Information Sharing: What Consumers REALLY Think
How incredibly ironic. Individuals who are concerned enough about their privacy to send in comment letters to the Treasury Department (and its agencies) on the subject of information sharing end up with their addresses and/or email addresses being visible to the world on the Internet. What's wrong with this picture? (Click on any of the individual comment letter links below to see what we mean! FYI -- they are all PDF files.)
On February 15, 2002, the Treasury Department published in the Federal Register a Notice and Request for Comments, in conjunction with the federal functional regulatory agencies and the Federal Trade Commission conducting a study of information sharing practices among financial institutions and their affiliates, as required by the Gramm-Leach-Bliley Act of 1999.
The comment deadline has passed and the comments have been published online. The volume is tiny, but the remarks are certainly interesting. While the number is too small to draw any statistically valid conclusions, the trend in the consumer submissions is to favor an opt-in system, rather than the opt-out scheme that currently exists under GLB privacy rules.
Thirty-five Attorneys General, plus the District of Columbia Corporation Counsel, and the Hawaii Office of Consumer Protection submitted comments to the U.S. Department of Treasury regarding the information sharing practices among financial institutions and their affiliates. The Comments urge the Treasury to, among other things, consider "the confusing and hard-to-read Gramm-Leach-Bliley notices consumers have received from financial institutions, which make it difficult for them to exercise their rights to protect their confidential information." Read the press release regarding the comments, which includes the list of states represented, or read the comments.
The Electronic Privacy Rights Clearinghouse ("EPIC"), the Privacy Rights Clearing House, US PIRG and Consumers Union filed a 23-page position paper asserting harm will result if data sharing is not adequately regulated. According to an article in Wired News, "Survey: Opt-Out Is a Cop-Out", "EPIC was quick to point out examples of data exchanges gone awry, including one case of a bank that sold its database, including credit card numbers, to a convicted felon. The felon, in turn, fraudulently charged the credit cards for access to Internet pornography sites."
Consumers were vocal about their feelings on information sharing as well. Here, we've gathered some excerpts from some of the comments made by consumers:
Franklin Elder believes "opt out is a sham that provides no privacy protection."
M.A. Squire says, "I don't like my bank sharing my name and putting me on sucker lists.
Norm Olsen wrote: "If financial organizations are going to share or otherwise sell information about me, I should get a piece of the action. If not offered a chance to participate in the financial benefits derived from such transfers, all such transfers should be strictly prohibited. Please note, that there are a zillion laws concerning all of this stuff, but kn [sic] one ever goes to jail. If you pass a bunch of regulations, but don't back them up with jail time, your the regulators are worse crooks than the people who need the regulations."
Terry Lutz writes: "Information that a company/financial institution compiles on me should not be shared except as needed for them to provide their services for me. None of my information should be shared outside of the specific company/institution to which I provide it, and only for the purpose for which it is provided. This should apply to all types of entities."
And Patricia Grammer states: "This should be OPT-IN. I received so many notices and the opt-out procedure was different on each one. Either fill out the form and return separately or call this number (and of course, you couldn't just say "mark me opt out", they have to explain what you will not get or somtimes ask you survey questions about why, etc.) or go to website and answers questions, check boxes, etc., etc. Much too complicated and aggravating. With op-tin, I should not need to do anything. If the bank or credit card provider, et al, doesn't hear from me, that means NO."
First published on BankersOnline.com 5/7/02
First published on 05/07/2002