Dear Sir or Madam:

The Independent Community Bankers of America (ICBA)1 commends the federal agencies for holding a forum to discuss the effectiveness of financial privacy notices. We also appreciate the opportunity to offer comments on some of the issues raised and hope the dialogue will continue.

Background

The final privacy rules established under Title V of the Gramm-Leach-Bliley Act (GLBA) require that privacy notices be clear and conspicuous. However, some consumer advocates complained that the initial notices were confusing and misleading. Others contended that some companies went out of their way to obscure the ability to opt out. To address these and other issues, the Federal Trade Commission (FTC) took the lead in organizing this forum as the beginning of an ongoing dialogue on privacy issues.

At the forum, representatives from the banking industry affirmed the extensive work banks undertook to comply with the new requirements, sending out millions of notices to customers. While bankers made every effort to produce notices that were as comprehensible as possible, including meeting with consumer focus groups and getting reaction from bank employees and friends, consumer representatives argued that the resulting notices were overly long and complex. In response, bankers pointed out that the complexity was caused by detailed statutory and regulatory requirements – as one banker said, 'it was like fitting the bank's Cinderella foot into the unforgiving Gramm-Leach-Bliley glass slipper.'

Among other issues, the agencies have asked for comment on the challenges associated with providing effective privacy notices, the formats most effective for communicating information on privacy, and other matters related to privacy notices required by GLBA.

ICBA Comments

Community banks have now developed privacy notices to comply with the statutory and regulatory requirements. The many challenges involved with developing the first round of privacy notices have been addressed and procedures are now in place. While there may be some "fine tuning," community bankers do not expect major changes to the procedures they have established.

One of the challenges that community banks report confronting, though, is a problem with customer confusion about opt-out. Many community banks only share information as permitted by law and therefore are not required to offer their customers an opt-out option. However, reports in the media and comments by consumer activists have caused some consumers to mistakenly believe that all financial institutions must offer an opt-out right. As a result, community bank customers sometimes deliver an opt out form that they have obtained from the Internet or otherwise when the bank does not have a mechanism for opting out because it is not required to offer one. Guidance is needed on how banks should handle such situations (conflicting guidance was presented during the forum). It also would be useful if the federal agencies would help correct this popular misconception and explain that not all banks must offer an opt-out right. And, it would help if the agencies assured the public that financial institutions share information in ways that benefit consumers. One excellent example is how reporting information to credit bureaus makes credit more easily and inexpensively available. However, it is critical that the public understand that not all information sharing is bad and that not all banks share information in a way that requires an opt-out right.

Another useful step would be to develop a short form privacy notice. As noted at the forum, the great majority of individuals do not seem concerned about all the details that are currently required for privacy notices. A short-form notice could incorporate references to more detailed information about a bank's privacy policies and procedures for those customers that want that detail. A short form would be more easily understood by the great majority of bank customers while addressing many of the criticisms that consumer activists have raised. Keeping notices simple also would be less confusing to customers and less burdensome for financial institutions.

The ICBA also recommends that the regulatory agencies develop a set of "best practices." This would provide guidance for both bankers and the public and might facilitate understanding of the privacy requirements. However, if "best practices" are issued, it should be made clear that the requirements are not mandatory and do not set standards for examinations by supervisors. While most panelists at the forum urged banks to issue privacy notices in plain language that steers clear of jargon, it is also apparent that some of the jargon results from GLBA requirements, so guidance in the form of "best practices" would be useful. The ICBA also agrees with panelists that recommended clearly defined terms so that everyone understands what is meant, including what is meant by "privacy."

Recently, the banking regulators issued a set of frequently asked questions to address some of the issues that have arisen since the privacy regulations were issued. However, many questions still exist, and the ICBA urges the agencies to continue to refine and expand this guidance. For example, one area where guidance from the regulatory agencies would be especially beneficial would be how the joint marketing exception applies – and when the joint marketing exception differs from the servicing exception.

Finally, the ICBA urges the federal agencies to develop consumer education materials to help the public understand the Gramm-Leach-Bliley Act requirements. It would also help if education materials outlined the benefits that can come from information sharing. And, education materials should stress the important steps that consumers can and should take to protect their information from identity theft. And, education materials might offer guidance and contact information on how consumers can get themselves removed from telemarketing lists and how to contact credit bureaus.

The ICBA looks forward to a continuing dialogue with the federal agencies to continue to develop effective privacy notices. Should you have any questions or need any additional information, please contact Robert Rowe, ICBA's regulatory counsel, at 202-659-8111 or robert_rowe@icba.org.

Thank you for the opportunity to comment.

Sincerely,

Robert I. Gulledge
Chairman