WASHINGTON
Comptroller of the Currency John C. Dugan said today that most bank customers
dont find the privacy notices they receive to be especially useful and said an
ongoing interagency process to simplify those notices will better serve banks
and their customers.
Thats partly because
the statutory requirements are complex and mandate a host of very specific
disclosures, the Comptroller said. In addition, the regulations implementing
the law encourage the use of legal terms in notices. Finally, there was no requirement in the law or regulations for
uniformity or consistency among institutions in the way the information is
presented.
When you combine these
three factors, the result is what we have today: notices with too much information, too many legal terms, and too
much variability in presentation from institution to institution, Mr. Dugan
said in a speech to a meeting sponsored by the American Law Institute and the
American Bar Association.
Each year, banks and
other financial institutions bear the cost of mailing such mandatory notices to
their many millions of customers, even though we suspect that most of the
notices go from postman to trashcan without ever being read, Mr. Dugan
added. Put more harshly, in too many
instances privacy notices are nothing more than costly waste.
Mr. Dugan noted that
the federal banking agencies have retained expert consultants to test privacy
notices with consumers. The purpose of
the testing is to determine whether consumers find the notices useful, he
added.
For example, if a
consumer wants to limit his banks sharing of personal information, can he
easily determine from the notice how to opt out? Mr. Dugan asked. If a consumer wants to compare sharing
practices among banks, can she easily do so based on the banks notices?
The Comptroller said
shorter, more focused notices would reduce the burden on banks and empower
consumers to make informed decisions about their personal information.
In the area of data
security, Mr. Dugan noted that banks are subject both to federal requirements
that specify when they must notify customers about security breaches involving
their personal information, as well as a patchwork of state laws. However, federal law does not apply to all
companies that handle confidential customer information.
It does not apply to
data brokers, merchant card processors, or retailersall of which suffered
well-publicized breaches last year, some involving account information of
millions of consumers, Mr. Dugan said.
There is no federal law that compels these companies to notify
consumers of breaches involving their personal information.
Given the spate of
well-publicized security breaches, the lack of a federal standard outside the
financial services sector, and the patchwork treatment by the states, it is no
surprise that Members of Congress have weighed in on this disparity, he
said. A handful of congressional
committees are considering legislation and, while it is not clear whether the
regulatory regime applied to banks would work well for other types of
companies, it is equally unclear whether a one-size-fits-all standard designed
for all companies would work for banks.
What is clear,
however, is that banks should not be subjected to two different federal
standards, the Comptroller added. Either they should continue to be subject
to the Gramm-Leach-Bliley regime alone, with modifications as appropriate, or
that regime should be supplemented by one that applies to all companiesso long
as a standard can be crafted that makes sense to apply to bank and nonbank
companies alike.
If Congress adopts a
single federal standard for all institutions, including banks, Mr. Dugan
recommended three principles to guide their actions. First, functional regulators should write the rules for
institutions within their jurisdiction.
Second, functional regulators should have exclusive authority to enforce
these rules. Third, a uniform national
standard is appropriate to govern the safeguarding of personal information and
notice to consumers of security breaches.
#
# #
The Office of the
Comptroller of the Currency was created by Congress to charter national banks,
to oversee a nationwide system of banking institutions, and to assure that
national banks are safe and sound, competitive and profitable, and capable of
serving in the best possible manner the banking needs of their customers.