Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
July 20, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 2376 words
HEADLINE:
TESTIMONY July 20, 1999 JACK BRICE HOUSE BANKING AND FINANCIAL
SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL PRIVACY
BODY:
TESTIMONY BEFORE THE FINANCIAL INSTITUTIONS
AND CONSUMER CREDIT SUBCOMMITTEE OF THE HOUSING AND FINANCIAL SERVICES COMMITTEE
ON EMERGING FINANCIAL PRIVACY ISSUES JULY 20, 1999 WITNESS: JACK BRICE For
further information, contact: Roy Green Federal Affairs Department (202)434-3800
Good morning, Chairwoman Roukema and members of the Subcommittee on Financial
Institutions and Consumer Credit. My name is Jack Brice. I live in Decatur,
Georgia, and I serve as a member of AARP s Board of Directors. The Association
appreciates this opportunity to present our views regarding the important issue
of protecting the personal financial information and medical records of
individual Americans. AARP recognizes the potential that a modernized financial
services industry may offer in the way of new and useful products and services,
as well as the potential for cost savings to the consumer. However, the
Association is concerned about the risks involved in allowing the integration of
the financial services industry without also updating consumer information
privacy protections. In December of 1998, AARP sponsored an independently
conducted national telephone sample survey of its membership regarding their
awareness of privacy issues. Results from this widely reported survey include
the following findings: 78 % of respondents disagreed, 56 % disagreeing
strongly, with the statement: "Current Federal and state laws are strong enough
to protect your personal privacy from businesses that collect information about
customers." At least 87 % of respondents reported that it would bother them if
personal information were sold by businesses, government agencies or Web sites
to other businesses. 81 % of respondents opposed newly affiliated companies
being allowed to internally share personal and financial information about
customers. Over two-fifths (42 %) of respondents indicated that they "didn t
know" who they would turn to for assistance if a company were inappropriately
sharing or selling their personal information. Nearly one-fifth (19 %) indicated
that they had been approached by a company offering to protect their information
privacy for a fee. An analysis of the full survey is provided as an appendix to
our written testimony. The issue of financial privacy has emerged from a
recognition that our nation lacks a consistent, binding process for protecting
the privacy rights of consumers with regard to personal financial information
collected and disseminated by private financial enterprises. It is clear from
AARP s survey that mid-life and older Americans feel vulnerable to the complex
and fundamental changes that have already occurred in this period of financial
transformation. Survey respondents were concerned that they would be put at
further risk by the financial mergers that are yet to occur -- if adequate
personal privacy safeguards are not put into place. Extensive personal
information is already routinely gathered and distributed by a wide range of
financial institutions. As banks merge with securities and insurance firms,
financial privacy protection for confidential information grows increasingly
important. It is clear that financial privacy of consumers should not be
considered as incidental to the modernization of the financial services industry
- but rather as an inherent part of it. In fact, there is good reason for
consumers and financial service providers to agree on the need for improved
security and confidentiality measures that protect personal financial
information. Both consumers and service providers can appreciate that this type
of information has great value and is worth protection - if for different
reasons. For example, AARP concluded, along with a wide cross-section of
interests representing the financial industry, and many other consumer advocacy
groups, that the proposed "Know Your Customer" program proposed by the four
major federal financial regulatory agencies represented a significant breach by
the federal government of the firewall protecting the individual s right to
privacy. This program would have gone well beyond clarifying suspicious
transactions for which financial institutions are already authorized to be on
the lookout, to a requirement that financial institutions construct customer
data warehouses that would be exploitable by the most sophisticated data mining
technologies. This program also could have led to increased use by financial
institutions of customer data segmentation, and more highly targeted marketing
campaigns. This widely opposed governmental intervention into personal financial
affairs was withdrawn. Financial services industry and consumer interests have
another opportunity to work together to protect the security and confidentiality
of personal financial information on the issue of "pretext calling". While the
House and Senate have passed different versions of financial modernization
legislation, both include provisions that would make it a federal crime to use
false pretenses (so-called pretext calling) to gather private information about
an individual from a bank. However, the essential question raised by your letter
of invitation to testify before this Subcommittee is: Can the actual or
perceived costs in the loss of privacy to the individual through the largely
unfettered use of personal information collected by private sector financial
institutions, ever outweigh the benefits of new and useful services and
products--and potential savings - to the consumer it may offer? How can we
balance and manage those risks? Federal and state financial privacy protections
available to consumers today are limited, and in some aspects dated by the
development of new information technology that has led to new forms of business
and business practices. For example, the concept of the "virtual company", where
business information and personnel are distributed across computer-linked
networks that require a minimum physical presence in any one site or nation, is
predicated on the use of technology in this manner. The Fair Credit Reporting
Act (FCRA) plays a marginalized role in this context, as it only regulates the
collection and use of personal data by credit-reporting agencies to unaffiliated
third parties. The Equal Credit Opportunity Act (ECOA) prohibits creditors from
gathering certain types of personal and demographic information from credit
applicants. The Right to Financial Privacy Act (RFPA) of 1978 limits the ability
of financial institutions to disclose customer information to agencies of the
federal government. More specifically with regard to the FCRA, while the Act
restricts the sale of consumer credit information, such as credit card accounts,
there is generally no restriction on credit bureau sales of personal background
information such as date of birth and Social Security number. Two of the three
largest credit- reporting agencies in the United States have voluntarily stopped
selling such information. However, the U.S. Federal Trade Commission (FTC)
recently took action against the third agency to stop such sales. Efforts were
made to address these gaps in protection during committee deliberations
regarding H.R. 10, the Financial Services Act of 1999. AARP was disappointed,
however, that many of the personal information privacy protections included in
the version of the bill reported out of the House Commerce Committee were
dropped from the version finally passed by the full House. AARP was encouraged
by Commerce Committee bill provisions requiring that: Financial firms have and
disclose a privacy policy. Consumers be given the opportunity to say no to, or
"opt out" of, personal information being transferred among financial firms
business affiliates as well as unrelated third-parties, such as telemarketers.
Consumers have access to their information held by third-party companies, as
well as the ability to correct the information. AARP believes that financial
services modernization legislation should go even further to protect consumers.
Specifically, AARP believes that: Consumers should not be compelled to pay to
block such information dissemination. Nor should they be forced to comply with
cumbersome procedures to ensure that protection. Consumers explicit and recorded
consent should be obtained before any sale or sharing of their non-publicly
available financial records to third parties or to business affiliates. In
addition, businesses that maintain customer databases should be required to mark
the data files of customers who do not want information about themselves
disseminated and to notify consumers of the opportunity to prevent distribution
of information. At a minimum, this notification and opportunity to prevent
distribution of their information should be renewed when new data is being
collected or added, as well as in instances of business mergers or acquisitions.
Consumers should be provided avenues for redress if they are harmed by an
inappropriate disclosure or use of their personal information. The version of HR
10 that passed the House allows a financial service provider to continue the
practice of sharing individual financial information with its affiliates, as
well as unrelated third-parties that market products in alliance or partnership
with the data-collecting institution, without the customer s consent. The
House-passed HR 10 only requires the customer s consent before allowing the
financial services provider to share private account information with
telemarketers and other unrelated third-parties. Many in the financial services
industry have raised concerns that updating financial privacy requirements in
this fashion would reduce the benefits of HR10. There has been a great deal of
discussion with regard to the benefits of the "synergism" that will be created
through modernization and cross-marketing of financial services by individual
financial institutions. Often cited as an important source of those benefits is
information management along with associated technologies. One of the most
rapidly expanding sectors within information technology is adaptable records
management and retention software. AARP believes that the synergism of
information being used by the financial services sector to develop and market
new and useful products and services can effectively be adapted or adopted to
manage the personal information privacy choices of those same customers. The
efficient and effective sharing of individual- linked data bases within or
across organizations ultimately depends on the information technologies used to
manipulate it. AARP believes that individuals should participate in the
decisions regarding the sale, use and dissemination of any personal financial
information collected on them. Such a relationship would not prohibit the
mutually beneficial collection, retention or distribution of personal data, but
rather enhance its value to business and customer alike. A performance-binding
information disclosure policy would, at the points of information collection,
help to educate individuals regarding its intended uses - not inhibit its
efficient use. Performance standards need to be put into place that take
advantage of the efficiencies and conveniences that information technology can
provide, while providing security, confidentiality and privacy for the customer
s personal data. The medical records provisions of HR 10 are also of concern to
AARP. A medical history contains some of the most private information collected
about any individual. It is critical that individuals be able to participate
actively in decisions about how these data will be used, and to consent to whom
will have access to their personally identifiable medical information. AARP
believes that minimum federal standards for maintenance of the privacy and
confidentiality of personal health information would best be established through
comprehensive federal legislation applying to all health information, no matter
where, or why collected. In particular, AARP believes Section 351 of HR 10, the
Confidentiality of Health and Medical Information provision, is deficient on at
least two points. First, it permits far too much "sharing" of personally
identifiable health information within the financial services industry - that
will extend beyond the knowledge or consent of the affected individuals. Section
351 would legislate to financial institutions much more authority to share
confidential health care information than currently exists within the health
care business. Second, consideration of comprehensive health information
privacy and confidentiality legislation is already being debated in the
Senate. After passage of a comprehensive medical privacy act, Section 351 would
be unnecessary. AARP believes that the Congress should continue the extensive
legislative work that has already been accomplished in this area, and enact
comprehensive federal legislation applicable to the management of all personal
health information. Conclusions The bottom line is that AARP believes that
consumers have a right to be involved participants in financial service provider
decisions regarding the dissemination of their financial information and medical
records. The Association believes that consumers have the right to reject
unauthorized use of personal financial information and medical records outside
the original business context in which and for which the data were collected. We
will look closely at the conference report on HR 10, if it develops, to
determine whether individual, including medical, privacy is being compromised.
AARP looks forward to working with you, Chairwoman Roukema, the other members of
this Subcommittee, and members of the House and Senate, as the work of the
conference committee approaches. Again, the Association appreciates this
opportunity to offer its views on an issue of fundamental importance to older
and younger Americans alike. I would be happy to respond to any questions you
may have. In compliance with House Rule XI, clause 2(g) regarding information of
public witnesses, attached is AARP s statement disclosing federal grants and
contracts by source and amount received in the current and preceding years.
LOAD-DATE: July 21, 1999