assistant attorney general for Florida, confirmed that his state also is involved in the investigation.
"It's a big investigation. It involves a fairly large number of banks, but it's probably the most important thing we're doing right now," he said. "I think the public is completely unaware that the information they give to banks is not private."
Norris said Florida was one of the first states to become involved in the investigation, prompted by Hatch's suit against U.S. Bancorp. The attorneys also wrote letters to Congress urging members to create an opt-in provision for information sharing.
One source in a state attorney general's office involved in the investigation said each of the attorneys general is requesting information from banks in their states. According to some of the banks that have been investigated, that includes any disclosures the banks made to consumers about their privacy policies and information about contracts the banks have had with third-party marketing firms.