Don't Throw Away Your Right To Financial Privacy
The Attorney General provides Consumer Alerts to inform the public of unfair, misleading or deceptive business practices, and to provide information and guidance on other issues of concern. Consumer Alerts are not legal advice, legal authority, or a binding legal opinion from the Department of Attorney General.
DON'T THROW AWAY YOUR RIGHT TO FINANCIAL PRIVACY - READ YOUR MAIL FROM FINANCIAL INSTITUTIONS AND DECIDE WHETHER TO SAY "NO!" TO INFORMATION TRAFFICKING
The Attorney General's office advises consumers to learn about their right to say "no" to the sharing of their personal information by financial institutions. Beginning July 1, 2001, financial institutions are allowed to sell your personal information to unaffiliated companies - but before they do, they must notify you of their information-sharing practices and give you the opportunity to limit some of the trafficking in your personal information. Do not throw out mail from banks, insurance companies, investment brokers, and other financial institutions until you have reviewed it for financial privacy information. If you do not exercise your right to say "no," these companies may begin selling your personal information to outside companies.
Many financial institutions have voluntarily adopted stricter information sharing policies than the law now requires, but many have not. Only by reading the information you receive, and by asking questions of financial institutions, will you know how your institution uses your personal information and be able to decide whether to take your business elsewhere.
As collecting, slicing, dicing, mixing and manipulating your personal information has become easier and cheaper - particularly since the use of the Internet has become widespread - there has been a corresponding increase in the reported cases of identity theft, which occurs when a person uses someone else's personal information - for example, your social security number, your credit card, or your driver's license - to fraudulently make purchases or obtain credit in your name. Some identity thieves have even generated criminal convictions under an innocent consumer's name. Identity theft can be a nightmare, but consumers can take steps to reduce their risk of becoming victims by limiting others' access to their personal information.(The information presented in this alert concerns data trading by financial institutions. For more information on ID theft, visit the Federal Trade Commission's website at http://www.ftc.gov/idtheft.)
The New Financial Privacy Laws - Good News And Bad For Consumers.
In passing the Gramm-Leach-Bliley Act of 1999, Congress repealed long-standing restrictions separating different sectors of the financial services industry. Now, banks, insurance companies and brokerage companies are allowed to merge or become corporate affiliates and to share consumers' personal information. (For example, a brokerage house or bank can now share information about a consumer's transactions with an affiliated insurance company.)
First, the good news: The new federal financial privacy rules require financial institutions to:
- give consumers some limited information about how their personal information is being shared;
- offer consumers a limited opportunity to block some trafficking in consumers' personal information before they may begin trading in your personal information;
- maintain the confidentiality of account numbers and not sell them to nonaffiliated companies for use in telemarketing, direct mail, or commercial e-mail.
Consumers have an opportunity to inform and protect themselves. By being vigilant - and active - consumers can stop the flow of some personal information between corporate databases and nonaffiliated, outside companies, such as information brokers, telemarketers, and junk mailers.
Now, the bad news: While Congress and other federal agencies have given consumers limited ability to protect the privacy of their financial information, the sad fact is that much of the information that financial institutions gather about their customers is not covered by these rules.
Financial institutions generally don't have to offer consumers the right to prevent "publicly available" information about them from being sold to other parties, or to prevent the sharing of even nonpublic personal information with "affiliates" of the financial institution. (An exception, however, is the sharing of non-transactional information, such as "creditworthiness" information, among affiliates under the federal Fair Credit Reporting Act - this information should be included in the notices you receive.)
The cost of preventing the sale or other transfer of nonpublic personal financial information to outside companies rests squarely on the consumers' shoulders - consumers must spend the time and effort to learn what rights they have, to determine how to exercise those rights, and then to invest the additional time and effort completing the opt-out process.
Attorney General Granholm, along with other state attorneys general, strongly recommended tougher privacy regulations than the ones now in place. The future may yet bring better privacy protections for consumers.
Frequently-Asked Questions About Your Right to Opt Out of CertainTrafficking in Your Personal Information
Under the Gramm-Leach-Bliley Act and rules established by the Federal Trade Commission and other federal agencies, financial institutions have an obligation to give their customers notice about the use of their personal information and a limited opportunity to block some information sharing.The questions and answers below cover elements of the FTC's rules. For additional information, visit the FTC's web page on the Gramm-Leach-Bliley Act at http://www.ftc.gov/privacy/glbact/glboutline.htm
1. Which "financial institutions" are covered by these laws?
According to the Federal Trade Commission, a "financial institution" includes banks, insurance companies, and investment businesses, as well as any other business "significantly engaged" in financial activities. "Financial institutions" may include:
- Retailers that issue their own credit cards
- Insurance companies
- Mortgage brokers
- Investment advisors
- Securities dealers
- Accountants and tax preparation services
- Lawyers and law firms (confidential client communications remain protected)
- Car dealerships that lease cars on a "non-operating basis" for more than 90 days
- Businesses that print and sell checks for consumers
- Check cashing businesses
- Businesses that operate travel agencies in connection with financial services
2. What Notice is Required?
Institutions must supply consumers with an initial privacy statement. Consumers who have a continuing relationship with a financial institution are entitled to additional statements on a yearly basis. The notice should include:
- An explanation of the consumers' right to opt out of disclosures to nonaffiliated third parties and how consumers may exercise their right;
- Categories of personal information the financial institution collects;
- Categories of personal information the financial institution discloses;
- Categories of affiliates and nonaffiliated third parties to whom the financial institution discloses the information;
- An explanation regarding disclosures of nonpublic personal information about former customers by the financial institution;
- A description of the financial institution's disclosures to nonaffiliated parties that fall within certain exceptions to the consumers' right to opt out;
- An explanation of consumers' ability to opt out of disclosures of certain types of information among affiliates under the federal Fair Credit Reporting Act (FCRA);
- A statement of the financial institution's confidentiality and security policies and practices regarding nonpublic personal information.
3. How does the opt-out notice work?
The opt-out notice is separate from the privacy statement. It must contain certain information and must be clear. Specifically, the opt-out notice must:
- State that the institution will disclose, or reserves the right to disclose, nonpublic personal information about you to outside companies, if this is the institution's policy;
- Tell consumers that they have a right to opt out of such information sharing;
- Provide consumers with a reasonable means for opting out
4. What is "nonpublic personal information?"
The new rules give consumers only a limited right to block sharing of certain information. Consumers have no right to block sharing of information that is "publicly available" which means:
- Information the institution believes can be legally obtained from government records
- Information the institution believes is available to the general public through telephone books, newspapers,
- Information from disclosures required by law to be made public
5. What is an "affiliated company?"
Generally, affiliated companies are individual companies that belong to the same corporate family. For example, an insurance company and a bank that are under the control of a third (parent) company would be affiliates, as would the parent company. Thus, neither the bank nor the insurance company would be required to permit you to opt-out of data sharing with the other company under the FTC's rules.
Under the Fair Credit Reporting Act, however, consumers have a limited ability to opt out of some information sharing between affiliates involving non-transactional information, including information about:
- Your alleged creditworthiness, credit capacity, and credit standing
- Your alleged character
- Your alleged general reputation
- Your alleged personal information
- Your alleged "mode of living"
Unfortunately, at this time, the Fair Credit Reporting Act does not give consumers the right to prevent affiliates from sharing "transaction and experience" information about a consumer. Such transactional information can include a wide variety of data many consumers would consider very personal, such as credit card charges a consumer makes and checks a consumer writes.
What Can You Do To Limit Trading in Your Personal Information by a Financial Institution?
- Read information you receive, or have received recently, from financial institutions and look for notices or statements containing phrases like " Opt Out," "Your Options," or "Your rights regarding personal information." These statements may not be in a separate mailing or even on a separate piece of paper. The privacy statement should not only tell you how your information is being used and how you can opt out of information-sharing between outside companies, but it should also inform you of your right to block certain non-transactional information, including "creditworthiness" and "character" information, from being shared between affiliated organizations.
- Exercise your right to opt out of information sharing. Notices from financial institutions should have clear and simple instructions for mailing in opt-out requests or calling a toll-free customer service number.
- Check with your financial institution to make sure your "opt-out" decision has been received and recorded.
- Learn more about your rights if you are concerned about how your financial information is used. (More information and links to websites are provided below).
- Contact any companies with which you have an existing relationship that you believe fall within the definition of a "financial institution." Ask them any questions you have about their privacy practices, and ask for instructions on how to opt-out of information sharing.
- Consider taking your business to a company that offers greater privacy protection if you are dissatisfied with how your financial institution is using your information
For More Information:This alert and others issued by the Attorney General's office can be found at the Attorney General's website at www.michigan.gov/ag The Federal Trade Commission has several pages of interest on its website at http://www.ftc.gov, including:
- Information on ID Theft
- Detailed Explanation of Financial Privacy Rules - http://www.ftc.gov/privacy/glbact/glboutline.htm There are various organizations that address privacy issues on their websites. (These links are for your reference only; the Attorney General does not endorse any specific private organization and does not vouch for statements made by these organizations. For more information, visit http://www.michigan.gov/ag/0,1607,7-164-21231-51915--,00.html.
If you have a complaint about a privacy notice or opt-out instructions, you may wish to file a complaint with the FTC. You may file a complaint online by visitinghttps://www.ftccomplaintassistant.gov/ or call toll free 1-877-FTC-HELP (382-4357).