Skip banner
HomeHow Do I?Site MapHelp
Return To Search FormFOCUS
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint

Document ListExpanded ListKWICFULL format currently displayed

Previous Document Document 61 of 124. Next Document

More Like This
Copyright 1999 Federal Document Clearing House, Inc.  
Federal Document Clearing House Congressional Testimony

July 20, 1999

SECTION: CAPITOL HILL HEARING TESTIMONY

LENGTH: 4534 words

HEADLINE: TESTIMONY July 20, 1999 ROBERT R. DAVIS DIRECTOR HOUSE BANKING AND FINANCIAL SERVICES FINANCIAL INSTITUTIONS AND CONSUMER CREDIT UNIONS FINANCIAL PRIVACY

BODY:
Testimony of America's Community Bankers on Emerging Financial Privacy Issues before the Subcommittee on Financial Institutions and Consumer Credit Committee on Banking and Financial Services of the U.S. House of Representatives on July 20, 1999 Robert R. Davis Director of Government Relations America's Community Bankers Washington, DC Chairwoman Roukema and members of the Subcommittee, my name is Robert R. Davis. I am the director of government relations for America s Community Bankers. America's Community Bankers (ACB) is the national trade association for progressive community banks of all sizes. ACB members have diverse business strategies based on consumer financial services, housing finance, small business lending, and community development, and operate under several charter types and holding company structures. We appreciate this opportunity to testify before the Subcommittee today on this very important issue. Chairwoman Roukema, let me begin by commending you for holding these timely hearings on one of the most critical issues facing our nation s financial services industry and the customers we serve: protection of personal financial information privacy. Without a doubt, financial information privacy protection is one of the top issues facing our evolving financial services system and deserves the in-depth review and examination by Congress that these hearings represent. All of us are well aware of the growing public concern about information sharing practices, both in the financial services industry and in other sectors of our nation s economy. The news is full of stories about people receiving telemarketing calls during dinner or bundles of direct mail solicitations in their mailbox, with no knowledge about how or from where their personal information was obtained. As a consumer, I am personally concerned about my name, address, telephone number, and financial information being on thousands of lists targeting me and my family for the sale of products and services I may not want or need. At the same time, there are legitimate - even essential -- reasons for businesses to share information. If the free flow of information were cut off, financial institutions and other businesses could not carry out most of the transactions initiated or requested by customers. They could not offer to consumers new lines of products and services. They could not carry out the reporting and monitoring activities required by law. While many consumers are understandably upset about the occasional excesses of information sharing and marketing practices, I am confident that virtually none of them would support laws which would effectively ban information sharing altogether, or significantly restrict legitimate marketing programs. Clearly, information sharing practices should be subject to reasonable requirements. Those requirements should in part be the result of a self-examination by businesses of their own activities. In fact, many of them are now in the process of conducting such reviews. After all, the success of a company, particularly a financial institution, depends on establishing good relations with existing and potential customers. If a customer has reason to distrust or lose faith with a company with which they conduct business, that is one less customer a company will have the opportunity to serve. Good business sense dictates the old adage: "the customer comes first." Government should have a role in ensuring that basic standards to protect personal financial information privacy are established and implemented by financial institutions. While most businesses are serious about doing what it takes to maintain good customer relations, it only takes one highly publicized, isolated incident to upset the apple cart. Because financial institutions, particularly banks, depend on continued public faith in the integrity of the financial system, reports of excessive or abusive information sharing practices can have a detrimental impact on their ability to do business. ACB urges the 106th Congress to enact legislation which affirms its commitment to consumers that their basic privacy rights will be protected. Such legislation must be balanced to ensure consumers that their personal information will be protected, while not unduly interfering with the routine, legitimate practices of financial institutions. ACB commends the House for its efforts to reach that balance in the privacy provisions found in H.R. 10 and supports moving the legislation forward, with some suggested modifications. We thank the Subcommittee for this opportunity to discuss ways to improve the privacy provisions in H.R. 10. Summary In response to the questions you raised in your invitation letter of July 9, 1999, our testimony will focus on five major points: (1) ACB s policy position on customer information privacy; (2) some background and history of the financial information privacy debate; (3) our member institutions experiences with information sharing; (4) some recommended improvements for the privacy protection provisions in H.R. 10; and (5) the effect that more stringent privacy protection requirements might have on the operations of our member banks. As the voice for progressive, community banks, ACB strongly supports protecting the personal information privacy rights of consumers of financial services. On July 17, 1999, ACB s Board of Directors adopted the following official policy position on customer information privacy: ACB supports efforts to protect the non-public, personal information privacy rights of consumers of financial services. While existing laws and general industry practices have provided broad privacy protection for financial services customers, ACB supports the enactment of legislation which would properly balance the legitimate information sharing needs of a financial institution with the obligation to protect customer information privacy. ACB supports requiring all financial institutions to develop an individual privacy protection policy that applies to all bank products or products shared with partners or through other relationships, and provide that policy to all customers. An institution should only be required to provide each customer with its privacy policy once, unless substantive changes are made to the policy. This requirement should cover all financial institutions, including but not limited to insured depository institutions, credit unions, broker/dealers, investment advisers, investment companies, and insurance companies. Enforcement of this requirement should be assigned to an institution s functional regulator, where one exists, and to the Federal Trade Commission for those institutions which are not functionally regulated. A new private right of action for violations of the disclosure requirement should not be created. ACB recognizes that customers of community banks generally do not want their personal financial information sold to unrelated third party telemarketers. ACB does not oppose requirements that a customer be given the opportunity to opt out of having his or her personal financial information shared with unrelated third parties for marketing purposes, so long as these requirements do not apply to: (1) the sale of the bank s own products and services; (2) the sale by the bank of products and services as part of a contractual agency relationship with another company; (3) joint ventures and the providing of products and services through common employees; (4) information sharing practices to facilitate routine services, such as authorization, settlement, billing, processing, check clearing, transfer, or collection; and (5) information sharing practices needed to effect the sale of mortgages in secondary markets. Such requirements should not unfairly discriminate against smaller community banks which use contractual relationships with third parties for the same legitimate purposes for which larger banks use affiliates. Financial institutions should be required to notify customers once of the opportunity to opt out, and customers should be required to notify the financial institution within a reasonable, specified period of time if they choose to opt out. As with disclosure, this requirement should be applied to all financial institutions, not limited to insured depository institutions; overseen by the institution s appropriate functional regulator; and not subject to a new private right of action. ACB also supports criminalizing the practice of obtaining the personal financial information of another person through false, fraudulent, or deceptive means. To protect the health and medical information privacy rights of customers, ACB supports requirements that such information not be shared, unless the customer consents to such practices or directs that his or her health or medical information be shared with another party. This policy position is the result of substantial input and feedback, both from a public policy and real-life operational perspective, from a number of ACB member institutions. We are pleased that the approach taken in H.R. 10 generally tracks the key points in our policy position. We support legislation that, at a minimum, requires every financial institution to establish its own privacy policy and to share that policy with its customers; prohibits the sharing of health and medical information without the consent of the customer; and bans abusive pretext calling practices. We also appreciate the fact that the House of Representatives responded to concerns raised by ACB members and other smaller community banks and carved out critical exceptions to the bill s opt-out requirement for information sharing with third parties. Prior to House floor action on H.R. 10, some segments of the financial services industry suggested legislative language as a substitute for the onerous privacy protection provisions in the House Commerce Committee s version of H.R. 10. To ensure that smaller community banks had a say in the drafting process of privacy protection legislation, ACB and the Independent Community Bankers of America sent a letter on June 22, 1999 to Speaker Hastert and Minority Leader Gephardt requesting that financial privacy legislation not unfairly discriminate against community banks that use third party relationships for the same legitimate purposes for which larger banks use affiliates. We would like to thank Chairwoman Roukema, Representative Deborah Pryce, Representative Martin Frost, and other leaders in the House for their efforts to address these concerns. While we are not opposed to the bill s provisions to give consumers a say in whether or not their personal information is shared with third parties, we would like to suggest an alternative approach that will allow us to reach the same goal more efficiently and with greater certainty. Every day, smaller community banks use contractual relationships with third parties for the same legitimate purposes, such as marketing of products and services, while larger institutions often use affiliate relationships. H.R. 10 requires an opt-out procedure for these third-party information sharing activities, with certain carved out exceptions. Because it does not, however, impose a similar responsibility on sharing information with affiliates, H.R. 10 could still place smaller community banks at some disadvantage. While the bill s exceptions to the opt-out requirement will help mitigate this disadvantage by allowing banks to carry out routine activities, they may not cover all of the legitimate information sharing activities for which community banks use third parties. As a result, community banks would be forced to either tailor their activities to fit the bill s exceptions or give up activities the benefits of which cannot justify the cost of establishing an opt-out procedure. Instead of using H.R. 10 s approach of establishing a blanket opt- out requirement for information sharing with third parties and then carving out exceptions to this requirement, Congress should first determine which activities, practices, or relationships justify a required opportunity for a consumer to opt out, and apply that requirement only to those activities. This more direct approach would still give consumers the right to say no to the information sharing activities that give rise to a public policy concern. At the same time, it would protect smaller community banks from the cost and burden of having to justify each of their legitimate information sharing activities with third parties. While ACB commends the House for its efforts to date to help level the playing field between larger and smaller financial institutions, we do urge the House-Senate conferees to consider this alternative, targeted approach to the opt-out requirement. Background and History As we work to identify and address the public concerns about protecting personal financial information privacy, it is important to remember how we got here. To suggest, as some have, that financial information privacy protection is a "new" issue is inaccurate. For years, customer information privacy has been addressed by a number of existing statutes and regulations, including the Fair Credit Reporting Act (FCRA), the Right to Financial Privacy Act, the Electronic Communications Privacy Act, and others. In fact, just three years ago, Congress enacted a series of additional consumer protections when it reauthorized the FCRA. But as advances in technology allow financial institutions to provide more products and better services to consumers, there remains an ongoing responsibility to reevaluate these laws and their adequacy in protecting privacy rights. While consumers want to reap the benefits of a modernized financial system, they also want their personal financial information to be secure. Recent events, like the now-settled suit filed against U.S. Bancorp in Minnesota, have heightened public scrutiny of financial information sharing practices. In addition, well- publicized reports of abusive pretext calling practices have also raised concerns among consumers about the confidentiality of their personal financial information. Like it or not, these separate incidents could very well lead consumers to believe that their privacy rights might be threatened. That is not the case, and we cannot lead the public to believe it is. It is the responsibility of both the private and public sector to preserve consumer confidence in the integrity of our financial system. The twin goals of providing consumers with greater benefits, such as more efficient delivery of services and access to a wider array of products, and protecting their personal financial information privacy rights are not and should not be deemed to be mutually exclusive. As we move forward down the information superhighway, we must reassure consumers that their personal financial information privacy rights will be honored, both in the daily practices of financial institutions and in the law. Information Sharing Practices of ACB Member Institutions In June, ACB conducted a comprehensive survey of select member institutions, asking detailed questions about their information sharing practices. Because of the diversity of ACB s membership, survey respondents were asked about information sharing activities with both affiliates and non-affiliated third parties. The banks responding to this survey ranged from those which engaged in numerous information sharing activities to those which engaged in none. Information sharing activities engaged in by ACB members include: (1) use of outsourcers providing services for banks, e.g., check printing, credit card processing, ATM/EFT networks, data processing, etc.; (2) joint marketing arrangements with third parties, both for the sale by the third party of the bank s products and services and the sale by the bank of the third party s products and services; (3) mortgage activities, including mortgage servicing and securitization, and sales of mortgages in secondary markets; (4) activities involving dual or common employees; and (5) joint ventures, e.g., credit life insurance sales, and co-branding activities, e.g., credit cards. While this list is not exhaustive, it does illustrate the wide range of information sharing activities engaged in by ACB member institutions, both with affiliates and third parties. Just as importantly, however, is the fact that many ACB member institutions which do not presently engage in these and other legitimate information sharing activities may want to do so in the future. Feedback from our member institutions indicate that overly onerous regulation or restriction on potential information sharing activities could foreclose the opportunity for community banks to provide new products and services to their customers. Privacy Protection Provisions in H.R. 10 Even with the recently intensified efforts by financial institutions to reexamine their information sharing practices, many consumers may still feel that more needs to be done to protect their personal financial information privacy rights. In response to these concerns, the House adopted the privacy provisions in H.R. 10. As I stated earlier in my testimony, these provisions are generally consistent with the scope of ACB s official policy position on customer information privacy. We would, however, like to suggest the following improvements to the bill s provisions. Privacy Protection Obligation Section 501 of H.R. 10 states that each financial institution has an "affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers nonpublic personal information." ACB is concerned that the inclusion of this broad, vague legal obligation could have unintended, harmful consequences, such as creating an implicit private right of action by consumers. If Section 501 is retained, we ask that it be listed either as a non- binding statement of legislative intent or as part of Congressional findings. Disclosure Requirement Because we believe that an informed consumer makes a better customer, ACB supports the general requirement in Section 503 of H.R. 10 that each financial institution establish its own privacy policy and provide that policy to its customers. We do not believe, however, that such disclosure need be made at least once a year, as required by H.R. 10. Such disclosure should be provided to new customers at the time the customer relationship is established, to existing customers if the privacy policy is amended, and to existing customers within a reasonable period of time following the issuance of final regulations promulgated under the bill. Opt-Out Requirement ACB does not oppose the opt-out requirement found in Section 502 of H.R. 10 for information sharing activities with third parties. We would, however, suggest that targeting specific activities, practices, and relationships for an opt-out requirement would be a better and more direct approach toward resolving consumer concerns than the bill s blanket requirement for third-party information sharing activities with exceptions. For example, an opt-out requirement could be imposed in cases where a third party uses a bank customer s information to telemarket its own products to the bank s customer. Such a requirement would help address the recently settled complaint raised in Minnesota against U.S. Bancorp. At the same time, it would not limit institutions from establishing new multiple-party marketing agreements or joint ventures, such as those related to expanded use of the Internet. If the approach taken in Section 502 is retained, ACB would suggest expanding the bill s exceptions to the opt-out requirement. While the current exemption language in H.R. 10 covers many of the activities and relationships in which ACB member institutions are engaged, other practices, such as joint ventures and co-branding activities, should also be explicitly included in the list. Disclosure of Account Numbers Section 502(d) of H.R. 10 prohibits the disclosure by a financial institution of account numbers to any unaffiliated third party for use in telemarketing to a consumer or for use in direct mail or electronic mail marketing. It should be amended to allow for the same exceptions applicable to the bill s opt-out requirement. Customer Lists Under Section 509(4) of H.R. 10, "nonpublic personal information" is defined to include "any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable information other than publicly available information." This broad definition could subject to an opt-out requirement any list or grouping of customers by a financial institution, no matter how broad the category. This definition should be narrowed to focus on the types of lists or groupings that the public finds objectionable. Other Recommendations ACB also recommends that a broad federal preemption of state laws be included in the bill. In the absence of a federal preemption clause, financial institutions would not only have to comply with federal law, but also with a host of potentially conflicting state laws. This would make compliance unduly difficult and burdensome, particularly for those financial institutions with operations in more than one state. ACB is pleased that the disclosure and opt-out requirements in H.R. 10 will be functionally regulated. Consistent with our official policy position, we also support the protection of health and medical information privacy in Section 351 of the bill and the ban on abusive pretext calling practices in Subtitle B of Title V. We respectfully urge the House-Senate conferees to take our recommendations into consideration as they work out the differences between the privacy provisions in H.R. 10 and S. 900. Effect of More Stringent Privacy Requirements If the privacy provisions in H.R. 10 are enacted, it would mark the biggest step ever taken by Congress to put in law basic standards to protect personal financial information privacy. Still, we recognize that there are members of Congress who believe that the privacy provisions in H.R. 10 should be even more stringent. Some of these proposals include imposing an opt- out requirement on information sharing between affiliates, requiring an opt-in procedure for information sharing with all third parties, or creating a private right of action as a means of enforcement. Given the experience of our member institutions with information sharing practices, ACB does not believe that such proposals warrant legislative action. ACB supports the decision by the House not to include in H.R. 10 an opt-out requirement on information sharing activities between affiliates. The bill defines "affiliate" as "any company that controls, is controlled by, or is under common control with another company." Because of the required controlling relationship between a bank and an affiliated firm, any customer information sharing in which these businesses engage must be kept within the same corporate family structure. An even tighter relationship can be found in cases where a bank owns a service corporation, as many ACB member institutions do. At the same time, ACB reiterates its opposition to legislation that would unfairly discriminate against smaller community banks which use third party contractual relationships for the same information sharing purposes for which larger banks use affiliates. We do not, however, believe that imposing restrictions on affiliate information sharing practices is an acceptable way to ensure fairness. Instead, we continue to encourage Congress to target the opt-out requirement to specific information sharing activities, practices, or relationships which raise appropriate concerns, or failing that, to exempt from the opt-out requirement those legitimate activities, practices, or relationships with third parties. In addition, we believe that the study of affiliate information sharing required by H.R. 10 represents a prudent course at this time for identifying any future problems that should be addressed in law. ACB would also oppose an opt-in requirement for information sharing with third parties. While this idea might seem attractive to some people in theory, the real-life impact of such a draconian requirement would mark the effective end of many marketing activities. Consumers would stand to lose the most from such a mandate, because they would lose access to information about many of the products and services that can be offered today as a result of appropriate information sharing arrangements. Finally, ACB would oppose any proposal to create a private right of action as a means of enforcing privacy protection requirements. Such a right of action has the potential for flooding banks - particularly smaller, community banks - with frivolous litigation, thereby hindering their ability to serve their customers and communities. We believe that the bill s use of functional regulation represents the best means of enforcing the privacy protection requirements in H.R. 10. Conclusion As I conclude my statement, I would like to reiterate a point that I made at the outset of this testimony. In addition to working in the financial services industry, our members are also consumers. The practices in which they engage affect all of us. In order to maintain the trust and confidence of their customers, our members are committed to not engaging in excessive or abusive information sharing practices. They just want the continued ability to efficiently serve the financial needs of their customers and local community. While financial information privacy has been a hot-button issue with the general public, it should not be forgotten that the financial services industry represents just one segment of our nation s economy, and the segment that is most secure. With every transaction you make - whether with a financial institution, a department store, a mail-order catalog company, or other business - information is created. Sometimes, the data you generate may be found later on someone s mailing or telemarketing list, but if it does, it most likely did not come from a financial institution. While the information sharing practices of financial institutions should be examined by Congress, as these hearings do, other industries must be required to participate in the effort to reassure the public that their personal information will be protected. And with the ever expanding use of the Internet, the importance of their inclusion is almost certain to increase. Again, Madame Chairwoman, let me commend you for holding these very important hearings and thank you for the opportunity to testify today on behalf of America s Community Bankers. We look forward to working closely with you, the Congress, federal regulators, and the general public to protect the personal financial information privacy rights of consumers. Speaking on behalf of our member institutions, I can assure you that we at ACB will do our part.

LOAD-DATE: July 21, 1999




Previous Document Document 61 of 124. Next Document


FOCUS

Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
   
About LEXIS-NEXIS® Congressional Universe Terms and Conditions Top of Page
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.