Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention
   
    Tell us
    what you think

    Our Sponsors
Our Sponsors


























































 
Print Friendly! Email This Article! Discuss NOW!

Litigation Hits Privacy Practices

The first of what threatens to be numerous law suits against banks alleging violations of customer privacy has been filed in Minnesota. The suit is against USBancorp, a multi-state operation based in Minneapolis.

The complaint alleges that the Bank sold customer information, including account information, to telemarketing companies who used the information to market products and services to the bank's customers and then debited their accounts.

Allegedly, the bank had several such arrangements. The Attorney General chose one specific arrangement of several as the basis of the complaint. In his complaint, the Attorney General charges US Bancorp with several practices that violated customer privacy and/or breached agreements with or promises to customers.

The suit involves only one telemarketer, but one which had a dozen different sales programs allegedly using customer data provided by the bank. While the bank had explicitly told its customers that it would keep information private, the suit alleges that they divulged confidential customer information, including information about the customer's last transaction, account balance, bankruptcy scores, and similar information, to the telemarketer.

The complaint also alleges that the telemarketer made automatic debits to customer accounts authorized on verbal information. This practice would violate Regulation E.

According to the Attorney General's office, the suit was brought based on the unusually high number of consumer complaints to the office. These complaints were primarily from customers who wondered where the bank had gotten the authority to debit their checking accounts. Their office has received more consumer complaints on this topic than any other in recent memory.

The AG is evaluating the benefit received against the invasion of privacy. For example, in one program, only 20 customers out of the thousands contacted took advantage of discount travel tickets. Moreover, the AG's office has found that 87 percent of customers canceled the service sold within 60 to 90 days, suggesting that the cancellations were occurring once the customer discovered a debit to their account.

Why should other banks care? At least 14 other state attorneys general have contacted Minnesota's Attorney General seeking information on the lawsuit. Now that the practice has become public, consumers will be more suspicious of any solicitations by phone or mail that appear to be connected to information about their banking practices.

An assistant to the Minnesota Attorney General, David Ramp, is a member of the Federal Reserve Board's Consumer Advisory Council. At the CAC's most recent meeting, Ramp urged the Fed to investigate practices such as these. He expressed surprise that a bank was willing to put itself at this kind of risk for relatively paltry sums.

In short, the cat is out of the bag. Any bank that has sold customer data to third parties or affiliates, or any bank that has used customer data should be alert to customer sensitivities regarding the practice. A good compliance program should be taking some active steps to alert management to the issues and to review what is or may be happening to customer data.

ACTION STEPS
  • Sit your marketers down. It is time to ram some compliance information down their craws. For example, marketers should be aware of consumer protections contained in Regulation E and in Regulation Z.
  • Discuss marketing strategies with all retail heads and the marketers. Evaluate the impact that marketing strategies could have on customer data.
  • Review your products, services, and even compensation plans for bank staff. Think through how any of these may put on any pressure to bend the rules on customer privacy.
  • Play detective and track down any fee income pressures and ideas. Make sure that none of the paths lead into the customer data base.
  • Find out who has access to any customer data and under what circumstances. Meet with them to find out what they might do with it.
  • Review all privacy policies. Be thorough. Look beyond the official policy documents and look in other areas to find out how information may be used.
  • Review all disclosures and forms provided to customers - including statement stuffers - to see what promises the bank has made on customer privacy. Match these against the official policy and what the bank is actually doing.
Copyright © 1999 Compliance Action. Originally appeared in Compliance Action, Vol. 4, No. 9, 7/99



Rate This Article
Current Rating For the Feature:
Privacy Litigation Hits Privacy Practices
Total Ratings for this Feature: 0
Print Friendly! Email This Article! Discuss NOW!