Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank



Home > Regulation & Examinations > Laws & Regulations > FDIC Federal Register Citations




FDIC Federal Register Citations


Hillcrest Bank


March 29, 2004

Robert E. Feldman, Executive Secretary
ATTN: Comments/Executive Secretary Section
Federal Deposit Insurance Corporation
550 17th St., NW
Washington, DC 20429

RE: Alternative Forms of Privacy Notices

Dear Mr. Feldman,

Thank you for the opportunity to submit comment on the advanced notice of proposed rulemaking (ANPR) regarding privacy. Hillcrest Bank is a Kansas chartered commercial bank with close to one billion dollars in assets. We have branches in the Kansas City and Wichita metropolitan areas. We have submitted comment on numerous issues you presented in the ANPR.

Goals of a Privacy Notice

We believe the primary goal of a privacy notice is to tell the customer what happens to the nonpublic personal information they provide to us as part of our financial service relationship. We believe the customer wants to trust us to treat their nonpublic personal information securely and confidentially, as they themselves would. As such, we believe the secondary goal of a privacy notice is to inform the customer whether a financial institution shares this information outside of the allowable exceptions and how the customer can opt out of such information sharing.

Hillcrest Bank does not share nonpublic personal information about consumers with nonaffiliated third parties outside of the exceptions so we are not required to provide an opt out capability to consumers or customers. We used the sample clauses from the final regulation in our initial privacy notice in 2001. Even so, we received numerous requests from our customers to provide the ability to opt out. It appeared to us that customers were confused as to their rights under the Act. For example, many customers requested that we not disclose any nonpublic personal information for any reason. We spent a great deal of time explaining to these customers that we must provide nonpublic personal information in some cases in order to provide the financial services they have requested and that the final regulation rightly allows this exception to opt out. The most common example we gave of nonpublic personal information disclosure is that we provide an unaffiliated third party with the customer’s account number in order to obtain checks for their checking accounts. Providing examples of servicing and processing transactions not subject to opt out has alleviated our customers concerns, but it is apparent to us that many people simply do not want their nonpublic information shared. The theme behind most of the customers concerns is that they are tired of receiving marketing solicitations by phone and mail and do not want banks to promote this activity with third parties. In response to customer requests, we now offer customers the choice whether to opt out of our own marketing or joint marketing campaigns. Further, we developed our own plain language annual notice for 2002 and used it again in 2003. We have received substantially fewer comments and opt out requests since improving our privacy notice to make it more readable and useful to consumers. Thus, while we believe improvement can be made regarding privacy notices, we appreciate the flexibility the current regulation provides us in designing a privacy notice for our specific use and do not support the Agencies’ development of a short notice. We do not believe it makes sense to develop an additional notice when an existing notice is already effective.

We know of no differences between federal and Kansas or Missouri laws that would pose any special issues for developing a short privacy notice.

We believe the most important way a privacy notice would be useful to a consumer is to inform the consumer about how their nonpublic personal information is treated and whether they can opt out of further disclosure. We believe the least important way a privacy notice would be useful is to provide a mechanism for the consumer to opt out in the same medium used to provide the privacy notice.

Elements of a Privacy Notice

We are not in favor of pursuing a short notice, however, if the Agencies decide to do so, we believe the key element should be how a financial institution shares nonpublic personal information about a consumer. We believe this is the key element from the perspective of the financial institution and the consumer. We believe that elements deemed important enough to be included in the development of an additional notice should be given equal prominence to one another.

Language of a Privacy Notice

We believe that if the Agencies decide to pursue a short notice, financial institutions should be required to use standardized clauses rather than develop its own language.

Format of a Privacy Notice

We would not be in favor of developing a standard graphic design. We don’t believe this will assist a consumer in determining privacy policy and practice differences between financial institutions. We believe it may be more advantageous to a consumer to have visually recognizable graphics to recall one financial institution’s short notice from another.

Our current privacy notice is a tri-folded, double-sided, 8 ½” x 11” page with at least a 12-point font size. Thus, if a short notice is developed, we believe it should be limited to a single, double-sided, 3 ¾” x 8 ½” sheet, or, a third of the size of our current notice.

We believe elements of a privacy notice required by state law should be allowed to be included in a short notice. This may be accomplished by listing such elements under a heading such as “State Law Requirements.”

If a short notice is developed, we prefer the format described in Appendix A.

Mandatory or Permissible Aspects of a Privacy Notice

We believe a short notice should not be mandatory for all financial institutions. It is our opinion that for financial institutions, like our own, that do not disclose information to third parties that would be subject to a consumer’s right to opt out under the Fair Credit Reporting Act or the Gramm Leach Bliley Act, a short notice would essentially be unnecessary as the current, standard, complete privacy notice is likely already short. We believe the agencies should allow such financial institutions to continue to use the simple, abbreviated notices they currently use and be exempt from short notices.

If a short notice is made mandatory, we believe all the language and the format for such should be mandatory in order to provide simple comparisons. We believe, however, that it is best to continue to allow financial institutions the flexibility to design their own complete privacy notice.

As noted earlier, we now offer customers the choice whether to opt out of our own marketing or joint marketing campaigns. If a short notice is mandated, we would like to be able to include this information in our short notice.

Costs and Benefits of a Short Notice

The cost of developing a privacy notice for distribution at account opening, upon request, and for annual mailing does impose a significant burden on financial institutions. The costs of developing a short notice would most certainly be affected by whether the notice is mandatory. If it is not made mandatory, we believe that many financial institutions will not develop a short notice, and if their complete privacy notice is sufficient, they would be justified in not developing a new notice. If it is made mandatory in addition to a complete privacy notice, our costs to produce the disclosure will be significant. We do not believe that whether the format or language is standardized would affect the cost of development any differently than if we were allowed to design our own short notice.

Additional Information

We are pleased that you expect consumer testing will be a key component in developing proposed interpretations or amendments. Consumers, in many cases, receive numerous privacy notices throughout the year and we believe it will be advantageous to ask them about the effectiveness of the privacy notices they receive.

We respectfully request that you consider asking consumers if they would find it most useful to receive privacy notices annually or only upon changes to privacy policies or practices. We are concerned that the number of notices received annually by a typical household diminishes the importance of their content. Essentially, we don’t believe customers will read each notice annually, compare previous notices to the current one to note changes (if the consumer has even kept previous notices), and act accordingly in response to any change in policy or practice. We believe the more notices received without changes, the less likely a customer will be to read the notice if/when a privacy policy change has been made. It is our belief that most privacy notices will be tossed in the trash and thus are of no benefit to the customer. As noted above, the cost of annual mailings does impose a significant burden on financial institutions and our concern is that the cost of an annual mailing outweighs the customer benefit. We would, of course, be open to always making a copy of our policy and practices available upon request in addition to being provided at account opening.

Sincerely,

Brad Bischoff
Compliance and Privacy Officer
Hillcrest Bank
Overland Park, KS

 

Last Updated 03/31/2004 regs@fdic.gov

Skip Footer back to content