Any banker who thought privacy was one of those issues that would dry up and blow away had a flawed crystal ball. S. 900, the Senate version of financial modernization legislation, passed in early May with a few privacy-related provisions included. The most notable of these is the requirement that bank regulators set up grievance procedures for violations of consumers' privacy. The House Banking version of the legislation, H.R. 10, has privacy provisions in it, as does the House Commerce Committee finance subcommittee's version of May 27. However, much more is happening on the privacy front in Washington:
* Gramm sets privacy hearings: Fulfilling an earlier pledge, made during consideration of S. 900, Senate Banking Committee Chairman Phil Gramm (R.-Texas) scheduled full committee hearings for June 9 regarding financial privacy issues. "The current laws covering banking and securities were written before the Internet became a part of daily life and before the explosion in new technology," Gramm observed.
* Associations critique U.S./E.U. "safe harbor." Banks are "encouraged" but not yet 100% on board with the proposed International Safe Harbor Privacy Principles the Commerce Department is attempting to hammer out with the European Union. So wrote ABA, the Consumer Bankers Association, and the Financial Services Roundtable in a mid-May comment letter concerning the ongoing negotiations.
The safe harbor issue arose in response to the EU's controversial Directive on Data Protection, which went into effect last year. Simply stated, many U.S. companies' information practices won't pass muster under the EU. directive. As a result, U.S. companies' ability to do business in Europe could be affected; the directive allows the transfer of personally identifiable data to third countries only if they provide an "adequate" level of privacy protection. If a final form of the safe harbor principles can be devised that is acceptable to all parties, U.S. firms could continue to do business in tbe E.U. without running afoul of the directive.
"The U.S. and the E.U., for cultural and other reasons, not only treat and use information differently, but also conduct business differently," the associations wrote. "Despite the fact that the Safe Harbor Principles are intended to apply only to information originating in European member states, there is reluctance in this country to adopt a safe harbor when the ultimate effect could be to dictate domestic policy and corporate practices for U.S. companies."
The Administration has consistently claimed this would not be the case. For instance, in a recent speech, Under Secretary of Commerce David L. Aaron, who leads negotiations over the safe harbor for the U.S., stated: "In no way does the U.S. government intend for these safe harbor principles to be seen as precedents for any future changes in the U.S. privacy regime."
Detailed papers from both the government and commenters can be seen at www.ita.doc.gov
* Administration targets financial privacy and education: Expanding on an initiative started last year, in early May the White House unveiled a detailed series of proposals dealing with financial privacy and related matters. …