States Tackle Privacy Loopholes Created By Congress

When Congress voted two years ago to tear down Depression-era barriers that had long kept banks, investment firms, insurance companies and other elements of the financial services industry from merging , Wisconsin State Representative Marlin Schneider had just one comment: “They’re nuts,” he said of the federal lawmakers.

Since then, a growing number of state legislators have come to the same conclusion as they’ve tried to address privacy loopholes in the Financial Services Modernization Act of 1999. They fear that weaknesses in the bill could leave people more vulnerable to identity theft, telemarketing and direct mail harassment and even criminal proceedings.

Legislators around the country are trying to close those loopholes to make sure that financial service companies don’t misuse personal information supplied by their clients. At least thirty states have attempted to strengthen the privacy provisions of the act, which allows financial service institutions to merge their varied activities with one another and share private data about their customers.Though passed in 1999, the federal legislation will not take effect until July 1, 2001.

Some states have made it easier for people to control the release of their medical records, social security numbers, driving histories and even Internet surfing preferences. But only seven states — Alaska, Florida, Illinois, Maine, Maryland, North Dakota and Vermont, — have succeeded in placing strong prohibitions on the release of private financial and consumer-oriented information.

Of those seven, Vermont’s laws are by far the most progressive and comprehensive — and they predate the federal statute. They give consumers almost total control over the release of their private information, including credit reports, by requiring businesses to obtain affirmative written consent every time they want to share or sell this information. Assistant Vermont Attorney General Julie Brill says the state laws make it extremely difficult for anyone to trade in personally identifiable data.

“We wanted to make sure that doesn’t happen in Vermont,” says Brill, who with her boss, Vermont Attorney General William H. Sorrell, is mounting a vigorous defense against ongoing efforts by the financial industry to have the state’s privacy laws repealed.

When the financial modernization act was passed, federal lawmakers opposed to it warned that it would create significant problems for the states. U.S. Sen. Richard Shelby (R) of Alabama said that it would give the financial industry too much freedom over the exchange of consumer information, increasing the chances that private data would be exploited for profit. He has encouraged states to crack down harder on privacy violations and he plans to introduce federal legislation designed to protect a range of personal information, including Social Security numbers.

Shelby, who co-chairs the congressional privacy caucus with Rep. Ed Markey, (D) of Massachusetts, plans hearings next week on privacy issues. Shelby and Markey, said Shelby aide Andrea Andrews, “are absolutely committed to making the privacy issue a priority in Congress.”

“They both believe,” she said, “that the burden should be on the banks (and other financial institutions) to obtain permission before they give out any kind of information.”

Most Americans also feel that way, if recent polls are accurate. National surveys conducted by newspapers and independent groups indicate that people want tougher privacy regulations slapped on everything from businesses and governments to those pay-and-go electronic gas pumps that have become so popular.

The surveys show that people increasingly identify privacy as a big concern, often ranking it above other weighty issues such as education, crime, the economy and even terrorism. South Carolina, Florida and other states felt the sting of this concern (and had to change their policy) after it was reported that they were selling drivers license photos to a New Hampshire security firm.

State lawmakers pushing for new privacy laws say companies that peddle personal information are turning their constituents into “defenseless victims,” as one put it. They say Congress had a chance to come to the rescue with the financial services bill, but failed.”Congress did a bad thing when they passed that law. It has the potential of causing tremendous mischief, and you can bet your bottom dollar the financial institutions are going to misuse it,” says Wisconsin’s Schneider.

He plans to reintroduce legislation this year in the state assembly that will provide better protections for the consumer. The Democrat is also contemplating an amendment to the state constitution that would guarantee the right to privacy.

California will consider at least three strong privacy measures this year, including one written by California Assemblyman Tim Leslie. Leslie, a conservative Republican, has been highly critical of his GOP colleagues in Congress for doing what he calls “a terrible job” on the financial services legislation. He says the bill is “too business friendly.”

“In their rush to make it easier for financial institutions to merge,” says Leslie, “they treated personal privacy as an afterthought. They’ve got this bill so riddled with loopholes that it’s basically meaningless in terms of protecting people’s rights. And now it’s up to the states to step in and close those loopholes.”

Supporters of the federal measure insist that getting the states involved is what the laws’ chief sponsors — Republican Sen. Phil Gramm of Texas, and Republican Reps. Jim Leach of Indiana and Thomas Bliley of Virginia — had in mind anyway. Unable to reach a compromise with their colleagues and the powerful financial interests, they settled for a minimum of privacy protection and wrote in language inviting the states to tackle the issue, congressional aides said. “With the implementation of the Gramm-Leach-Bliley act, we are looking at a radical change in the way personally identifiable information is collected and used in the marketplace … All of this information can now be merged into a single data base — without our consent, ” Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, told the California Bar Association recently.

The financial services industry has long argued that stronger privacy protections will only hamper their efforts to provide the kind of services consumers want. Complying with new laws, industry officials say, will take more of their resources and time, thereby reducing the quality of services people expect them to provide.

Industry lobbyists were successful last year in killing or stalling dozens of privacy bills in legislatures throughout the country. That’s why legislators are trying again this year. But given the well-financed opposition, advocates of greater privacy protections are braced for an uphill battle in most states.