Industry Advice Sought on Privacy Rule Extensions
The Federal Trade Commission is seeking industry advice on how the tough new financial privacy rules it adopted three months ago should apply to financial institutions that disclose non-public information about their customers to third parties that do not have a relationship with the individual.
Specifically, it wants to know by Sept. 30 how those rules should apply, if at all, to third parties, such as another financial institution, direct marketers and telemarketers of financial services, and list brokers and compilers.
The rules were adopted last May to comply with the Financial Services Modernization Act. Also known as the Gramm-Leach-Bliley Financial Act for its authors, Senator Phil Gramm (R-TX) and Reps. Jim Leach (R-IA), and Thomas Bliley (R-VA), the act overhauled the financial services industry.
Besides allowing banks, financial institutions, and insurance companies to merge and offer competing products and services, the act imposed tough new restrictions on what information they could and could not share with affiliated and unaffiliated third parties for marketing purposes without an individual’s permission.
While seemingly harmless data, such as name, address, and telephone number, can be shared without permission, the law requires a person’s authorization before such data as the types of financial services they use, including checking, savings and investment services, can be shared with third parties.
The FTC, in a notice published in the Federal Register last Thursday, also said it is seeking industry comment about extending its privacy protection rules to “consumer” information in addition to “customer” data. The Financial Services Modernization Act defines a customer as an individual with a “continuing” relationship with a financial institution and a consumer as a person who primarily uses a financial product or service “for personal, family, or household purposes.”
Also the FTC said it wanted to know if the industry felt that privacy-protecting agreements should be required before any customer information is shared; if the rules should be extended to include small local financial institutions; and if they should specify how discarded outdated and unwanted customer records should be disposed of.
