Hearing on Financial Privacy Issues

Prepared Testimony of The Honorable Pat Leahy (D-VT)
United States Senator

10:00 a.m., Wednesday, June 9, 1999

Mr. Chairman and Senator Sarbanes, I commend you and the Committee for convening this hearing on privacy issues involving financial information.

The right to privacy is a personal and fundamental right implicitly protected by the Constitution. But today, any bank in this country may sell or share your personal financial information. Your bank, for example, may sell to the highest bidder information about whom you wrote your last check to, or how much that check was for, or the date of that check. And even if you tell your bank to stop selling or sharing this information, your bank does not even have to honor your request under current law. In short, if you have a checking account, you may have a financial privacy problem.

That is why I am an original cosponsor of the Financial Information Privacy Act of 1999, S.187, introduced by Senator Sarbanes on the first day of this Congress. I commend Senator Sarbanes, along with Senators Dodd, Bryan and Edwards, the other original cosponsors of S. 187, for their leadership on the Senate Banking Committee in protecting the privacy of personal financial information.

I am an enthusiast when it comes to the Internet and our burgeoning information technologies. These are exciting times, and the digitalization of information and the explosion in the growth of computing and electronic networking offer tremendous potential benefits to the way Americans live, work, conduct commerce, and interact with their government. But we must make sure that information technology remains our servant, instead of becoming our master. Our right of privacy has become one of the most vulnerable rights in the Information Age. We must master new threats to our individual privacy and security, and in particular, to our ability to control the terms under which our personal information is acquired, disclosed and used.

In the financial services industry, conglomerates are offering a widening variety of services, each of which requires a customer to provide financial, medical or other personal information. And nothing in the law today prevents subsidiaries within the conglomerate from sharing this information for uses beyond those the customer thought he or she was providing it for. In fact, under current Federal law, a financial institution can sell, share, or publish savings account balances, certificates of deposit maturity dates and balances, stock and mutual fund purchases and sales, life insurance payouts and health insurance claims.

The Comptroller of the Currency, John D. Hawke, Jr., just this week scolded banking industry executives for their practice of selling customers' personal financial information to telemarketing firms in return for a commission on sales. According to Mr. Hawke, bank customer information being sold to telemarketing firms includes addresses, telephone numbers, account balances, credit card purchases, last payment dates, and even customers' occupations.

As President Clinton recently warned: "Although consumers put a great value on privacy of their financial records, our laws have not caught up to technological developments that make it possible and potentially profitable for companies to share financial data in new ways. Consumers who undergo physical exams to obtain insurance, for example, should not have to fear the information will be used to lower their credit card limits or deny them mortgages." I strongly agree.

As the Committee considers legislation to safeguard the privacy of financial information, I propose three principles to guide your consideration.

First, consumers deserve the basic privacy rights of notice and choice about the use of their personal financial information. Financial institutions should be required to inform consumers of plans to share or sell their financial information, and consumers should have control over the use and the sharing of all their financial information.

An area of particular concern to me is safeguarding medical information. Medical records contain the most intimate, sensitive information about a person and must be safeguarded. Yet cross-industry mergers and consolidations have given banks and other financial institutions unprecedented access to consumers' medical records. I support legislation preventing the sharing of medical information, such as that gathered from life insurance records, within financial services conglomerates.

Second, individuals deserve a civil right of action to enforce their financial privacy rights. Individuals whose privacy rights have been violated -- whether those rights were violated either knowingly or negligently -- should be permitted to bring a legal action to recover their damages. Privacy rights must be enforceable in a court of law to be truly effective.

Congress should also consider whether each state Attorney General should be granted enforcement powers regarding financial privacy rights, as the state Attorneys General enforce other basic consumer protections across the nation.

As the ranking member of the Senate Judiciary Committee, I look forward to working with members of this committee to craft effective civil action enforcement provisions in any financial privacy legislation.

Third, our privacy safeguards for personal, financial information must measure up to the tough privacy standards established by the European Union Data Protection Directive, which took effect on October 25, 1998. Failure to comply with the directive could become a big problem for American businesses, since the new rules require EU member countries to prohibit the transmission of personal data to or through any non-EU country that fails to provide adequate data protection as defined under European law.

The problem is not that Europe protects privacy too much. The problem is our own failure to keep U.S. privacy laws up to date. Think of how much our technology has changed since our current privacy policies were written. The EU Directive is an example of the kind of privacy protection that American consumers need but do not now have. It has encouraged European companies to develop good privacy practices and techniques. It has produced policies that are consistent with the interests of both consumers and businesses.

I look forward to working with members of the Committee to update our laws to provide fundamental protection of the personal financial information of all Americans.

Home | Menu | Links | Info | Chairman's Page