WHITE HOUSE PRIVACY BILL INTRODUCED IN CONGRESS

[11884] May 15, 2000 TO: BOARD OF GOVERNORS No. 26-00 FEDERAL LEGISLATION MEMBERS No. 6-00 PRIMARY CONTACTS - MEMBER COMPLEX No. 31-00 PUBLIC INFORMATION COMMITTEE No. 18-00 RE: WHITE HOUSE PRIVACY BILL INTRODUCED IN CONGRESS ______________________________________________________________________________ On May 4, a Clinton Administration bill to expand significantly the privacy provisions in last year’s financial services reform law was introduced in Congress. The White House privacy initiative, introduced by Rep. John LaFalce (D-NY) in the House (H.R. 4380) and Sen. Patrick Leahy (D-VT) in the Senate (S. 2513), would extend the 'opt-out' language in the Gramm-Leach-Bliley Act (GLBA) and also create an 'opt-in' for "especially sensitive information." The following details the current law and how the Clinton-Gore proposal would modify it. Current Law: The Gramm-Leach-Bliley Act The GLBA, enacted last November, requires financial institutions to adopt a privacy policy and disclose the details of the policy to consumers. It also contains an 'opt-out' provision that requires financial institutions to give consumers an opportunity to prevent the sharing of their nonpublic personal information with nonaffiliated third parties only. However, there are a number of exceptions to this rule. For example, a financial institution is not required to provide an 'opt-out' if the sharing of consumer information with a third party is part of the ordinary course of providing a financial service or product, or is done to market the financial institution’s own products or services. In addition, the GLBA gives the SEC sole enforcement authority on privacy matters over SEC-regulated financial institutions, such as mutual funds, brokers, dealers and investment advisers. Proposal: Clinton-Gore Privacy Initiative ’Opt-out’ for affiliates. The White House proposal would change the 'opt-out' provision in the GLBA to include affiliates as well as nonaffiliated third parties. The bill preserves the GLBA exceptions for sharing information as part of the ordinary course of business. However, the Administration’s proposal eliminates the GLBA’s exception for joint marketing purposes. In addition, the Clinton-Gore proposal imposes a new restriction on how financial institutions can receive 'opt-out' responses from consumers. It specifies that a consumer must be able to exercise the ’opt-out’ through the same method of communication by which the ’opt-out’ notice was disclosed to the consumer, or by another method at least as convenient to the consumer. ’Opt-in’ for "sensitive" information. The Clinton-Gore bill would prohibit financial institutions from sharing information about a consumer’s personal spending habits or health without first obtaining the consumer’s affirmative consent. According to the legislation, personal spending habits include an individualized list of a consumer’s transactions or an individualized description of a consumer’s interests, preferences, or other characteristics derived from payment information. The proposal includes exceptions for transaction processing, servicing of consumer accounts, and other necessary activities such as law enforcement. Consumer access to information. The Clinton-Gore proposal would modify the GLBA to allow consumers to have access to their information that is under the control of, and reasonably available to, a financial institution. The bill also requires a financial institution to give consumers the opportunity to dispute the accuracy of information and to present evidence of any inaccuracy. A financial institution must correct or delete information identified by the consumer as incomplete or inaccurate. The proposal would not, however, force a financial institution to give consumers access to confidential commercial information or to make disclosures that would interfere with law enforcement. In addition, a financial institution may impose a reasonable fee for making information available to consumers, provided that consumers receive prior notice of the fee. Timing of notice. Presently, the GLBA requires a financial institution to disclose its privacy policy to consumers at the time of establishing a customer relationship. The Clinton- Gore bill amends this provision to require disclosure of the policy prior to establishing a customer relationship. Enforcement. The GLBA gives the Federal Trade Commission (FTC) authority to enforce the law's privacy provisions against any financial institution that is not within the jurisdiction of another financial regulator, such as the SEC or the Federal Reserve. For these financial institutions, the Clinton-Gore proposal would make a violation of the company’s own privacy policy a criminal offense as an unfair or deceptive act or practice. It would also grant states concurrent authority with the FTC to enforce the FTC's privacy regulations. This would not affect SEC-regulated financial institutions, such as mutual funds, brokers, dealers, and investment advisers, as the SEC would retain sole enforcement authority over them for violations of the GLBA privacy provisions. Redisclosure of information. Under the White House proposal, an affiliate or nonaffiliated third party that has received nonpublic personal information from a financial institution may not redisclose the information to any other person unless that disclosure would be lawful if made directly by the originating financial institution. * * * * Senate Banking Committee Chairman Phil Gramm (R-TX) said in a May 4 press release that regulators are still writing the privacy rules mandated by the GLBA, and that customers and their financial institutions need time to absorb those new rules before Congress considers changing them. Matthew P. Fink President