Customers Want Answers to Why Banks Sold Data

Customers, regulators and even industry experts were surprised to discover this month that several large California banks have been sharing private customer information with third-party companies and telemarketers.

State and federal officials have questioned the policies and Congress is considering rewriting the laws that govern release of personal financial information. In the last two weeks, several banks have revised their privacy policies or halted the release of sensitive information.

Questions remain about why banks released the information in the first place and how consumers can protect their privacy in the future. Here are the answers to frequently asked questions about these policies:

Question: How can banks do this? Isn’t it illegal?

Answer: State and federal laws are unclear on this issue, probably because legislators never envisioned that banks would ever sell or release this kind of information to marketing firms.

For example, credit card companies headquartered in California that want to share customer information must provide written notice to cardholders, but there’s no similar law regarding banks, according to Gene Elerding, an attorney specializing in bank regulation at Manatt, Phelps & Phillips.

The state Constitution includes a right to privacy in financial affairs, and that protection has been interpreted by courts to include bank records, Elerding added. But a court would need to decide whether the banks’ information-sharing practices violate those protections.

In Minnesota, state attorneys are claiming that U.S. Bancorp information-sharing violated state laws against deceptive business practices. The bank denies the accusations. Again, a judge will decide.

In California, a lawsuit has been filed in San Francisco Superior Court against Bank of America, Wells Fargo and Union Bank, alleging privacy violations and deceptive business practices. The banks denied that their practices violate state or federal laws. Los Angeles-based law firm Mehrban, Ghalchi & Yeroushalmi hopes to organize a class-action suit against the banks.

Q: What about federal laws?

A: Nothing in the federal Fair Credit Reporting Act prohibits banks from sharing information with third parties, as long as the information they release was gathered from the bank’s own experience with that customer, according to John Byrne, senior counsel at the American Bankers Assn.

In other words, banks can share information such as account balances or payment history, Byrne said.

The act is far more restrictive when it comes to sharing information that a bank receives from an outside source, such as a credit report. As a result, banks avoid releasing that sort of information to third parties, Byrne said. In some cases, banks may share that outside information with their own affiliates, but if they do, they must get permission from the customer and offer a chance to “opt out.”

Another federal law that might apply is the Electronic Fund Transfer Act, which requires banks to give notice to consumers when disclosing certain information to third parties.

Q: I never received disclosure about this. How could the bank release my information?

A: Check your original account agreement. You’ll probably find some language about disclosing or sharing information with affiliates or third parties. Some banks also include disclosures in monthly statements. Remember, in most cases banks don’t need to get your permission; they just need to disclose the practice.

Q: Is there any way I can stop my information from being disclosed?

A: Yes. Most banks offer the chance to opt out of information-sharing with third-party companies and affiliates. You might have to make separate requests for each type of opt-out. Some banks also require that you opt out separately for each type of account you have, such as your checking account, mortgage and credit card. (See accompanying box.)

Q: Are there drawbacks to opting out?

A: Maybe. If you opt out, you won’t receive as many offers. That may cut down on your junk mail, but it might also prevent you from getting offers you want.

Q: If I opt out, does that mean my information will never be shared or released to third parties?

A: No. Banks will still release information when required by law, to credit-reporting agencies, or to outside companies or agents that provide services to the bank, such as a company that prints checks or processes credit card transactions.

Q: How long have banks been doing this?

A: Banks have worked with marketing firms for years, but disclosing or selling information to third parties is fairly new.

In the past, banks simply allowed marketing firms to stuff their offers into bank statements. But over the last two years, information-sharing has become more common.

In some ways, the information-sharing agreements are a side effect of bank mergers and consolidation. Banks, insurers and securities firms have combined to become financial giants that know almost every aspect of a consumer’s finances, from credit cards to mortgages to mutual funds. With such a detailed financial picture of consumers, banks began to receive interest from marketers hoping to use that information to better sell their products and services.

Q: But why would my bank do this?

A: As with any business, banks are always looking for new sources of revenue. As profit margins shrink and growth slows, banks found these agreements to be a way to boost their incomes.

Q: How much do they make?

A: In Minnesota, regulators said U.S. Bancorp earned $4 million plus commissions for one contract with a telemarketer. Other banks refused to say how much they collect, calling such information “proprietary.” In many agreements, the banks receive a cut of every sale made to its customers.

Q: What information do they give out?

A: It varies from bank to bank. But customer information that was disclosed by California banks includes: name, address, phone number, age, account balance, ZIP Code, homeownership status, bank account number, credit card number and Social Security number.

Q: Why would my bank release my Social Security number or account numbers?

A: Under some of the bank agreements, if customers expressed interest in a product or service, the telemarketer could use the numbers to automatically debit a checking account or charge a credit card. Regulators have criticized this sort of arrangement, which they say leaves consumers vulnerable to fraud.

Some consumers have complained that a Connecticut-based telemarketer called MemberWorks--which has been used by Bank of America, Wells Fargo, California Federal and Union Bank--charged them for products and services they did not request. MemberWorks officials deny any wrongdoing, saying that if customers believe they were charged inappropriately they can receive a refund. “We have never been sued by a consumer or regulatory body in the 10 years we have been in business,” said MemberWorks executive Wayne Gattinella.

Telemarketers might want to use Social Security numbers to run credit reports or verify a person’s identity.

Q: Do all banks share or sell information?

A: Bank of America, Wells Fargo, Union Bank of California and California Federal Bank are among those that have admitted sharing information with outside companies. Smaller banks are less likely to share or sell information because they have too few customers to draw interest from telemarketers.

Q: How can I find out exactly what information about me was released or sold and to whom it was sent?

A: You can try asking your bank, but it will be hard to get a straight answer. In some cases, banks seem to have kept poor records about such transactions. In addition, the uproar over these practices caught most banks by surprise, so branch employees and customer service operators are sometimes uninformed about their own practices.

Q: Haven’t some banks changed their privacy policies recently? Where can I find out more about my bank’s policy?

A: Bank of America said recently it would stop sharing customer information with outside companies. Union Bank also has stopped. Wells Fargo said it will no longer work with outside companies selling nonfinancial products, such as travel discounts or roadside assistance programs, but it continues to share customer information with companies selling financial products, such as insurance. California Federal has announced no change in policy.

Most banks outline their privacy policies on their Web sites.

*

Times staff writer Edmund Sanders can be reached at edmund.sanders@latimes.com.

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Privacy for Sale?

Here’s a look at which large California financial institutions share or sell customer information to third-party marketing firms, how their policies have changed in recent days, and how customers can opt out or prevent their information from being disclosed to outside marketers.

Bank of America

https://www.bankamerica.com

Shares information? Yes

What kind? Names, phone numbers, Social Security numbers, account numbers.

Current policy: Plans to stop releasing customer information to outside marketers.

Can you opt out? Yes. Visit branch, call telephone number on monthly statement, or write: Bank of America, Data Integrity, P.O. Box 27025, Richmond, VA 23261-7025.

*

Wells Fargo

https://www.wellsfargo.com

Shares information? Yes

What kind? Name, address, “certain account information.”

Current policy: Continues sharing information with third-party marketers offering financial products; stopped sharing data with those offering nonfinancial products.

Can you opt out? Yes. Call (800) TO-WELLS and ask for a marketing exclusion request. Or write: Operations Center, MS 6058, P.O. Box 5110, Sioux Falls, SD 57117. Include name, address, Social Security number and account number.

*

Washington Mutual

https://www.washingtonmutual.com

Shares information? No

What kind? Not applicable.

Current policy: No change in policy.

Can you opt out? Not applicable.

*

California Federal Bank

https://www.calfed.com

Shares information? Yes

What kind? Names, phone numbers, account balances, ZIP Codes, homeownership status.

Current policy: Under review.

Can you opt out? Yes. For account holders, call (800) THE-BANK. For mortgage holders, write: FNMC, Attn: Dept. 0251A, P.O. Box 9481, Gathersburg, MD 20898-9481. For investment accounts, call (800) 237-0754.

*

Union Bank

https://www.unionbank.com

Shares information? Yes

What kind? Names, phone numbers, account balances, ages.

Current policy: Has stopped releasing customer information to outside marketers and retrieved previously released data.

Can you opt out? Yes. Visit branch or call telephone number on statement.

*

World Savings

https://www.worldloan.com

Shares information? Refuses to say.

What kind? Refuses to say.

Current policy: Refuses to say.

Can you opt out? Refuses to say.

Source: Times research