By the end of June, you should receive a piece of mail (or email) from each financial institution with which you do business. Even if it looks like junk mail, don't throw it out! Under the provisions of 1999's Gramm-Leach-Bliley Act, financial companies like banks, brokerage firms, insurance companies, and credit card companies are required to notify all their customers about their privacy policies -- how they share data on their customers and, more importantly, how you can prevent those companies from selling your personal information.
The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, was notable for its repeal of Depression-era regulations that prevented the creation of financial conglomerates in the U.S. Under the old laws, a single company could not own both more than one financial services business. For instance, the same parent company could not own a brokerage firm and a bank, or a bank and an insurance company.
But with the modernization of these laws came new concerns about how businesses trade information on their customers for use in marketing new products and services. As a result, the Gramm-Leach-Bliley act requires that financial companies notify customers about their privacy policies. The new laws say that financial service providers must mail you a privacy notice by July 1, explaining:
- How your personal financial and other information is collected.
- How your information is used.
- How you can opt-out, to say "no" to having your information shared, sold or otherwise disclosed to outside companies.
Companies must send customers a privacy notice each year after that, or when their policies change.
By law, companies can resell any information they collect about you with the exception of specific account numbers and passwords or PINs. Everything else they know about you -- the balance of your account, your address, your mother's maiden name, your Social Security number, how much you spend at Frederick's of Hollywood each year, the banner ads or links you click on its Web site -- is fair game to be sold to other financial companies under the laws. Now, most companies will not disclose such specific information, but legally they certainly could. That's why it's so important to understand the privacy policies of your companies, and to opt out of having your information disclosed if you object to such open sharing of your personal details.
To opt out of having your information shared, you must follow the instructions in the privacy notice provided by the company. The company has thirty days from the receipt of your request to implement your instructions.
If you have previously agreed to accept electronic communications from an online firm, then you might receive that firm's privacy notice via email, and not by postal mail. No matter how you receive the notice, and no matter if they have an online opt-out form that you can complete, you can still opt out by writing a letter to the firm.
Unfortunately, under the law, consumers have no right to opt out of sharing of data between different divisions of a company. "Affiliated" companies owned by a common parent can share information at will. Many privacy experts consider this a loophole in the law, but at this point the only way to prevent sharing of data between affiliated firms is to make sure your accounts are all held at different companies.
There are a handful of web sites that can provide more information, sample opt-out letters, information on filing a complaint, etc.:
Digital Doug Home Digital Doug Archives
Subscribe to E-mail List