Those Privacy Notices--What They Mean and How to Protect Yourself
Robert D. McConnell, a Manhattan Beach retiree, has spent hours trying to protect his personal financial privacy--and little good it’s done him.
After plowing through dozens of pages of fine print, he sent a so-called opt-out notice to Bank of America, saying he didn’t want the bank sharing or selling his account information. It was returned by the post office, with no forwarding address.
“I’m left with no place to send my opt-out notice,” he fumes. “In the meantime, I have read a lot of the gory details of all of these opt-out things. They all say that they won’t share data with anyone but their partners. But they can partner with anyone. What good does that do you?”
Thanks to a new federal law designed to protect individuals’ financial privacy, consumers have been barraged in recent months by roughly 1 billion complicated privacy policies and opt-out notices from banks, insurers, investment firms and other financial services companies.
But as McConnell learned, opting out isn’t always easy. And sometimes it provides less protection than you might think.
Here’s a look at why you’re getting privacy notices, what they do and what you should do with them:
* Basics
The Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act, opened the doors for financial services companies to merge and create partnerships with each other and with other types of businesses--even retailers. Such combinations were not allowed under previous federal law.
In response to consumer criticism and a passel of lawsuits alleging serious privacy violations, the act also included a provision aimed at protecting consumer privacy. This provision was supposed to allow consumers to bar these companies from sharing customers’ personal information, such as names, addresses, Social Security numbers and account balances.
However, there are some loopholes. The most gaping is that companies can share customer data with “affiliates” and those with which they have joint marketing agreements. These firms can be either subsidiaries or unrelated companies with which the bank, brokerage or insurance company does business--which under the new law can be almost anyone.
* Opt-out notices
The new law also required financial services companies to send customers a notice outlining the companies’ privacy policies and giving the consumer the right to opt out of certain information-sharing by July 1, 2001.
Consumers weren’t required to respond by that date. If you got a privacy notice and tossed it or simply didn’t respond, you can still do so now--with or without the firm’s original privacy notice.
Most major financial services firms have their privacy policies--and the address to send an opt-out notice--posted on the Internet. There also are sample opt-out forms on the Internet at https://www.privacyrights.org, along with a detailed explanation of what the privacy law does.
If you can’t find an address to send the opt-out notice to, call the company. In some cases, you can use whatever address you normally use to do business with the company. (Bank of America can’t explain why the opt-out address on its Web site appears to be out of date, but spokesman Ken Preston says the company allows customers to leave the notices at any BofA branch.)
Companies can allow you to opt out by phone, e-mail or mail. However, most are allowing only written opt-out notices, says Tena Friery, spokeswoman for the Privacy Rights Clearinghouse in San Diego.
* What opting out means
If you choose to opt out, the bank can’t share or sell your “personal, nonpublic information” to unaffiliated companies.
The law doesn’t require companies to withhold your personal data from affiliated companies, even if you ask them to. The only restriction: If the bank shares your information through a joint marketing agreement, the outside partner cannot reuse or resell the data for another purpose.
Some institutions allow customers to opt out of information-sharing with their affiliates and with joint marketing firms. The Privacy Rights Clearinghouse is attempting to post a list of both corporate opt-out addresses and companies that are going beyond what’s required, but the list is not yet complete.
* If you don’t act
If you fail to return an opt-out notice, you are giving implied consent to share any and all legally available data. This can include your past purchases, account balances, credit history, Social Security number and even medical information that may have been picked up if you paid for a medical procedure with a credit card or check.
This can result in more telemarketing calls from a wide variety of firms selling everything from insurance to travel packages and may increase the risk of identity fraud--a crime in which someone steals enough of your personal information to open bank and credit card accounts in your name.
The only information that cannot be shared is your account number and account access codes.
* When you don’t like a policy
Those who don’t like the privacy policies enacted by their various financial institutions have few options. They can complain to the institution, the institution’s regulators (a list is posted at www.privacyrights.org) and legislators. Or they can move their accounts to institutions that appear to be more privacy-friendly.
Some consumers are doing all of the above.
Jim Dorsey, an executive recruiter with Ryan Miller & Associates in Los Angeles, was incensed by the way Farmers Insurance Group has handled opt-out notices. The company is requiring him to opt out three times--once for each policy he holds. Moreover, it will allow opt-outs only by mail and doesn’t include a self-addressed envelope. He complained to the company and now is shopping for another insurer. Farmers didn’t return calls seeking comment.
“I can buy insurance, check quotes and pay my bills over the Internet, but I can’t opt out,” Dorsey says. “They are discouraging you to opt out by making this as difficult as possible. I’m a loyal customer. But at this point, I think, ‘Yeah, I’ll opt out. I’ll opt out of the whole company.’ ”
*
Times staff writer Kathy M. Kristof, author of “Investing 101” (Bloomberg Press, 2000), welcomes your comments and suggestions but regrets that she cannot respond individually to letters or phone calls. Write to Personal Finance, Business Section, Los Angeles Times, 202 W. 1st St., Los Angeles, CA 90012, or e-mail kathy.kristof@latimes.com. For past Personal Finance columns visit The Times’ Web site at https://www.latimes.com/perfin.
