Banks may have dodged a bullet when the House placed relatively lenient privacy restrictions into H.R. 10, the Financial Reform Bill, but they fell right into the grasp of a group of state attorneys general that is conducting an investigation into how banks use private customer data.
Several of the state officials involved in the investigation confirmed this week that they are trying to discover whether banks misled the public and violated federal privacy laws by sharing certain customer information with outside telemarketing firms. The group reportedly includes attorneys general from about 25 states, although only a few states appear to be most active in the investigation: Vermont, California, Florida, Connecticut, New York and Illinois.
“I think there’s some concern among the attorney generals not so much that the banks are sharing information but that people don’t even know that they are sharing that information,” said Jack Norris, Florida’s assistant attorney general. “People expect banks to protect your financial privacy. You don’t go to a bank to have them sell information about you to make money.”
Many banks give outside firms permission to market products – anything from vacation packages to discount dental insurance – to the banks’ customers, and the banks supply the outside firms with customer lists, which reportedly sometimes contain private information such as credit histories. Banks then are paid a commission on each sale made to customers from those lists.
Meanwhile, 23 attorneys general from around the country also sent a letter to Congress urging it to require banks to adopt stricter consumer-privacy provisions than those that already have been proposed in H.R. 10, which is being considered by Congress. Among other suggestions, the attorneys general proposed the adoption of an opt-in rule for the use of customer data, which would prevent banks from sharing their data with third parties without permission from customers. H.R. 10 calls for the use of an opt-out procedure, in which banks would be free to share certain data about their customers unless those customers request that their data not be used for marketing purposes.
The issue started building steam this summer when Minnesota state attorney general Mike Hatch sued U.S. Bancorp, Minneapolis, alleging that it provided private information to third-party marketers. The bank paid $3 million to settle the suit without admitting guilt. In the wake of that incident, several banks stopped sharing their customer lists with marketers who pitched products other than financial services.
Norris said the attorneys general selected “a sampling of some of the larger banks” to investigate, and others in the investigation said those banks include U.S. Bancorp; Citigroup, New York; Wells Fargo & Co., San Francisco; MBNA Corp., Wilmington, DE; Capital One Financial Corp., Falls Church, VA; and Bank of America Corp., Charlotte, NC.
A spokesman for Wells Fargo confirmed that his bank was contacted last month by the attorney group, which was seeking copies of the bank’s privacy disclosure statements to its customers, a list of third-party marketing vendors it has worked with and copies of its agreements with those vendors.
“We believe that we have not violated any state or federal laws,” said Wells Fargo spokesman Larry Haeg. He said the bank no longer markets nonfinancial products to its customers and does all its own telemarketing.
Norris said the attorneys general have not yet determined what action they will take, if any, against the banks. The group could file lawsuits, together or separately, if they find that banks deceived consumers by sharing information that they either were not allowed to sell or had pledged not to sell.