Banks that partner with affiliates and third parties to market products and services directly to their customers appeared to dodge a bullet last week when a joint Senate-House conference committee approved a handful of relatively lenient privacy amendments to the Financial Modernization Act.
The banking reform bill will essentially reverse previous legislation preventing banks, insurance companies and securities firms from entering each others’ businesses and will allow banks to freely share information about their customers within the various divisions of any new conglomerates they form. The legislation was still the focus of debate between congressional leaders and the White House late last week over matters unrelated to the privacy amendments.
Under the revised legislation, banks will have to provide a conspicuous means for consumers to opt out of having information about them shared with third parties. Banks do not have to offer consumers the opportunity to opt out of having data shared with affiliated companies, which are expected to include the insurance companies and securities firms that banks will be able to merge with under terms of the new legislation.
The legislation also requires banks to disclose their privacy policies and how they use customer data.
The legislation, however, prevents banks from sharing credit card account numbers and access codes with third parties, which some groups, including the Direct Marketing Association, oppose.
DMA spokesman Richard Barton said he still had not seen the exact wording of the bill at press time but said the DMA supported the opt-out provisions for sharing information with outside companies. The DMA and others lobbied the conference committee to allow banks to share encrypted versions of their customers’ account numbers with third parties, saying that the numbers, if encrypted by banks, can be used to prevent fraud and to make it easier for consumers to purchase products over the telephone.
Amy Simmons, a spokeswoman for the House Finance Committee, said the effort to allow the sharing of encrypted account numbers with third parties failed.
An amendment offered by Sen. Richard C. Shelby, R-AL, and Sen. Richard H. Bryan, D-NV, calling for all information to be changed to an opt-in format was rejected by a 14-6 vote of the Senate conferees. Another proposal for the opt-out rule to be applied to banks’ affiliates – separate divisions within a holding company – also was rejected.
However, the committee approved an amendment allowing states to apply and enforce stronger privacy protection laws than those included in the federal legislation and also exempted the Fannie Mae and Freddie Mac mortgage institutions from some of the privacy provisions.
Donn Waage, senior vice president at U.S. Bancorp, Minneapolis, which ignited a firestorm of privacy concerns earlier this year when it was accused of sharing confidential customer information with marketers, said its own current policies agreed with most of the legislation.
Some consumer advocates remain opposed to the legislation as it stands, saying it does little to protect consumers’ privacy or to protect them from fraudulent charges.