Wachovia Corporation
Public
Information Room
Office of the Comptroller of the Currency
250 E Street, SW
Mail Stop 1-5
Washington, DC 20219
Attention: Docket No. 03-27
Becky Baker, Secretary of the Board
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428
Regulation Comments
Chief Counsel’s Office
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552
Attention: No. 2003-62
Federal Trade Commission
Office of the Secretary
Room 159-H
600 Pennsylvania Avenue, NW
Washington, DC 20580
Jennifer J. Johnson, Secretary
Board of Governors of the Federal Reserve System
20th Street and Constitution Avenue, NW
Washington, DC 20551
Re: Docket No. R-1173
Jean A. Webb, Secretary
Commodity Futures Trading Commission
Three Lafayette Centre
1155 21st Street, NW
Washington, DC 20581
Robert E. Feldman,
Executive Secretary
Attention: Comments/Executive Secretary Section
Federal Deposit Insurance Corporation
550 17th Street, NW
Washington, DC 20429
Jonathan G. Katz, Secretary
Securities and Exchange Commission
450 5th Street, NW
Washington, DC 20549-0609
Attention: File No. S7-30-03
Re: Interagency Proposal to Consider Alternative Forms
of Privacy Notices
Dear Sir or Madam:
This comment
letter is submitted to the Board of Governors of the Federal Reserve
System
(the “Board”), the Federal Deposit
Insurance Corporation (“FDIC”), the Office of the Comptroller
of the Currency (“OCC”), the Office of Thrift Supervision
(“OTS”), the Securities and Exchange Commission, (“SEC”),
the Federal Trade Commission (“FTC”), the Commodity Futures
Trading Commission (“CFTC”), and the National Credit
Union Administration (“NCUA”) (collectively, the “Agencies”)
on behalf of Wachovia Corporation, Wachovia Bank, N.A. and their
subsidiary companies (collectively referred to as “Wachovia”).
Wachovia is pleased to provide comments on the Interagency Proposal
to Consider Alternative Forms of Privacy Notices under the Gramm-Leach-Bliley
Act (“GLBA”) issued on December 23, 2003 (“Interagency
Proposal”).
Although Wachovia strongly supports developing options to provide
consumers with shorter and clearer notices, Wachovia believes mandated
changes in privacy notices required by GLBA are not appropriate at
this time for the following reasons:
• The Agencies will be issuing new rules relating to information
sharing among affiliates during 2004 pursuant to the Fair and Accurate
Credit Transactions Act of 2003 (“FACT Act”). Efforts
to simplify GLBA notices should be delayed until financial institutions
have had ample time to assess and implement changes required to be
made to their privacy notices by the final FACT Act regulations.
Multiple changes to the privacy notices received by consumers ultimately
reduce the efficacy of any privacy notice and undermine any attempt
to simplify privacy notices.
• State laws may impose notice requirements that contradict provisions
for federal short form notices, effectively making impractical the
ability to create short form notices and defeating efforts to deliver
a short and clear notice to consumers. A proposed rule on short form
notices should not be implemented unless it preempts state privacy
laws.
Wachovia also believes that focused consumer research should be
conducted to determine which components of privacy notices are of
value to consumers and how consumers would prefer to receive notices,
prior to making substantive changes in the privacy notice regulations.
Based on our experience with customers, Wachovia has found that customers
are most interested in 1) the options they have to limit being contacted
for marketing and how to exercise those choices, and 2) how to protect
themselves from fraud, including identity theft. Wachovia recommends
that changes to the notices focus on addressing those identified
preferences and that the Agencies consider discontinuing the requirements
for those provisions in notices in which consumers have expressed
limited interest. For example, our experience has demonstrated that
consumers have expressed little interest in the categories of information
shared with affiliates.
Consideration of the Proposal should be Deferred
Consideration of the Interagency Proposal should be deferred until
1) regulators have issued final regulations under the FACT Act that
address affiliate sharing issues, 2) additional research can be conducted
on consumer preferences with respect to the content of privacy notices
that incorporate FACT Act changes, and 3) appropriate steps are taken
to preempt state laws that may impede implementation of shortened
privacy notices.
Section 214 of the FACT Act imposes new restrictions on sharing
customer information among affiliates and requires a new notice prior
to continued sharing. The regulations that will implement Section
214 will directly impact the content and format of the privacy notices
that are the subject of this ANPR. Until the regulations to be promulgated
under Section 214 are in final form, financial institutions will
not know what the final requirements are and what resources will
be necessary to implement the regulations. Consideration of this
proposal should be deferred until completion of the rule making under
the FACT Act, and financial institutions have had experience with
consumer response to the new requirements.
Upon completion of the Section 214 rule making, regulators can effectively
evaluate consumer needs with respect to privacy notices and fully
consider the applicable privacy laws. Broad consumer research that
fully considers the current legal requirements should be conducted
prior to directing financial institutions to implement potentially
costly changes in the manner and format of delivering privacy notices.
State Law Preemption
Wachovia believes
that regulations directing simplified privacy notices will not
be practical
unless they preempt state laws. GLBA
and FCRA provide national standards for the protection of a consumer’s
financial information and facilitate the efficient delivery of financial
services for the benefit of consumers. Federal preemption of inconsistent
state privacy laws is of critical importance to consumers and the
financial services industry.
Several states are actively engaged in enacting their own privacy
laws which would affect the content of privacy notices. In certain
cases, these proposals would even dictate the form of privacy notices.
These state law requirements could undermine the effectiveness of
federal efforts to simplify privacy notices. Multiple, additional
state restrictions will be chaotic for consumers who wish to do business
with financial institutions in various states. Financial institutions
that prefer to send a single notice to all of their customers would
have to incorporate overlapping or confusing requirements from applicable
states into the same notice. Preemption of state laws will assist
consumers by limiting the number of different forms and notices they
receive.
General
Considerations for Improving Privacy Notices - - Wachovia’s
Experience
Financial institution practices vary as to how they handle consumer
information, and accordingly, financial institutions should be allowed
flexibility in how they inform customers of their privacy practices.
The current rules on privacy notices provide a financial institution
the discretion necessary to best present each aspect of its privacy
practices.
A single, short
uniform notice that each financial institution has to use would
likely
force many financial institutions to present
their privacy practices without adequate explanation. In certain
cases, a financial institution might be required to state that it
follows an information disclosure practice without being able to
explain why it may be valuable. This may cause the financial institution’s
practices to appear inappropriately unfavorable to consumers as compared
to certain other institutions. This requirement could be particularly
disadvantageous to smaller institutions that have to rely on outsourcing
and partnership arrangements. In addition, a single short uniform
notice would likely result in high-level and homogenous statements
by most institutions, thereby depriving consumers of the opportunity
to adequately understand a privacy practice.
The flexibility currently allowed under GLBA in drafting privacy
notices allows financial institutions to consider the needs of their
customers and to respond accordingly. For example, Wachovia has used
consumer focus groups to identify the sections of privacy notices
that customers find to be most valuable. Customers have told us that
they are most interested in the options they have about being marketed
to, how they can exercise those options, and how to protect themselves
from identity theft and what to do if they become a victim.
In response to these preferences, Wachovia has implemented several
changes to its privacy notice that we believe would be valuable for
the Agencies to consider.
1. Introduction Summary
Based on priorities
identified by consumer groups providing feedback to Wachovia, we
created a
privacy notice that begins with a section
referred to as “Privacy at a Glance”. This section addresses
the specific concerns about how to direct the manner in which Wachovia
markets to the customer and how a customer can avoid becoming a victim
of identity theft. This approach has been well received as evidenced
by the recent Consumer Trust Survey, which in evaluating Wachovia’s
website, concluded:
The study's authors cited wachovia.com's privacy policy as a positive
example. It addresses privacy concerns in clear, straightforward
language, and informs customers almost immediately how they can direct
the bank to withhold their personal information from others seeking
to use it for marketing campaigns.
“Survey Finds 'Mixed Bag' in Banks' Commitment to Online Privacy,
Service,” The Orlando Sentinel, January 14, 2004.
2. Removing Unnecessary Information
In our focus groups, consumers indicated that several of the current
requirements in privacy notices were not of significant concern.
We believe that these requirements could be removed from the privacy
notices and still adequately inform consumers of their rights. These
requirements include:
• The regulations
should not require that affiliates be categorized or that the information
shared with them be categorized. These provisions
unnecessarily complicate and lengthen the notices and do not provide
particularly meaningful information for consumers.
• The regulations should not require financial institutions to categorize
the companies that perform services on their behalf and the categories
of information that are disclosed to them. Companies use vendors
for many marketing-related functions. GLBA does not give consumers
a right to opt-out of this sharing. To include this information in
notices confuses consumers and distracts from the opt out choices
that consumers find important.
3. Techniques to Draw Attention
While we do not
believe regulations should be so detailed as to direct financial
institutions
to employ specific technologies and
presentation styles, the Agencies could provide helpful suggestions
to financial institutions for techniques designed to make privacy
notices more accessible, readable and useful. For example, in the
Privacy at a Glance section and throughout the Wachovia privacy policy
Wachovia utilizes subtitles and bolding to draw attention to major
sections in order that consumers can find what they are looking for
quickly and easily. As well, Wachovia incorporates hyperlinks into
its online privacy policy that allow consumers to move quickly to
the information they are seeking. Finally, Wachovia also attempts
to describe its policy in short but informative bullet points in
order that the consumer can focus on the relevant policy governing
Wachovia’s use of the customer’s information.
4. Standardized Format
Although Wachovia
believes that current issues about the adequacy of privacy notices
are limited,
historically some groups have expressed
concern about the ability of consumers to find the information that
they wish to find in privacy notices. For example, groups have complained
that it can be difficult to find opt out choices in some privacy
notices. Wachovia believes it has addressed this concern through
its creation of the “Privacy at a Glance” section at
the beginning of its privacy notice. Nevertheless, Wachovia believes
that consumers would benefit from establishment of a standardized
format for privacy notices that allows financial institutions to
provide their own descriptions of their privacy policies and practices.
The example attached as Appendix C to the ANPR provides a useful
starting point for creating a standardized format.
Consumers have not expressed a need to compare directly privacy
notices of competing financial institutions. Therefore, Wachovia
does not believe that there is a benefit in attempting to create
standard sets of clauses that fairly describe all privacy practices.
Instead, consumers would like to know where to find the sections
that are of the greatest value to them so they can make decisions
about how their information may be handled.
Conclusion
Wachovia supports efforts to improve privacy notices to better inform
consumers about their rights. However, Wachovia recommends that efforts
to modify the requirements for privacy notices be deferred until
1) FACT Act rule making with respect to affiliate sharing is completed,
2) consumer research can be conducted in the context of the new FACT
Act rules, and 3) additional steps can be taken to preempt state
laws that would prevent providing a single short notice.
Wachovia appreciates the opportunity to respond to this proposal.
Should you wish to discuss any elements of this letter further, feel
free to contact Jeff Glaser, Vice President and Assistant General
Counsel (704) 374-4642, or me at (704) 374-4645, at your convenience.
Very truly yours,
Campbell Tucker
Director, Privacy Office
Wachovia Corporation
|
