|
via email
Terry L. Lutz
Juneau, AK 99801
COMMENTS ON PRIVACY NOTICES
Thank you for the opportunity to comment on this important issue. I
am a regulator of financial institutions for the state of Alaska, but am
commenting as a private citizen. These comments are not given in my
official capacity as a state regulator.
Until 2002, Alaska had one of the most restrictive statutes of all
the states concerning a banks use of the information it maintained on
its customers. A copy of the old and the amended statute can be found at
the end of this document. We amended the statute to more closely follow
the federal law, and to also have it apply to any entity we regulate.
These entities include; commercial banks, mutual savings banks, holding
companies, premium finance companies, small loan companies, trust
companies, credit unions, business development companies (BIDCOs), and
one other non-bank bank (Alaska Commercial Fishing and Agriculture Bank
(CFAB). One aspect we retained, was that for those things not covered in
federal law allowing a financial institution to share information with
non affiliates and others, unless the customer opted out, we retained a
requirement that the customer must “opt-in” for the financial
institution to legally share information with non affiliated 3rd
parties.
When the original rash of notices hit the mail, I collected as many
of the notices as I could get my hands on. The difficulty of
understanding the notices ranged from difficult, to being totally
incomprehensible. In addition to that problem, many, or perhaps most,
recipients of the notices did not realize what it was, as it appeared to
be a “junk mail stuffer,” thrown in the envelope, just like many
stuffers included with bank statements or credit card statements to try
to sell junk.
I asked many people I know what they thought about the notices, and I
do not recall any of them knowing what it was all about. Many did not
even know that they had received the notice until I explained to them
what it may have looked like and how it might have been titled. Those
people said they thought it was junk and just through it in the garbage.
I personally think that the federal law should require “opt-in.” If
it were, the entities would have more interest in making the notices
understandable!
The way the law is written with “opt-out,” rather than “opt-in,”
coupled with the way the notices were written, the public did not
understand their rights, or even know that how their information was
being used. In addition, the law, as written, is much more favorable to
the big banks that have many affiliates. As the line between banking and
other types services further erodes, big banks will soon be able to
share information with nearly any type of business, such as the “Wall
Mars” of the world. Even sharing information with insurance affiliates
is absurd. It is hard to understand, at a time when there are so many
problems with ID theft; the federal government is making it easier by
allowing banks, or anybody else to share customer information.
Notices should have an eye catching title in big bold print, that
will inform the recipients of the importance and be as concise as
possible, while still informing those affected of what an institution is
allowed to do. As a regulator, and having been involved with amending
our law, I knew what to look for, and where possible, I opted out of
everything I was given the opportunity to do such.
Notices should, in plain English, explain what information will be
shared, and with whom it will be shared. It should not use wording such
as “affiliates,” and “unaffiliated 3rd parties.” The notice should not
contain verbiage that simply states they will share information that is
legally shared.
I am not sure, even today, under federal law, what information can be
shared, and with whom it can be shared. The law, and the notices should
be written that at least a person of high school age knows what their
rights are, what a bank will share, and with whom.
If a financial institution is going to share any personal customer
information, with any person/entity, a notice should be something like
the following.
AN IMPORTANT NOTICE
YOUR PERSONAL INFORMATION WILL BE SHARED!
Personal confidential customer information, by federal law, may be
shared, read carefully.
“Federal law states that we may share the following information
concerning you!”
YOUR PERSONAL FINANCIAL INFORMATION
YOUR TELEPHONE NUMBERS
YOUR ADDRESSES
YOUR SOCIAL SECURITY NUMBER
Etc, etc.
Who may, or will we share that information with?
XYZ Insurance Company
Wall Mart
UVW Investment Company
Etc., etc.
IF YOU DO NOT “OPT-OUT,” WE WILL/MAY SHARE INFORMATION ABOUT YOU WITH
OTHER COMPANIES!
Non-confidential customer information about you, by federal law, may
be shared, read carefully.
“Federal law state we may share the following information concerning
you with anybody we wish!”
YOUR TELEPHONE NUMBERS
YOUR ADDRESSES
Etc., etc.
Who may, or will we share that information with?
“List names of specific entities that the financial institution will
share information with”
OR,
“a statement to the effect that they will share with anybody, or any
entity they wish.”
HOW DO I “OPT-OUT?”
You may, at any time, “opt-out” in any one of the following ways:
EMAIL US AT: xyz@yourbank.com
TELEPHONE US AT: (800) 555-555
WRITE US, USING THE ATTACHED FORM, AT: ADDRESS
IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE, PLEASE CONTACT US, THE
FDIC, OR FTC AT:
“List a toll free telephones number, email addresses, and mailing
addresses.
All contact numbers for customers should be required to include a
toll free telephone number. The notice should also contain a statement
on how they can obtain more information directly from the government.
Again, thank you for this opportunity to comment on this important
matter.
Sincerely,
Terry L. Lutz
ALASKA’S CONFIDENTIALITY STATUTE PRIOR TO 2002
Sec. 06.05.175. Depositor and customer records confidential.
(a) The bank records pertaining to depositors and customers are
confidential and may not be made public except when
(1) the bank, customer, or depositor is compelled to disclose the
contents of the records by a court order;
(2) their disclosure is required by federal or state law or
regulation;
(3) disclosure is authorized in writing by the depositor or customer;
(4) disclosure is made to the holder of a negotiable instrument drawn
on the bank as to whether the drawer has sufficient funds in the bank to
cover the instrument; or
(5) an inquiry has been made by a bank, savings association, or
savings and loan association regulated under this title, or by a
credit-reporting agency regulated under 15 U.S.C.1681-1681t (Fair Credit
Reporting Act) solely for the express purpose of determining the credit
worthiness of the depositor or customer as an applicant for credit, and
the information disclosed by the bank or the entity making the inquiry
under this paragraph pertains only to the payment habits of the
depositor or customer in connection with loans and other credit
accommodations and does not pertain to records concerning deposit
balances in savings or checking accounts.
(b) When disclosure of bank records is required or allowed under
(a)(1) or (2) of this section, the bank shall notify the depositor or
customer of the disclosure. If notification before disclosure is not
possible, the bank shall immediately notify the customer or depositor of
the disclosure or inquiry. However, notification may not be made if
disclosure is made under a search warrant or under a court order issued
at the behest of a grand jury.
(c) [Repealed, Sec. 102 ch 26 SLA 1993].
(d) When disclosure of bank records is compelled by a court order
under (a)(1) of this section, the court shall provide in the order for
the reimbursement of the bank for the reasonable costs incurred in
complying with the order.
ALASKA’S CURRENT CONFIDENTIALITY STATUTE
Sec. 06.01.028. Depositor and customer records confidential.
(a) The records of financial institutions relating to their
depositors and customers and the information in the records are
confidential. A financial institution may not disclose the records and
information to another person except when, and only to the extent that,
the disclosure is
(1) authorized in writing by the depositor or customer;
(2) required by federal or state statute or regulation or by an order
directed to the financial institution and issued by a court or
administrative agency of competent jurisdiction;
(3) made to the holder of a negotiable instrument drawn on the
financial institution as to whether the drawer has sufficient funds in
the financial institution to cover the instrument;
(4) made to a consumer reporting agency regulated under 15 U.S.C.
1681 - 1681u (Fair Credit Reporting Act); or
(5) made in connection with the maintenance or servicing of the
depositor's or customer's account with the financial institution, or
with another entity as part of a private label credit card or other
extension of credit on behalf of the entity.
(b) When disclosure of financial institution records is compelled by
a subpoena, a search warrant, or another court or administrative agency
order under (a)(2) of this section, the court or administrative agency
shall provide in the order for the reimbursement of the financial
institution for the reasonable costs incurred in complying with the
order. Nothing in this subsection imposes a reimbursement obligation on
a government agency, or abrogates an otherwise established reimbursement
obligation of a government agency, when the financial institution is the
subject of an audit, examination, or investigation and disclosure is
sought under a federal or state law or regulation.
(c) Unless otherwise provided in this subsection, when disclosure of
financial institution records is required under a court or
administrative agency order under (a)(2) of this section, the financial
institution shall notify the depositor or customer of the disclosure
before the disclosure is made. If notification before disclosure is not
possible, the financial institution shall notify the customer or
depositor of the disclosure as soon as practicable after the disclosure
is made. However, notification either before or after disclosure may not
be made if disclosure is made under a court or administrative agency
order under (a)(2) of this section and the document requiring disclosure
requires on its face that the financial institution not notify or inform
the depositor or customer, or the document requiring disclosure is, or
is accompanied by, a court order that expressly directs the financial
institution not to notify or inform the depositor or customer.
(d) Nothing in (a) - (c) of this section prohibits a financial
institution from disclosing information to a person if
(1) the disclosure is necessary to
(A) provide the services of the financial institution to a depositor
or customer; or
(B) market financially related products or services of the financial
institution and its marketing partners; and
(2) the person receiving the information has a written agreement with
the financial institution to be bound by the requirements of (a) - (c)
of this section.
(e) Nothing in this section authorizes the disclosure of information
if disclosure is prohibited by 15 U.S.C. 6801 - 6827 or the regulations
adopted under those sections.
(f) A financial institution or any other person who violates this
section is liable to a depositor or customer for damages caused by the
disclosure of the confidential records or information of the financial
institution pertaining to the depositor or customer. A financial
institution or other person who takes an action under this section while
relying in good faith on any provision of this section is not liable
under this section to any person for the action.
(g) In this section, "financial institution" means a person subject
to the regulation of the department under this title, including a BIDCO
licensed under AS 10.13 (Alaska BIDCO Act).
History -
(Sec. 4 ch 75 SLA 2002)
Cross References -
For the effect of subsection (b) of this section on Rule 45, Alaska
Rules of Civil Procedure, Rules 17 and 37, Alaska Rules of Criminal
Procedure, and Rule 24, Alaska Bar Rules, see Sec. 56, ch. 75, SLA 2002,
in the 2002 Temporary and Special Acts.
Effective Date Notes -
Section 60, ch. 75, SLA 2002 makes this section effective July 1,
2002.
Collateral Refs -
Banks liability under state law for disclosure of financial
information concerning depositor or customer. 81 ALR4th 377.
Search and seizure of bank records pertaining to customer as
violation of customer's rights under state law. 33 ALR5th 453.
|
