Banking on privacy

Your mortgage resides in Iowa, your credit card accumulates debt in Delaware and your small-but-proud mutual fund rides the market in Manhattan. The Maine Legislature is debating how to protect personal information as banks, insurance companies and other financial institutions get into each other’s businesses, but the fact that people in Maine, like people all over the country, no longer let a state border determine where they shop for financial services means that protection can only effectively come from the federal government.

Maine lawmakers, however, still have a crucial role in approving legislation that mirrors the privacy protection under the federal Gramm-Leach-Bliley Act of 1999. They can take the dense, at times jargon-filled and overly long privacy notices that financial institutions have been sending out all spring and draft a simple model that tells consumers in 25 words or less what they need to do to keep their records as private as the federal law allows.

The Banking and Insurance Committee currently has two reports on this issue before it. One, the majority, assumes information would be kept private unless a customer gives a bank permission to share it with unaffiliated third parties. That’s called the opt-in provision. The minority report assumes the information can be shared unless a customer says to keep the information private. That’s called opt-out.

The opt-out provision is in the federal law, has been supported by 46 states and is backed by the King administration. Groups such as the Maine Civil Liberties Union, AARP and the Maine People’s Alliance support the opt-in version, and their sentiment is understandable.

Why should any institution believe it can take private information about you and share it with others for their mutual benefit without consulting you first? If this were 1971 instead of 2001, the answer would be simple – it mustn’t, because then the assumption was that information from day-to-day transactions would be kept private. But at a time when a swipe of a credit card or store card at a supermarket can register a record of all your purchases, which can then be shared with others, the assumption has flipped. It is now the norm that information, some of it considered extremely private just a couple of years ago, will be shared. This is the reason that separate and much-debated federal legislation was needed to guard medical records.

Some consumer groups also object to the opt-out provision because they know that many, perhaps most, people are not going to pay attention to the notices from the banks – if it’s not a bank statement or a bill, it gets tossed. That may be in part because people don’t especially care about the issue or trust their banks to treat their private records with respect. But it may also be because they lead busy lives and don’t have time to sit around and read the eight or 10 or 15 really dull and complex privacy notices they are likely to get from various institutions before July 1.

But if this issue is important enough for a majority on the committee to support legislation to move Maine in the opposite direction of the federal government and nearly every state, then it is important enough for the committee to find a way to notify consumers more effectively about privacy options while at the same time recognizing that the opt-in proposal fails to account for the fact that the way business is conducted has changed dramatically in recent years.

This is not a knock against the banks, which are just following the accepted federal standards for notification. It is, instead, an opportunity for lawmakers to produce a positive, consumer-friendly service that Congress could consider as an amendment to the 1999 act and, more importantly, that financial institutions in Maine could take up to enhance their public relations.

Gramm-Leach-Bliley affects only the information shared with third parties, those outside a financial institution’s overall corporation. Big banks – those with their own sets of affiliations that keep them from needing to share information with third parties – are affected by the privacy rules a lot less than small local banks, which depend on third parties. Rather than putting small banks at a further disadvantage, lawmakers should choose the federal standard and get to work on that easy-to-read notice.