Chase, New York Privacy Deal Could Lay Groundwork for New Protection Law
Under the terms of the settlement, Chase agreed to stop sharing data about its customers to third parties unless it has obtained clear authorization from them. Even if a customer agrees to have his personal information shared, either online or offline, Chase said it will only provide names, addresses and telephone numbers from now on.
"New technology has brought extraordinary benefits to society, but it also has placed all of us in an electronic fishbowl in which our habits, tastes and activities are watched and recorded. Personal information thought to be confidential is routinely shared with others without our consent," Spitzer told reporters in Albany last week.
The investigation into Chase, the world's third-largest banking institution, was lead by Spitzer, who said the bank was selling information about its customers to non-affiliated organizations without making it clearly known to consumers. The inquiry was similar to a dispute last year between Minnesota and U.S. Bancorp, Minneapolis. However in the New York case, Chase denied any wrongdoing, and state officials didn't accuse Chase of any illegal activity. Still, some privacy advocates and business leaders said the outcome sends a strong message to the business community concerning consumers and their private information.
Direct Marketing Association spokesman Stephen Altobelli said financial services marketers face an especially challenging situation "because privacy provisions in the latest reform legislation passed last year by Congress don't supercede the states rulings on the issue." He said the DMA had yet to determine if Chase's membership in the DMA, which requires adherence to its Privacy Promise, had actually been compromised. Documents indicate that Chase stopped selling customer information on or about July 1 -- the date the Promise took effect.
American Express spokeswoman Sally Susman, however, said the settlement would have little bearing on its business practices.
"It does not raise the bar for us because our principles and practices already protect customers in such way that precludes us from selling that kind of financial information," she said.
Apparently familiar with the more conservative practices of companies like American Express, Spitzer said consumers' personal data could be protected "without taking the information out of the information age."
"We need to strengthen privacy protections and reclaim a fundamental American notion -- that the individual has a right to be left alone," he said.
U.S. Rep. Edward Markey, D-MA, a leading advocate for financial privacy protections, applauded Spitzer's action and vowed to continue working on a comprehensive financial privacy legislation package.
Spitzer's office also reached a similar privacy-related agreement with Infobeat, an online publishing unit of Sony Corp., New York. According to that settlement, Infobeat was selling customer data to third parties in violation of its stated policy. However, company officials reportedly argued that software problems were the cause.