| Sent: Wednesday, March 15, 2000 8:17
PM I totally disagree with the position of WDIA stated below and am in support of The Financial Modernization Act both as an individual and as the owner of a business who uses credit reporting agencies for the valid purposes of checking credit history before leasing valueable assets. As it is vital in today's economy to have accounts at financial institutions, I strongly believe that these institutions and the credit agencies necessary for their business, should not give out my name and address to outsiders. Despite their arguement that these items are "public information" that is simply not true. My name and address are not published in the phone book if I have an unlisted number. My address is only printed on my checks if I request that it be. I only give checks to individuals that I want to have that information and/or that have promised to keep that information confidential. My credit cards have my name on them but not my address. I have no obligation to put my name on my mailbox. My address and phone number are NOT public information. I also find it overly burdensome to have to write my financial institutions and request that they not give out my personal information. I AM IN FAVOR OF the proposed regulations to implement Title V of the Gramm-Leach-Bliley Act of 1999 Beth Strickler -----Original Message----- From: nci-sup@voyager.wdia.com [SMTP:nci-sup@voyager.wdia.com] Sent: March 15, 2000 5:29 PM Subject: WARNING!!! YOU MAY LOSE YOUR RIGHT TO ACCESS SSN TRACING AND ADDRESS IDENTIFER UPDATES (CREDIT HEADER RECORDS) This email message is available better formatted on the web at http://www.wdia.com/statutes/Reg-P-Comments.htm Dear Business User: You are about to lose some of your most valuable business tools! We are urging you to write or email 5 government agencies before the March 31st deadline... Save your right to access this data!!! A sample letter is included below. Any organization that uses consumer information to conduct business knows that regulatory and legislative scrutiny is at an all time high. This environment has given rise to a situation that demands a swift and comprehensive reaction from all businesses that rely on accessible, accurate, and publicly available consumer information. The Financial Modernization Act (FMA) is intended to protect consumer interests regarding the use of personal financial information and many companies, including W.D.I.A. Corporation, applaud the objectives of the act, however, something has gone awry. The Federal Reserve Board of Governors, The Federal Deposit Insurance Corporation, Department of the Treasury, Office of Thrift Supervision, Comptroller of the Currency, and Federal Trade Commission have wrongly interpreted the intent and scope of the FMA as passed by Congress. And that distortion has the potential to seriously disrupt the ontributions that the consumer credit infrastructure makes to the overall economy, not to mention your particular business. While logic, overall benefits to the economy, and the interests of consumers would seem to provide a powerful impetus for the regulatory agencies to avoid broad stroke interpretations, to date they are heading in exactly that direction. If allowed to stand as defined today, these regulations will effectively eliminate a long list of information products currently in use. W.D.I.A. Corporation is suggesting that our customers who are concerned about losing access to valuable business tools, join us in presenting articulate and logic based comments to the regulatory agency that has enforcement authority over your business. We at W.D.I.A. have a vested interest in the future success of your business. As a customer service, we have developed a positioning document below that outlines our opinion and which will form the basis of our official comments. We urge you to work with your legal counsel, government affairs office, or trade association to review the W.D.I.A. position and develop your own or your industry's comments for submission to the regulators. Many information products are at risk of becoming inaccessible to your company. This is a very time sensitive issue! Comments to regulators are due by March 31st. Please act as quickly as possible to protect the tools our industry uses to effectively serve the consumer marketplace! The addresses of the agencies which we urge you to contact are ... _________________________________________________________________ GLBRule@ftc.gov Secretary Federal Trade Commission Room H-159, 600 Pennsylvania Ave, N.W. Washington, D.C. 20580 RE: Gramm-Leach-Bliley Act Privacy Rule, 16 CFR Part 313 -Comment _________________________________________________________________ regs.comments@occ.treas.gov Office of the Comptroller of Currency Communications Division Office of the Comptroller of Currency 250 E Street, S.W. Washington, D.C. 20219 Attention: Docket No. 00-05 RE: Gramm-Leach-Bliley Act Privacy Rule _______________________________________________________________ regs.comments@federalreserve.gov Ms. Jennifer J. Johnson, Secretary Board of Governors of the Federal Reserve System 20th and C Streets, N.W. Washington D.C. 20551 RE: Docket No. R-1058 ____________________________________________________________ comments@fdic.gov Robert E. Feldman, Executive Secretary Attention: Comments/OES Federal Deposit Insurance Corporation 550 17th Street N.W. Washington, D.C. 20429 Re: Gramm-Leach-Bliley Act Privacy Rule _________________________________________________________________ public.info@ots.treas.gov Manager, Dissemination Branch Information Management & Services Division Office of Thrift Supervision 1700 G Street, N.W. Washington, D.C. 20552 Attention: Docket No. 2000-13 RE: Docket No. 2000.13 Comments on Proposed Regulation P Privacy of Consumer Financial Information February 16, 2000 The Regulations issued by the Regulatory Agencies under the Financial Modernization Act, define "Nonpublic Personal Information" in a way that ignores the plain language of the Act and goes far beyond the intended purpose of protecting the financial information of consumers. The result will cause serious harm to any company that uses names and addresses to contact their current or prospective customers. It will have a serious negative impact on electronic commerce and its security by interfering with digital certificate identifications. It will make address verifications unavailable for internet companies that need to verify identities and addresses of customers prior to shipping products. It will result in data being unavailable for utilities that need to verify occupants for service, telecommunications companies that verify identities of prospective customers, insurance companies that need to locate policy holders, state government unclaimed fund departments, companies that have returned mail, law enforcement and government agencies, such as the IRS, that need to locate individuals or investigate fraud and universities that seek to locate alumni. It will interfere with fraud prevention by the private sector, and it will seriously impact any company that engages in direct marketing, including financial institutions that send invitations to consumers to apply for credit. I. The Potential Impact on the Economy Credit bureaus have the most current name and address file available because consumers update their addresses with their credit card companies and other lenders when they move. That information is provided to credit bureaus on a regular basis. The information has the following uses: "Header data", as found on consumer reports is used to update addresses on mailing lists by the direct marketing industry. Law enforcement agencies use it to locate suspects, witnesses, and dead beat parents. The IRS uses it for returned mail, or to verify social security numbers. Mutual Funds use it to locate lost shareholders. Banks use it to verify addresses when opening checking accounts. The internet economy will thrive if new companies can locate customers through direct mail and invite them to visit their web site. Start up electronic commerce companies cannot afford mass marketing, they cannot afford commercials on the Super Bowl, so they will need direct marketing to locate customers and be able to compete. As the mass media becomes more diversified, and less "mass," as fewer consumers read general circulation magazines and newspapers, mass marketing becomes less effective and individualized direct marketing becomes more essential. Digital certificates used to assure security on the web will require means to verify addresses. Prior to the use of header data from consumer reporting agencies, the best available source of names and addresses was the telephone directory. If Regulation P prohibits the use of header data, all of the above industries and government agencies will be forced to return to the phone book for names and addresses and the emerging internet economy will be crippled. II. The Law The purpose of Title V is the "protection of nonpublic personal information." All the obligations in the Title pertain to "nonpublic personal information." There can be no Congressional interest in protecting information that is public or not sensitive. The term "nonpublic personal information" is, therefore, defined with care. Title V, Section 509 (4), defines "nonpublic personal information" as "personally identifiable financial information-(i) provided by a consumer to a financial institution; (ii) resulting from any transaction with the consumer?; or (iii) otherwise obtained by the financial institution.".. The information covered must, as an initial matter, be financial information. The act deals with financial institutions and the information they have as a result of being financial institutions, namely, financial information. The Act could not have been intended to address and protect information that financial institutions have, that many other companies or entities have with no requirement to provide the information any level protection. Information in the public domain, information in the phone book, information freely disclosed by consumers with no attempt to protect it, information not considered private or financial could not be the subject matter of the Act. The definition of "financial information" is critical to determine the coverage of the Act In addition, Congress went further to help clarify its intent. The Act does not address all information held by a financial institution about a consumer, only information that is financial and "(i) provided by a consumer." When consumers enter into transactions with financial institutions, they often provide financial information such as income, other banking or credit relationships, assets, net worth, employment information and so on. Obviously, that information is nonpublic personal information intended to be protected. Further, the information must be financial information "(ii) resulting from any transaction with the consumer?" The private financial information that results from a transaction is the performance information resulting from opening a credit account, such as balance information, payment information, and other events that result from the initial transaction. The fact that a consumer has an account is displayed by the consumer every time he or she uses a credit card or writes a check. No effort is made to treat it as private, or in need of protection. Congress included only financial information "resulting from" the transaction as subject to the requirements of the Act and protected. Finally, Congress required that to be covered by the requirements of the Title, the information must be financial information "(iii) otherwise obtained?" Information otherwise obtained would be such information as that which is obtained as a result of a background investigation, or from a credit report. That type if information is financial, uniquely in the hands of a financial institution, considered private by the consumer, and a proper subject of protection. As can be seen, the definition is complex, well thought out, carefully crafted, and intended to protect what is truly private and financial. III The Regulations Unfortunately, the definition in the Regulations treat much of the definition in the law as surplusage. They do this by defining "financial" so broadly that it defies ordinary logic and word usage. "The Agencies recognize that this interpretation may result in certain information being covered by the rules that my not be considered intrinsically financial?" But not only is the information covered not intrinsically financial, it also violates ordinary rules of statutory construction, and ignores words and sections in the Law. As the Regulations recognize, the statute sets out three categories of financial information, as recited above, that the information must meet in order to be covered. By establishing three categories, the definition, like any definition, is intended to distinguish between covered information, and information that is not covered. However, by defining "financial information" so broadly in the Regulations, the categories become surplusage, since no information is not covered. This is true under Alternative A as well as Alternative B. A. Under Alternative A, any information provided by a consumer to a financial institution, including name and address and other identifiers, is covered whether or not it is otherwise publicly available. In other words, all information a financial institution has about a consumer is "nonpublic personal information." Under this interpretation, it is impossible for a financial institution to have any information about a consumer that is not covered. The definition distinguishes nothing and there is no need to consider the categories. Everything is financial information, and as a result covered whether or not is obtained from the consumer, results from the transaction, or is otherwise obtained. If that were the intent, it would have been easy for Congress to say so. Although that may be, as the commentary says, "a workable and clear standard for distinguishing information that is financial from other personal information," it is not reasonable, and cannot reflect Congressional intent. B. Under Alternative B, if information is publicly available, it is not financial information even if not obtained from public sources. That definition, at least, creates some distinction between information that is covered and information that is not covered. However, the same problem arises when the categories are considered.
Accordingly, the Regulators should redefine "financial information" in a way that gives meaning to all parts of the definition; namely, financial information is information of a financial and private nature, under the ordinary meaning and understanding of the word. IV. Impact of the Proposed Regulations Account information, which includes names and addresses, is given to credit bureaus by financial institutions, under an exception in the Act, that does not subject the information to the notice and opt-out requirement. A general exception that the Act is not to impact the operation of the Fair Credit Reporting Act permits credit bureaus to disclose credit eligibility information as permitted by that Act. However, header data is not governed by FCRA since it is not eligibility information. It is not governed by the Banking Reform Act because it is not personally identifiable financial information. But now, it is governed by the Regulations, because they ignore the well crafted definitions in the Act. As a result, if the Regulations stand, header data cannot be used for internet or other verification, location, law enforcement, fraud prevention, address correction, or any of the other purposes listed above. Therefore, it is imperative that the Regulators take into account Congressional intent, using rules of statutory construction, and define the terms in accordance with ordinary understanding of their meaning, thereby protecting personal financial information, as the statute envisions. Sample Letter Insert addresses here - Click to go to addresses Regarding: Gramm-Leach-Bliley Act Privacy Rule 16 CFR Part 313- Comment Federal Reserve Board Docket No R-1058 Office of Thrift Supervision Docket No 2000-13 To Whom It May Concern: I am writing to express my concern with the proposed regulations to implement Title V of the Gramm-Leach-Bliley Act of 1999. As a business professional and small business person, I fear we would lose a valuable and very necessary source of locating individuals if "non-public personal information" is defined to include simple names and addresses of customers of financial institutions. It was my impression that the clear intent of Congress was to provide an opportunity for customers of financial institutions to "opt-out" of sharing their personal financial information with non-affiliates of the institutions. The statute provides protection for financial information--not mere names and addresses. If all information available to a financial institution is defined as "non-public personal information," then what is "public"? Congress seemed to be offering a distinction by describing financial information. I believe the Act provides opt-out of information regarding credit history, employment and financial assets. But name, address and phone number should not be classified as "non-public." Credit bureaus have the most current name and address file available because consumers update their addresses with their credit card companies and other lenders when they move. That information is provided to credit bureaus on a regular basis. The information has the following uses: "Header data", as found on consumer reports is used to update addresses on mailing lists by the direct marketing industry. Law enforcement agencies use it to locate suspects, witnesses, and dead beat parents. The IRS uses it for returned mail, or to verify social security numbers. Mutual Funds use it to locate lost shareholders. Banks use it to verify addresses when opening checking accounts. The internet economy will thrive if new companies can locate customers through direct mail and invite them to visit their web site. Start up electronic commerce companies cannot afford mass marketing, they cannot afford commercials on the Super Bowl, so they will need direct marketing to locate customers and be able to compete. As the mass media becomes more diversified, and less "mass," as fewer consumers read general circulation magazines and newspapers, mass marketing becomes less effective and individualized direct marketing becomes more essential. Digital certificates used to assure security on the web will require means to verify addresses. Prior to the use of header data from consumer reporting agencies, the best available source of names and addresses was the telephone directory. If Regulation P prohibits the use of header data, all of the above industries and government agencies will be forced to return to the phone book for names and addresses and the emerging internet economy will be crippled. If this information is deemed "non-public personal," only wrongdoers and criminals will benefit and the law-abiding consumer will be the loser. I urge you to define non-public personal information in the manner that Congress intended. Yours truly, |