Federal Deposit
Insurance Corporation

Wachovia Corporation


Public Information Room
Office of the Comptroller of the Currency
250 E Street, SW
Mail Stop 1-5
Washington, DC 20219
Attention: Docket No. 03-27

Becky Baker, Secretary of the Board
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428

Regulation Comments
Chief Counsel’s Office
Office of Thrift Supervision
1700 G Street, NW
Washington, DC 20552
Attention: No. 2003-62

Federal Trade Commission
Office of the Secretary
Room 159-H
600 Pennsylvania Avenue, NW
Washington, DC 20580

Jennifer J. Johnson, Secretary
Board of Governors of the Federal Reserve System
20th Street and Constitution Avenue, NW
Washington, DC 20551
Re: Docket No. R-1173

Jean A. Webb, Secretary
Commodity Futures Trading Commission
Three Lafayette Centre
1155 21st Street, NW
Washington, DC 20581

Robert E. Feldman, Executive Secretary
Attention: Comments/Executive Secretary Section
Federal Deposit Insurance Corporation
550 17th Street, NW
Washington, DC 20429

Jonathan G. Katz, Secretary
Securities and Exchange Commission
450 5th Street, NW
Washington, DC 20549-0609
Attention: File No. S7-30-03

Re: Interagency Proposal to Consider Alternative Forms of Privacy Notices

Dear Sir or Madam:

This comment letter is submitted to the Board of Governors of the Federal Reserve System (the “Board”), the Federal Deposit Insurance Corporation (“FDIC”), the Office of the Comptroller of the Currency (“OCC”), the Office of Thrift Supervision (“OTS”), the Securities and Exchange Commission, (“SEC”), the Federal Trade Commission (“FTC”), the Commodity Futures Trading Commission (“CFTC”), and the National Credit Union Administration (“NCUA”) (collectively, the “Agencies”) on behalf of Wachovia Corporation, Wachovia Bank, N.A. and their subsidiary companies (collectively referred to as “Wachovia”). Wachovia is pleased to provide comments on the Interagency Proposal to Consider Alternative Forms of Privacy Notices under the Gramm-Leach-Bliley Act (“GLBA”) issued on December 23, 2003 (“Interagency Proposal”).

Although Wachovia strongly supports developing options to provide consumers with shorter and clearer notices, Wachovia believes mandated changes in privacy notices required by GLBA are not appropriate at this time for the following reasons:

• The Agencies will be issuing new rules relating to information sharing among affiliates during 2004 pursuant to the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”). Efforts to simplify GLBA notices should be delayed until financial institutions have had ample time to assess and implement changes required to be made to their privacy notices by the final FACT Act regulations. Multiple changes to the privacy notices received by consumers ultimately reduce the efficacy of any privacy notice and undermine any attempt to simplify privacy notices.

• State laws may impose notice requirements that contradict provisions for federal short form notices, effectively making impractical the ability to create short form notices and defeating efforts to deliver a short and clear notice to consumers. A proposed rule on short form notices should not be implemented unless it preempts state privacy laws.

Wachovia also believes that focused consumer research should be conducted to determine which components of privacy notices are of value to consumers and how consumers would prefer to receive notices, prior to making substantive changes in the privacy notice regulations. Based on our experience with customers, Wachovia has found that customers are most interested in 1) the options they have to limit being contacted for marketing and how to exercise those choices, and 2) how to protect themselves from fraud, including identity theft. Wachovia recommends that changes to the notices focus on addressing those identified preferences and that the Agencies consider discontinuing the requirements for those provisions in notices in which consumers have expressed limited interest. For example, our experience has demonstrated that consumers have expressed little interest in the categories of information shared with affiliates.

Consideration of the Proposal should be Deferred

Consideration of the Interagency Proposal should be deferred until 1) regulators have issued final regulations under the FACT Act that address affiliate sharing issues, 2) additional research can be conducted on consumer preferences with respect to the content of privacy notices that incorporate FACT Act changes, and 3) appropriate steps are taken to preempt state laws that may impede implementation of shortened privacy notices.

Section 214 of the FACT Act imposes new restrictions on sharing customer information among affiliates and requires a new notice prior to continued sharing. The regulations that will implement Section 214 will directly impact the content and format of the privacy notices that are the subject of this ANPR. Until the regulations to be promulgated under Section 214 are in final form, financial institutions will not know what the final requirements are and what resources will be necessary to implement the regulations. Consideration of this proposal should be deferred until completion of the rule making under the FACT Act, and financial institutions have had experience with consumer response to the new requirements.

Upon completion of the Section 214 rule making, regulators can effectively evaluate consumer needs with respect to privacy notices and fully consider the applicable privacy laws. Broad consumer research that fully considers the current legal requirements should be conducted prior to directing financial institutions to implement potentially costly changes in the manner and format of delivering privacy notices.

State Law Preemption

Wachovia believes that regulations directing simplified privacy notices will not be practical unless they preempt state laws. GLBA and FCRA provide national standards for the protection of a consumer’s financial information and facilitate the efficient delivery of financial services for the benefit of consumers. Federal preemption of inconsistent state privacy laws is of critical importance to consumers and the financial services industry.

Several states are actively engaged in enacting their own privacy laws which would affect the content of privacy notices. In certain cases, these proposals would even dictate the form of privacy notices. These state law requirements could undermine the effectiveness of federal efforts to simplify privacy notices. Multiple, additional state restrictions will be chaotic for consumers who wish to do business with financial institutions in various states. Financial institutions that prefer to send a single notice to all of their customers would have to incorporate overlapping or confusing requirements from applicable states into the same notice. Preemption of state laws will assist consumers by limiting the number of different forms and notices they receive.

General Considerations for Improving Privacy Notices - - Wachovia’s Experience

Financial institution practices vary as to how they handle consumer information, and accordingly, financial institutions should be allowed flexibility in how they inform customers of their privacy practices. The current rules on privacy notices provide a financial institution the discretion necessary to best present each aspect of its privacy practices.

A single, short uniform notice that each financial institution has to use would likely force many financial institutions to present their privacy practices without adequate explanation. In certain cases, a financial institution might be required to state that it follows an information disclosure practice without being able to explain why it may be valuable. This may cause the financial institution’s practices to appear inappropriately unfavorable to consumers as compared to certain other institutions. This requirement could be particularly disadvantageous to smaller institutions that have to rely on outsourcing and partnership arrangements. In addition, a single short uniform notice would likely result in high-level and homogenous statements by most institutions, thereby depriving consumers of the opportunity to adequately understand a privacy practice.

The flexibility currently allowed under GLBA in drafting privacy notices allows financial institutions to consider the needs of their customers and to respond accordingly. For example, Wachovia has used consumer focus groups to identify the sections of privacy notices that customers find to be most valuable. Customers have told us that they are most interested in the options they have about being marketed to, how they can exercise those options, and how to protect themselves from identity theft and what to do if they become a victim.

In response to these preferences, Wachovia has implemented several changes to its privacy notice that we believe would be valuable for the Agencies to consider.

1. Introduction Summary

Based on priorities identified by consumer groups providing feedback to Wachovia, we created a privacy notice that begins with a section referred to as “Privacy at a Glance”. This section addresses the specific concerns about how to direct the manner in which Wachovia markets to the customer and how a customer can avoid becoming a victim of identity theft. This approach has been well received as evidenced by the recent Consumer Trust Survey, which in evaluating Wachovia’s website, concluded:

The study's authors cited wachovia.com's privacy policy as a positive example. It addresses privacy concerns in clear, straightforward language, and informs customers almost immediately how they can direct the bank to withhold their personal information from others seeking to use it for marketing campaigns.

“Survey Finds 'Mixed Bag' in Banks' Commitment to Online Privacy, Service,” The Orlando Sentinel, January 14, 2004.

2. Removing Unnecessary Information

In our focus groups, consumers indicated that several of the current requirements in privacy notices were not of significant concern. We believe that these requirements could be removed from the privacy notices and still adequately inform consumers of their rights. These requirements include:

• The regulations should not require that affiliates be categorized or that the information shared with them be categorized. These provisions unnecessarily complicate and lengthen the notices and do not provide particularly meaningful information for consumers.

• The regulations should not require financial institutions to categorize the companies that perform services on their behalf and the categories of information that are disclosed to them. Companies use vendors for many marketing-related functions. GLBA does not give consumers a right to opt-out of this sharing. To include this information in notices confuses consumers and distracts from the opt out choices that consumers find important.

3. Techniques to Draw Attention

While we do not believe regulations should be so detailed as to direct financial institutions to employ specific technologies and presentation styles, the Agencies could provide helpful suggestions to financial institutions for techniques designed to make privacy notices more accessible, readable and useful. For example, in the Privacy at a Glance section and throughout the Wachovia privacy policy Wachovia utilizes subtitles and bolding to draw attention to major sections in order that consumers can find what they are looking for quickly and easily. As well, Wachovia incorporates hyperlinks into its online privacy policy that allow consumers to move quickly to the information they are seeking. Finally, Wachovia also attempts to describe its policy in short but informative bullet points in order that the consumer can focus on the relevant policy governing Wachovia’s use of the customer’s information.

4. Standardized Format

Although Wachovia believes that current issues about the adequacy of privacy notices are limited, historically some groups have expressed concern about the ability of consumers to find the information that they wish to find in privacy notices. For example, groups have complained that it can be difficult to find opt out choices in some privacy notices. Wachovia believes it has addressed this concern through its creation of the “Privacy at a Glance” section at the beginning of its privacy notice. Nevertheless, Wachovia believes that consumers would benefit from establishment of a standardized format for privacy notices that allows financial institutions to provide their own descriptions of their privacy policies and practices. The example attached as Appendix C to the ANPR provides a useful starting point for creating a standardized format.

Consumers have not expressed a need to compare directly privacy notices of competing financial institutions. Therefore, Wachovia does not believe that there is a benefit in attempting to create standard sets of clauses that fairly describe all privacy practices. Instead, consumers would like to know where to find the sections that are of the greatest value to them so they can make decisions about how their information may be handled.

Conclusion

Wachovia supports efforts to improve privacy notices to better inform consumers about their rights. However, Wachovia recommends that efforts to modify the requirements for privacy notices be deferred until 1) FACT Act rule making with respect to affiliate sharing is completed, 2) consumer research can be conducted in the context of the new FACT Act rules, and 3) additional steps can be taken to preempt state laws that would prevent providing a single short notice.

Wachovia appreciates the opportunity to respond to this proposal. Should you wish to discuss any elements of this letter further, feel free to contact Jeff Glaser, Vice President and Assistant General Counsel (704) 374-4642, or me at (704) 374-4645, at your convenience.

Very truly yours,

Campbell Tucker
Director, Privacy Office
Wachovia Corporation