The Federal Trade Commission adopted strict new rules designed to protect the privacy of personal financial information last week.
The rules mirror the financial privacy regulations that were previously adopted by the Federal Reserve Board and several other federal agencies to implement the privacy provisions of the Financial Services Modernization Act. Last week those agencies pushed back the implementation date from November 13, 2000, to July 1, 2001, to give financial institutions more time to put their privacy protection programs in place.
The act, which President Clinton signed into law last November, permits banks, financial institutions, insurance and securities companies to merge and offer competing products and services. It also makes it tougher for them to share seemingly harmless information – like a person’s name, address and telephone number – about their customers for marketing purposes with each other or with unaffiliated third parties, in addition to direct marketers, without written permission.
Like the rules adopted by the Federal Reserve Board, the Office of the Comptroller of the Currency and the Office of Thrift Supervision which permit state governments to enact more restrictive privacy protections, the FTC’s rules prohibit banks, credit grantors, insurance and securities firms from disclosing personally identifiable financial information without out a person’s written permission.
And like the rules of the other agencies, the FTC rules prohibit those organizations or businesses from passing on to third parties consumer lists that are developed through the use of personally identifiable financial information. But, they do permit the sharing of consumer lists that are developed from publicly available sources such as government records, city and telephone directories, newspapers and other media for marketing purposes.
The new rules also require banks, credit grantors, insurance companies and other financial service companies to provide consumers with easily understood written yearly notices of their right to opt out from having their personal financial information shared with affiliated or unaffiliated third parties.
Financial institutions that do business over the Internet are also required to post privacy notices on their sites while providing consumers with a method for opting out of having their personal financial date from being disclosed to anyone for any purpose.
