"Opt-Out" Of Financial Data Sharing

David Carver writes: "I heard about this on a local news station this morning: The Financial Modernization Act, passed in 1999, allows financial institutions to share your personal financial information to other institutions without your explicit permission. They have been required by law to inform you of your rights by July 1st. The good news is that you can choose to opt out of this, but you must notify, in writing, any bank, credit card company, etc. with which you have an account. A sample opt-out letter, courtesy of Ralph Nader, is available at privacyrightsnow.com."

michael: If you check around there have been a lot of news stories written about this law. Until this law was passed, there were laws in place that separated banks from the insurance and securities industries. That is, your bank couldn't also be your stock broker or your insurance company. The main law creating this situation was called the Glass-Steagall Act, and was passed in 1933 right in the middle of the Great Depression. Speculation in the stock market by banks was a major cause of the stock market crash of 1929, and the goal of the law was to prevent another such crash. Scores of banks failed when their stock investments turned sour at the same time as depositors wanted their money out. When these three industries are combined into single corporate entities, society is putting all of its financial eggs into one basket - a crashing stock market leads to rising insurance claims and makes the bank insolvent precisely at the time that it needs to have lots of cash on hand. We as a society have learned this lesson, and due to this law, sometime in the future we will learn it again.

Fast-forward to the present. The Gramm-Leach-Bliley Act of 1999 got rid of most of those restrictions, freeing banks and securities firms and insurance firms to consolidate. Gramm, Leach and Bliley are three Republican Congressmen who have all received huge bribes (sometimes called campaign contributions) from the banking industry. Essentially, like the 1996 telecommunications law which paved the way for the return of Ma Bell (the seven Baby Bells have merged into four, while stifling all possible competition in any way possible), this law will eventually result in a financial services industry dominated by a very few mega-institutions. The law was written to override not only the old Federal law, but also state laws which would have prohibited these mergers. It was strongly supported by the Republicans and lightly supported by the Democrats, after massive lobbying from the banking and financial industries. The securities firms and insurance firms loved this, because "having a lot of money in your bank account" is a good indicator that you'd be willing to invest in the stock market, and now they can simply purchase the data from your bank, or better yet, merge with it, to get access. The banks loved it because insurance and securities represented new revenue streams that were previously untapped. Additionally, it allows all sorts of conflicts of interest - advising customers to buy stock in company A while the bank itself is selling it, etc. etc.

Anyway, one of the weak additions to the bill insisted on by Clinton were the provisions affecting privacy. In a nutshell:

• Banks can share any and all information about your financial doings with any corporation that they have a business relationship with or are otherwise associated with. They can sell anything they know about you - Social Security numbers, account numbers, who you write checks to, what you buy with your credit card, etc. A Washington Post column sums it up nicely.
• You can't opt-out of that.
• Banks can also share any and all information about your financial doings with anyone else.
• You can opt-out of that.
• But the business relationship mentioned at the start could be something like "We are in business with company X for the purpose of selling your financial information", so the exception totally swallows the rule.
• Ha-ha, you lose.

So now the deadline is approaching, and lots of financial institutions are sending out privacy notices as required by law. Some small percent of institutions are sending out opt-out notifications, allowing you to "opt-out". I believe that most institutions are not sending opt-out notices, because frankly, they don't need to - any use of your financial data can be covered under the no-opt-out-required if the bank sets it up properly. None of the several institutions I do business with provided me with any opportunity to opt-out, although all warned me that they would sell my financial information. Here's a direct quote from one:

"We do not share any personal information about you or our former members with third parties except as permitted or required by law, and as necessary for business purposes."

So they share my information "as permitted by law", for any business purpose. Translation: they promise not to violate the law, and to attempt to make money. Wow, what an incredible commitment to privacy. Of course, you might not get to this sentence if you only read the beginning of the notice, which starts out "[Bank] is committed to protecting the privacy of your personal information."

My guess is that very few of these notices contain any meaningful commitment to privacy. Read them carefully. If you get an opt-out notice, do it - it won't have any effect on what actually happens to information about your bank account, credit history, credit card purchases, etc., but the industry is using the low return rate of opt-out notices as a statement that customers don't care about privacy (when in fact, most people probably just throw away these tiny-print legalese forms). I don't really have any other advice - I very much doubt that you'll be able to locate any banking institution that would be reasonably convenient for you to deal with that will in any way respect your privacy.

Another point...

[Masem]

The law basically says that if you opt-out of this sharing prior to July 1st, all data about you that that institution has, past and present, is protected. After July 1st, you can still opt-out, though it might require more than just a phone call, but only data *after* the date you opt-out is protected, all previous data is fair game, including data prior to July 1st.

In other words, *today* get on the phone and web sites and figure out how to get on the lists.

Re:What's wrong with this?

[sphealey]

"Where's the problem? It's a free market, companies should be able to do what they want to do, and if you don't like it, don't use that company. Find a small family run FDIC insured bank, or better yet, a credit union that promises not to do it. If they do share, then leave."

50 years ago, that might have been true. It was possible to live a quiet life, taking your paycheck in cash, paying rent in cash, riding the bus/trolley everywhere, shopping at the local mom-n-pop grocery.

That is essentially no longer possible in the Western world, today. Employers no longer pay in cash, so you have to have an account with some sort of financial institution, which in turn is required to report various information about you to other organizations. Public transportation no longer exists, and where it does it doesn't reach the majority of jobs. Mom-n-pops no longer exist. You MUST have a credit card to rent a car, or even a movie.

And so on. For any one of these actions, you could say, "Well, don't do that. Or go to another provider". But when EVERYTHING you do requires providing information, there are only a few institutions for critical services (hint: Visa), and you realistically must do certain things to stay alive, then you don't really have a choice.

The wilds of Montana can only support a few hunderd thousand people; most of the population is forced to live where they can actually make a living. And there are no realistic options to giving up information about oneself in many circumstances. This is why people form govenrments, BTW (read Hobbes).

sPh

I work for one such firm

[Archfeld]

and they quietly notified us employees of this several months ago, and then seem ASTONISHED at the incredible response they received, like 85% of the employees responded in writing that they would not allow the sharing of confidential info.
Not that it seemed to matter one bit, nor did the Management seem to learn anything. They consider your information an asset these days which is true, it is JUST YOUR ASSET not theirs. Some sharing of info MUST happen for banks and such to function, but the wholesale data marting of all your info is what NCAG is looking for, and the won't be happy until the believe they know everything about you :(

Re:Has anyone tried the Nader letter?

[Tackhead]

> Has anyone tried sending the Nader letter to a financial institution, in place of that institution's preprinted form? What was your experience? Did you receive any sort of response, positive or negative?

I wrote an opt-out letter to my bank a few weeks ago.

I received no acknowledgement whatsoever. I have no idea whether it was even received, let alone whether my opt-out decision will be honored.

And if my bank decides to ignore my opting-out, how will I prove it? (And even if I could prove it, what good would it do, as GLB doesn't allow for a right of private action, so I can't sue the bastards into compliance.)

This is why I believe opt-out to be a cop-out, and that opt-in is the only acceptable standard.

When dealing with spammers, "remove lists" don't work. Because spammers lie. (Oh, you opted out of HOT T33NZ spam. We'll now spam you on behalf of H0T T3ENS. Opt out of that, and the H0T TE3NZ list will spam you...)

When dealing with DMA marketroids, "opt-out" doesn't work. For precisely the same reasons.

Trade in the overalls for a suit and tie, the KFC and Bud for filet mignon and Cabernet Sauvignon, and the trailer park for an office tower, and you've got the Direct Marketing Association.

Rule #1: Spammers lie.
Rule #2: If you think a spammer is telling the truth, see Rule #1
. Rule #3: Spammers are St00pid.
.

DMA or chickenboner, they're all the same to me.

Credit Bureaus

[mfinke]

According to a print Newsweek article I'm looking at, you can notify all three credit bureaus with the following phone number: 1-888-567-8688 (1-888-5 optout).

Re:What's wrong with this?

[dada21]

Umm, why do I need to rent a car, or a movie? If you're renting someone else's expensive goods, then why shouldn't they know more about you, to trust you, etc?

You CAN pay cash for nearly everything. Don't get a car loan, save up $400 a month for 5 years, and then go buy a car cash, and while you drive that car for 5 years, save up another $20,000 (plus interest) to buy your next car.

I provide as little information as possible. You can even get a credit card, by the way, without giving ANY information if you are willing to get it fully secured. I have a few friends who have secured cards with no real information on them, sure they'll never get their security deposit back, but hey, $1000 or whatever it is for 10-20 years of use on a secured card isn't such a bad penalty to pay so you don't have your real info out there.

If you want the quality of life you're living now, with credit lines, movie rental abilities, etc, then yes, you'll give up some privacy. If you really want privacy, there are MANY MANY ways to find it, and some of them are pretty sane.

Yeah!

[PopeAlien]

Do your research, stop trying to control "big business."

All these draconian 'rules' and 'laws' totaly interfere in profit-taking. I mean really, whats with that anyway.. I mean take crack for example.. Do you know what the profit margin is on crack? Its tremendous! And yet 'big business' is not 'allowed' to sell crack to school-children despite its huge potential for earnings. sheesh. commies.

Re:ignorant questions, no flames pls

[nanojath]

Here's a scenario: You get a bad spot on your credit record due to a bank error. You're lazy about balancing your checking account so you don't notice it for a couple months. By the time you do, the bank has sold information about you to a commercial information clearinghouse. It takes a month to clear the mistake up with the bank... at which point you realize that you'll never be able to track down everywhere this bad information has ended up, as the clearinghouse has no contract with you and no motivation to disclose their customers.

Your bank enters into a business arrangement with an internet start-up. When their silly business model fails and they're gasping out the last of their venture capital funding, they sell all of the personal information they've amassed, including your records, with Spamorama Inc. Next time you open your e-mail you've got to sift through 2,000 porn ads, health fads, and bad financial offers.

But the little money the start-up makes is enough to keep them limping along... Until their weak firewall gets hacked, at which point a black-hat hacker has your address, phone numbers, e-mails, SSN, credit history... If you've ever known someone who got ripped off by someone getting a credit account in their names, you know that the credit provider comes on with the attitude and assumption of guilty until proven innocent. They're hard-pressed to prosecute but it can cause months and even years of headaches and screw up your credit rating - see scenario one for how even when you clear this up with the credit card company, you could still have bad paper about you floating around for years to come.

And on the more mundane level, ask yourself this simple question: Do you generally enjoy or dislike business solicitations that you do not initiate? As in, telemarketers, spam e-mail, and junk mail. Because the bottom line of all this is empowering corporations to try to sell you things you didn't ask for. The net result will be an increase in unsolicited come-ons. How would you like to waste your time today?