Your Privacy for Sale

Banks have been selling detailed financial information about their customers to just about anybody. As reported by The Times Saturday, a small San Fernando Valley bank in doing so has become an unwitting accessory to a huge credit card scam. The bank sold 3.7 million credit card numbers to a felon, who then allegedly bilked cardholders out of millions of dollars. As outrageous as this case may be for the victims, in the eyes of the law it seems the bank itself has done nothing wrong. That provides the strongest argument yet for a federal privacy law to protect consumers from their own banks. Transfer of credit card numbers to outsiders should be prohibited.

Federal and state regulators and law enforcement officials express dismay but seem stumped. The Agoura Hills bank, Charter Pacific, says it didn’t know it was selling the list to a felon and didn’t have anywhere to go to find out. The state attorney general’s office knows of no law that would prohibit Charter Pacific or any other bank from selling such sensitive information as credit card numbers, even to felons.

The widespread practice among banks of selling every bit of customer information they have has drawn the attention of federal banking authorities. Comptroller of the Currency John D. Hawke, whose office regulates thousands of banks, called the practice unfair, abusive and deceptive. Minnesota’s attorney general sued U.S. Bancorp for selling customers’ confidential data to a telemarketer.

In the wake of adverse publicity, major banks have somewhat tightened their policies on safeguarding confidential customer information, but they are strongly opposed to any privacy protection being in federal legislation.

Largely because of such opposition, a bill to overhaul the U.S. banking system now in the final stages of deliberation in Congress includes only a weak privacy provision allowing customers to say no to their banks’ disclosure of information to third parties such as telemarketers.

That does not go far enough. Consumers should have the right to prevent their banks from sharing customer data not only with outsiders but also with the banks’ affiliates. That’s particularly important because the legislation would allow banks to merge with brokerages and insurance companies to form financial conglomerates. Moreover, the disclosure should be conditioned on the customer’s affirmative prior consent, the so-called opt in, rather than a mere failure to object to disclosure, or opt out. Individual states should be free to enact even stronger privacy laws.

Clearly, the concerns for protecting consumer privacy outweigh those of the banks for making money.