Oct. 2, 2002
A collection of information about your financial affairs is a
valuable commercial commodity. It includes what's in your bank
accounts and on your credit cards, your deposits and withdrawals, your
purchases and investments, your car loans and mortgage payments.
Who owns that collection of information: you or the institution
that entered it on a database where a computer can retrieve it for
numerous commercial purposes? When that question was discussed at a
Financial Privacy hearing of the Senate Banking Committee on September
19, it was clear that banks think they own your financial information.
Think of the many ways that your financial "diary" can be turned
into big profits through targeted telemarketing. You can be solicited
to buy insurance designed for your particular family or economic
circumstance, to join a travel club, to make investments with cash from
CDs about to come due, to take out a second mortgage on your house, and
to buy magazines covering your favorite subjects.
A sales talk can be so efficient and persuasive when the salesman
is privy to accurate knowledge of your financial affairs, how much
ready cash you have, what is your income level, whether you travel, how
fast you pay your credit card invoices, and whether you own your home.
Now add another tool to the arsenal of the telemarketer. After
his persuasive powers are wearing down your resistance, he can directly
charge your account without having to request your signature, credit
card number, or other evidence that you consented to the purchase.
This practice is known in the trade as preacquired account
telemarketing. Before he called you, the telemarketer preacquired your
account number from your bank (which is getting its cut of the profit)
so you wouldn't have to bother with the nuisance of personally
providing your credit card number.
It isn't hard to figure out that senior citizens are especially
vulnerable to the salesmanship of telemarketers armed with preacquired
account numbers. All the more so if the elderly are unsuspicious, hard
of hearing, absent-minded, or when English is their second language.
The Minnesota Attorney General discovered that during one 13-month
period one bank had to cancel 173,543 membership clubs and insurance
policies charged to the accounts of customers who had not authorized or
did not want the purchase. An 80-year-old retired janitor was sold a
home protection plan even though he lived in a nursing home, an auto
club membership even though he had no car, and a dental plan even
though he had no teeth.
Does it occur to you that this practice ought to be reported to a
better business bureau? Don't waste your phone call.
The Gramm-Leach-Bliley Act (GLB) passed in 1999 makes it perfectly
legal for financial institutions to share and sell your financial
information so long as privacy notices were sent out by July 1, 2001
notifying you of your right to opt out of selling it to third parties.
You are not permitted to opt out of sharing and selling your financial
information with the bank's affiliated companies (and CitiGroup has
The banks and other financial institutions duly complied with the
law and sent out 2.5 billion notices. You probably got some of those
privacy notices; the average person received 16.
Those complicated, lengthy, non-user-friendly privacy notices were
written in language that takes a high education level to understand,
and were usually printed in the same small type that the drug companies
use to describe the side effects of your prescription drugs. To no
one's surprise, less than two percent of recipients opted out.
At the Banking Committee hearing, the Attorneys General of
Minnesota and Vermont asked Congress to change the law from opt-out to
opt-in, that is, to prohibit the banks from sharing your information
with solicitors unless you affirmatively give the bank permission. The
bankers' lobbyists opposed this, arguing that opt-in and opt-out give
the customer the same control over his information.
The big difference between opt-in and opt-out is the default
(i.e., what happens when the customer doesn't respond), and anyone who
uses a computer knows how powerful the default mechanism is. When you
do nothing, the opt-in default leaves the financial information in the
hands of the customer who can then share it with whomever he wishes,
while the opt-out default leaves your financial information in the
hands of the bank to traffic in and make money on.
The bankers' representatives argued that this system enables your
bank to offer "bundled services at a single lower price than if
provided on an a la carte basis." But a la carte equals consumer
choice and business competition, while bundled services means making
you buy services you don't want.
Several states, notably North Dakota, have enacted privacy
legislation stronger than the federal GLB law, or have initiated
lawsuits against banks that overtly deceived their customers. The
bankers are lobbying furiously to get Congress to pass new legislation
to preempt state law.
Personal financial information is a property rights issue, and
Americans should speak up to defend their property rights in their own