Protecting Your Financial Privacy
If you think that the privacy of financial information that you
share is regulated, you are correct. Unfortunately, the
regulations that are in place may do very little to protect you
from privacy violations.
The reason for this is that there are a hodge-podge of financial
regulatory laws that govern the data that we share daily for
financial purposes. You will find these laws at the local, State
and Federal levels, and they often conflict with each other.
Furthermore, the regulatory bodies responsible for administering
some of these laws have found their opinions in conflict with
those of the courts, Congress and various state legislatures on
more than one occasion.
So who's responsible for the privacy of your information and
what are your rights? Well, that depends upon what law you are
reading, and who is interpreting it.
Looking at three Federal laws, Gramm-Leach Bliley Act (GLBA),
the Fair Credit Reporting Act (FCRA) and the Fair and Accurate
Credit Transactions Act (FACTA) we begin to understand the scope
of the problem.
When enacted, GLBA pulled down the legal barriers that had
prevented banks from going into other, non-banking lines of
business. These laws had been in place since the depression of
the 1930's.
When Congress enacted GLBA, it also recognized that the new law
placed a tremendous amount of power in the hands of large
financial institutions. To deal with this, it provided a variety
of privacy protections within the law. GLBA recognized that the
States may want to enact stronger privacy laws and it did not
preempt them from doing so.
The FCRA too enacted a variety of consumer protections. Unlike
GLBA however, the FCRA did place restrictions upon the States,
preventing them from enacting privacy regulation with bank
affiliates. The FCRA defined affiliates as "...persons
affiliated by common ownership or common corporate control..."
This means that if your bank owns an insurance company, you have
absolutely no way to prevent them from sharing your data with
that insurance company.
The FCRA restrictions on the States were originally set to
expire at the end of 2003 but at the end of 2003, Congress
enacted FACTA, which amended the FCRA and made the restrictions
on the States permanent.
As if this isn't confusing enough, GLBA is regulated by the
Federal Trade Commission. The FCRA can only be regulated through
the Federal Courts.
When there is a conflict between these two laws, GLBA defers to
the FCRA, meaning that if you think your privacy rights were
violated by your bank under GLBA, you need to make sure that the
FCRA doesn't take precedence.
Finally, throw in State and local laws and the problem becomes
clearer. Both North Dakota and California have strict laws
regarding financial privacy. These laws take precedence over
Federal laws except with regard to affiliate sharing. The FCRA
then takes affect, rendering the State laws completely
ineffectual. The State laws do however help protect your privacy
in other matter. For instance, when merchants gather your data.
That is of course unless the merchant also happens to be a large
credit grantor or a bank affiliate.
So, is there any hope for privacy? The odds are not looking good
for consumers. The states have repeatedly tried to pass stronger
privacy legislation that is consumer friendly. But as soon as
they do, large credit grantors start lobbying Congress to
override the states. This process is repeated time an again and
so far, the states have not faired too well.
The reality is that consumers that want financial privacy need
to do their homework. They need to do business with companies
that don't share their data, and they need to let companies know
that they will go elsewhere when companies violate their
privacy. One thing that consumers can do to protect themselves
is look into moving their bank accounts to a credit union.
Credit unions are much more consumer friendly and they have the
added benefit of paying higher interest rates.