An advocacy group's recent complaint to the Federal Trade Commission could prompt the agency's first investigation of financial institutions' privacy practices under the Gramm-Leach-Bliley Financial Modernization Act of 1999, which took effect July 1.
“It's the only complaint we know about,” said Ari Schwartz, the complaint's author and associate director of the Center for Democracy and Technology, Washington.
In the Aug. 29 letter to the FTC, Schwartz requested that the commission investigate five online mortgage firms for noncompliance with GLB's notice requirement.
Under GLB, July 1 was the deadline by which banks and other financial institutions were required to provide clear disclosure of their privacy policies regarding the sharing of nonpublic personal information with both affiliates and third parties and to provide notice to consumers and an opportunity to opt out of sharing nonpublic personal information with nonaffiliated third parties.
The FTC and several other agencies are responsible for auditing financial institutions for GLB compliance.
The CDT complaint alleged that Advantage Mortgage, Ameriwest Mortgage, Central New England Mortgage, GM Mortgage and Online Mortgage Corp. “as of August 28, 2001 … did not offer proper, clear and conspicuous initial notice to customers on their Web sites.”
The complaint also said, “CDT has e-mailed each of these companies to inform them that they may be in breach of the law but has not received a response.”
Though it is unclear how strict the FTC will be with firms deemed in violation of the provisions of GLB, the possible sanctions are severe. They include termination of FDIC insurance, cease-and-desist orders, removal of employees and monetary penalties up to $1 million for an individual or the lesser of $1 million or 1 percent of the total assets of the financial institution.
More than a week after sending the letters, CDT has received no response from the FTC or any of the mortgage firms, Schwartz said.
Requests for comment from the mortgage firms and FTC officials went unanswered.
The basis for CDT's complaint to the FTC was a privacy policy study it released Aug. 29. CDT examined the privacy policies of 100 financial institutions that allow consumers to do business online. The study was conducted July 1-22.
Though CDT found only five of the institutions to be in violation of GLB, it reported these other findings:
· Of the 100 Web sites studied, 34 confirmed third-party data sharing practices but had no online opt-out method. Most provided offline opt-out methods.
· Forty-four sites stated that information was not shared with outside parties, but 30 admitted to sharing data with marketing partners.
· Twenty-two institutions had an online opt-in policy or an easy opt-out mechanism.
