Mr. Chairman, I am pleased that you are organizing a series of hearings on financial privacy. This subject is very important to individual Americans whose financial institutions hold a large amount of confidential financial information about them and to the financial services industry. I hope that during these hearings we can hear from consumer, privacy and industry groups, who have raised concerns in this area, as well as from the Administration, Federal regulators and other interested parties.
I welcome the distinguished panel of witnesses -- my good friend, Senator Leahy, who has provided leadership on medical privacy; and Senator Kyl, who has provided leadership in legislation prohibiting identity theft. I also welcome Congressman Ed Markey, who has provided leadership for many years on privacy issues, most recently with his amendment offered on H.R.10; Congressman Billy Tauzin, who called for privacy legislation giving consumers access to correct information that would be shared; Congressman Jay Inslee, whose privacy amendment was the catalyst for the House Banking Committee including some privacy protection in H.R. 10, and Congressman Ron Paul, who raised concerns regarding the "Know Your Customer" regulations, regulations about which I and others here in the Senate had concerns. Thank you all for testifying this morning.
Few Americans understand that, under current Federal law, a bank, broker or insurance company may take any information it obtains about a customer through his or her transactions -- for example, in a savings or checking account or with a credit card -- and transfer or sell that information to another company or post it on an Internet website. All of this is legal under Federal law -- without the customer's knowledge or consent.
Cross-marketing and today's computers make it easier, quicker, and less costly than ever to access, analyze and transmit data between a bank, broker and insurer. New business affiliations, such as permitted under S. 900, and advanced technology fuel consumer concerns about mishandling personal information.
I believe financial privacy is a fundamental right of all consumers that, unless adequately protected, is susceptible to abuse. On January 19, 1999, I introduced the Financial Information Privacy Act of 1999, S. 187, to balance citizens' financial privacy interests with the interests of financial institutions to cross-market and commercially exploit financial data about their customers. The bill was co-sponsored by Senators Dodd, Bryan, Leahy, Edwards and Hollings and they should all be commended for their leadership on these issues. I believe that every American who entrusts his or her highly sensitive financial information to a financial institution should know beforehand whether it will share or sell that information to anyone else. Every consumer should be able to make certain the information is correct. And, quite simply, every person should have the option to say "no" if he or she does not want that sensitive information given out. It astounds me that we are able to protect the privacy of one's videotape rentals and one's cable television selections under Federal law, but we have yet to protect a citizen's basic financial information from being shared by various financial institutions.
Our bill, S. 187, would direct the Federal financial regulatory agencies, after considering public comment, to enact regulations that would require banks and stock brokers to tell their consumers before selling or sharing with other companies sensitive personal transaction and experience information. This information includes account balances, CD maturity dates, credit card charge receipts, total assets, or whom they write checks to. A financial institution could sell or share the data with an affiliate unless the customer objects, or "opts out." An institution could sell this confidential data to an unaffiliated company only if a customer gives permission, or "opts in." The bill also allows consumers to make sure the information being distributed is accurate.
The public is greatly concerned over privacy, as polls show clearly. A 1998 Louis Harris poll asked people whether they agreed with the statement, "Consumers have lost all control over how personal information is circulated and used by companies." Eighty percent agreed.
The same poll asked "How concerned are you about threats to your personal privacy in America today -- very concerned, somewhat concerned, not very concerned or not at all concerned?" It found that 88% were concerned, including 55% who were very concerned. It is interesting to note that during the past twenty years, the percentage of those who are very concerned has increased and those who are not at all concerned has decreased. The financial privacy problem is getting worse.
The public is particularly concerned about their financial privacy. A survey by the American Association of Retired Persons of members published in March 1999 shows great concern:
Industry self-regulation to protect privacy generally has not worked. In many cases, the financial institution does not provide a notice sufficient for a consumer to understand what information is being shared or makes it accessible only to the small percentage of consumers who conduct business on the Internet. Many institutions do not give customers a right to prevent them from selling their account balances and other experience and transaction data. For example, some major banks have a policy that "Even if you 'request to be excluded from affiliate sharing of information,' we will share this other [transaction and experience] information about you and your products and services with each other [affiliate] to the extent permitted by law."
Abuses arising from sharing information without a customer's knowledge or permission have already taken place. For example, the SEC in May 1998 took enforcement action against a large national bank that gave an affiliated stock broker lists of customers with maturing CD s. The broker made misrepresentations selling securities to customers, many of whom were elderly and novice investors. More types of abuses are easy to imagine. Hypothetically, a stock broker could get from an affiliated bank the dates when a customer's paychecks or insurance proceeds are deposited and cold call to sell speculative securities on the next day.
President Clinton on May 4, 1999, called for greater protection for financial privacy. He said, "While some of your private financial information is protected under existing federal law, your bank, broker or insurance company could still share with affiliated firms information on what you buy with checks and credit cards -- or sell this information to the highest bidder. This law, to put it mildly, is outdated and should be changed --to give you the right to control your financial information, to let you decide whether you want to share private information with anyone else." He supports legislation containing protections similar to those contained in S. 187.
The European Union Data Protection Directive goes much further than privacy protections in place in the United States. American businesses operating in the EU must comply with EU principles in data handling. The Department of Commerce has been attempting to negotiate a safe harbor with the European Union for several months, but has not yet reached an agreement. The passage of legislation such as S. 187 could provide a solution for this important problem.
I want to focus on one aspect of the privacy problem, selling information to unaffiliated third parties. I have not heard objections to giving the consumer the right to choose whether to allow the financial institution to sell information to an unaffiliated company. Comptroller Hawke in a speech on June 7, 1999 warned the banking industry against practices that are "at least seamy, if not downright unfair and deceptive -- practices that practically cry out for government scrutiny." One of these involved the sale of personal customer financial information to telemarketers under which the bank gives extensive data in return for a commission on marketing sales. I feel that banks should not be able to sell account balances, credit card receipts, check stubs, or other transaction and experience data to marketers of, for example, time share resorts, casinos, home repairs, or precious metals without customer permission. At the very least, we should give consumers the right to protect their financial privacy from such surreptitious commercial exploitation.
Again, I welcome the witnesses and hope that these hearings will lead to us passing appropriate legislation that enables citizens to have more control over the use that their financial institutions make of sensitive financial information by providing them with rights of notice, consent and access.
Home | Menu | Links | Info | Chairman's Page