The war for the privacy of personal information has moved to state capital houses. Driving the trend is the Financial Services Modernization Act, signed into law late last year.
The law allows banks, insurance companies and brokerages to merge, ending decades of regulations that kept them separate. The new law allows these "affiliates" to share information about customers and requires only a written "opt-out" signature if that data is transferred to outside third parties. Most important, the act leaves a loophole for states to pass their own financial privacy regulations.
Privacy advocates are deeply troubled by the new law, particularly the automatic sharing of data between affiliates, and are now looking to the states to turn the tide and pass "opt-in" laws to protect consumers.
"Congress dropped the ball last year and failed to protect customer privacy," said Ed Mierzwinski, consumer program director at the U.S. Public Research Interest Group. "It's critical the states and attorneys general keep the pressure on big banks."
Last week, New York Attorney General Eliot Spitzer did just that. In a landmark settlement, Chase Manhattan Bank agreed to limit the sharing of customer account and credit information with third-party marketers to only names, addresses and telephone numbers. Account information can be transferred only with specific written permission from the consumer.
"This agreement advances important privacy protections not adequately addressed last year on the federal level," Spitzer said. "The right to control who is scrutinizing information about one's buying habits and purchasing decisions is a vital component in protecting a fundamental American right."
Spitzer also unveiled a legislative agenda to protect personal privacy, both online and offline, through a new opt-in program.
California is further along in pushing the strategy. Late last month, three bills - AB1707, SB1372 and SB1337 - were introduced in the State Assembly that would specifically require customers to opt in when a financial institution wishes to transfer data - even to affiliate companies.
"I do not believe that we should be forced to give up our right to privacy in order to get financial services," said California Assembly Member Sheila James Kuehl, author of bill 1707. "As enthusiastic as I am about entering the new Information Age, with its technological advancements and economic opportunities, I want us to take our rights as consumers with us."
But a broad array of well-funded and powerful banking lobbyists is lining up to kill the measures.
"The bills are very confusing, and none of the directions are consistent with the federal law," said James Clark, vice president of state government regulatory affairs at the California Bankers Association. "It's a recipe for mass confusion."
Clark argued that banks need the flexibility to transfer customer information among affiliates in order to expedite desired services. "If you require opt-in every time information goes to a third party, you might as well carry cash," he said.
But privacy advocates asserted that the primary danger of such information-sharing is not just cross-marketing, but denial of services. They fear that if a bank obtains your health information from an affiliate's insurance policy and it shows serious illness, a personal loan may not be granted.
Vermont Attorney General William Sorrell learned that banking lobbyists are playing hardball in no uncertain terms. Shortly after the passage of the Financial Services Modernizaton Act, Sorrell moved to close the privacy loophole by adding new language to existing state banking law. Subsequently, several banking lobbyists requested a breakfast meeting.
"They said that if I persisted in trying to tie banks' hands in transferring personal information, [they would] increase prices for consumer credit and mortgage rates for Vermonters," said Sorrell, who still supports the language. "It reaffirmed to me how valuable these information assets are to them."