Financial Privacy: The Choice Is in the Mail

Brief Analyses | Privacy

No. 360
Friday, April 27, 2001
by Donald G. Ogilvie

In one of the largest financial-customer notifications ever, banks and other financial institutions are mailing information to every customer of record to clarify how they collect and use people's financial information and what options customers have with regard to the sharing of this information. Many bank customers have already received notices. The mail campaign is a result of the Gramm-Leach-Bliley Act of 1999.

By July 1, 2001, every U.S. financial institution must notify customers about its policies and practices regarding the protection and disclosure of nonpublic personal information. Customers will be given the opportunity to "opt out" of any sharing of information with third parties. If customers don't do anything, their information will be available to the financial institution to use within federal regulatory guidelines.

Reasons for the Opt-Out Approach

Many consumers don't read business mail, much less read and respond to a privacy notice. Bankers estimate that as many as nine of every 10 people would never respond. This was the experience of U.S. West, now a part of Qwest Communications, when the Federal Communications Commission required it to gain approval from its customers before it could share information about customer calling patterns.

  • When U.S. West contacted its customers by mail, just 6 to 11 percent of residential customers and 5 to 9 percent of business customers responded and opted in.
  • The company then turned to the telephone for those who had not responded, and made an average of 4.8 calls to each customer before reaching an adult who could grant consent.
  • Even when reached, 39 percent either hung up or asked not to be called again; one-third (33 percent) refused to grant approval and about one-fourth (28 percent) granted approval.

The process consumed both time and money. It cost U.S. West nearly $30 for each customer contact. Financial institutions feared that they would face the same experience if customers were required to opt in, and prevailed on Congress to include an opt-out provision in the new legislation. This allowed customers who did not want their information shared to have their wishes respected, but given the typical response to business mail, it meant that most customers would allow sharing of their personal financial information by default.

The Benefits of Information-Sharing

Why would someone want to agree to having his or her information made available? There are advantages not only to the financial institutions but also to consumers.

Let's say you're a bank customer with a checking account and a credit card account. In addition, you financed your mortgage through the same bank. Now you'd like to take out a loan to buy a new car. Ordinarily, the bank would have all your information in one place, making it relatively easy to apply for the new loan. But if you failed to allow the bank's various business lines to share information with one another - if you chose not to "opt in" - the bank would be forced to ask you to fill out a potentially lengthy application for the car loan - even though most of the relevant information probably already existed elsewhere in the bank.

The auto-loan people wouldn't be able to talk to the mortgage people, who couldn't talk to the checking account people, who wouldn't be able to talk to the credit-card people. Your financial information at the bank would be compartmentalized. You might begin to wonder: At what cost have I gained my complete privacy?

Under some early opt-in plans (where the customer had to specifically give permission to share information), even providing customers with simple conveniences like one monthly statement consolidating all account information, or the ability to call a toll-free number to check on accounts, would have been impossible.

Congress recognized the problems with opt-in and chose the saner, more efficient opt-out. Customers may still invoke a privacy shield under opt-out. The law allows every consumer - every year - to choose not to have his or her information shared. If you do nothing, your financial institution will continue to handle your financial information as before. This allows banks to continue to use the information to conduct loan reviews, arrange for printing of checks by outside vendors and engage in other routine business operations.

Financial institutions rely on integrated information systems to operate more efficiently on behalf of their customers, thus avoiding the cost of maintaining duplicate systems. Allowing customers to opt out, versus requiring them to opt in to information sharing, is far more practical and efficient and makes better business sense for both the institution and the customer.

Proper Use of Consumer Information

Most consumers trust financial institutions to manage their information responsibly. As the figure shows, a 1999 IBM study found that Americans think financial companies and health care companies do the best job of protecting customer information. They rated banks ahead of charities, retailers and governments. A more recent Gallup study found that on the trust question, banks rate higher than all other financial institutions, including finance and insurance companies, online brokerages, stock brokerages, mortgage firms and mutual fund companies.

Regardless of opt-in or opt-out, financial institutions may not disclose account numbers to any nonaffiliated third party for telemarketing, direct mail marketing or similar marketing purposes. And financial institutions must follow federal regulatory guidelines to ensure the security and confidentiality of customer records, protect against any threats to that security and prevent unauthorized access to such records.

Modernizing Financial Institutions

Although Gramm-Leach-Bliley deals with privacy of financial information, the legislation is really about financial modernization. It removes Depression-era barriers among banks, securities firms and insurance companies, increases competition and is predicted to save U.S. financial consumers $15 billion a year.

Responsible information-sharing allows a financial institution to recognize and respond to the individual needs of its customers, provide new product and service information, add competition and keep prices low. Proper use of information can also lead to better fraud detection, improved service at the automatic teller machine, better financial reporting to the customer and more.

Donald G. Ogilvie is Executive Vice President of the American Bankers Association.


Read Article as PDF