Ensuring Consumer Privacy through High, Flexible Standards

Article excerpt

AS THE INFORMATION AGE MATURES, consumers are becoming increasingly concerned with privacy issues. From telemarketing calls during mealtimes to concerns about online privacy, customer complaints about the ways in which companies gather and use information also are on the rise.

The level of consumer concern about privacy is particularly high when online activity is under discussion. Results from a recent Louis Harris & Associates, IBM Multinational Consumer Privacy Survey showed that 92 percent of respondents were "concerned" about online privacy. Of this group, 72 percent reported being "very concerned."

However, consumers also expect businesses to use their personal information to provide convenience, advice and special offers. Respondents in focus groups have expressed the specific desire that their information be used to cross-market pertinent and personalized services. Innovative technology enables most in our industry to use data that the customer provides during loan origination and servicing to better understand the customer's financial needs and deliver this personalized service. Yet, some of those same technologies, such as online activity, have fueled feelings among many consumers that they are losing control over personal information.

Reconciling all these concerns and expectations is a challenge that mortgage lenders and financial services providers must now squarely face. To maximize customer relationships, many in our industry offer value-added products and services that provide customers with greater convenience and lower costs. We must also be vigilant about using personal financial information in ways that respect our customers' expectations of privacy. It is not only good customer-relationship management, but it is critical to our ability to cross-sell products and services through both subsidiarylike affiliates and affinity relationships with other well-respected, nonaffiliated third-party organizations.

Though it has been just more than a year since the passage of the Gramm-Leach-Bliley Act, many financial services providers now recognize that the most significant portion of this law is Title V, which contains privacy rules. The rules became effective in November 2000, with full compliance required by July 1, 2001. Compliance includes "clear and conspicuous" disclosure of an organization's privacy policy to all new and existing customers when establishing a relationship, and annually thereafter.

The required privacy policy disclosure statements must show the following:

* The categories of nonaffiliated third parties (NTPs) to whom a financial services provider discloses personal information;

* Whether information about former customers is shared with NTPs;

* The categories of nonpublic information about customers collected by the financial services provider;

* Notices regarding the ability to opt out of sharing among affiliates, as required under the Fair Credit Reporting Act;

* The policies and procedures maintained to protect the security and confidentiality of nonpublic information; and

* Explanations of how a customer can opt out of the information-sharing policies of the provider.

In addition to disclosure statements, Title V requires some form of protection, such as encryption or encoding, that prevents a nonaffiliated third party from accessing a transaction account number-such as a home-equity line of credit number.

This overview focuses primarily on information-sharing with nonaffiliated third parties. However, state and federal privacy regulations and legislative proposals also target information-sharing among an organization's affiliates. …