Privacy Rights Clearinghouse
Testimony of Beth Givens, Director
Assembly Banking and Finance Committee
Assembly Bill 1707, Assemblymember Sheila Kuehl
I am Beth Givens, director of the Privacy Rights Clearinghouse. We are one of 15 consumer groups supporting Assemblymember Sheila Kuehl's AB 1707. The two most critically important provisions of this bill are the disclosure requirement and the opt-in standard for the sharing of customer information with company affiliates and third parties.
I will make five points this afternoon, regarding: change, fraud, privacy, consumer benefits, and business costs.
1. Change. With the federal Financial Services Modernization Act, we are looking at a radical change in the way personally identifiable information is collected and used in the marketplace. Think about it. We are talking about the ability of three mega-industries being able to merge their customer information, each of which alone holds extremely sensitive information:
- Banking and credit - our payments for medical services, entertainment and recreation, political interests, charities we support, the list goes on.
- Insurance - records of healthcare usage, as well as home, life and automobile insurance.
- Brokerage firms - our investments and assets, whether or not we're risk takers, our vulnerability to get-rich quick schemes and the like.
All of this information can now be merged into a single data base - without our consent.
When such radical changes have been made in other industries in the past, consumer safeguards have been put in place by legislators at the state and federal levels.
- Look at California's electrical industry restructuring. The consumer protection bill contained disclosure, consumer education and privacy provisions.
- Look at the federal Telecommunications Reform Act of 1996. Local phone companies are not able to get into the long distance marketplace until certain criteria are met ensuring consumer protection.
- Look farther back 15 years ago to the deregulation of AT&T. We've seen massive consumer fraud and confusion because inadequate consumer safeguards were put in place then.-- namely, slamming and cramming. The Privacy Rights Clearinghouse jointly operates a consumer hotline with the Utility Consumers Action Network in San Diego. We still get calls on a daily basis from consumers who can's understand their phone bill, or who have been victims of slamming or cramming. And this is 15 years after deregulation.
Only the weakest of consumer safeguards have been enacted with the federal Financial Modernization Act, that being an opt out for third party sharing. The new law says nothing about consent for the sharing of customer data with affiliates. But - this law does enable states to enact stronger privacy laws, and that is why we are here today.
2. Fraud. When such radical changes are imposed on the marketplace, the result is often consumer confusion and fraud. We can see such instances recently.
- Nations Bank and its affiliated Securities company were fined nearly $7 million by the Securities and Exchange Commission for deceptively encouraging many bank customers into making risky investments in the unprotected environment of their Securities affiliate. Many of these individuals were seniors who lost considerable life savings. They did not understand that they were leaving the safety of their bank.
- Last summer, Pacific Charter bank sold credit card account numbers to a felon who then made hundreds of thousands of fraudulent entries on their credit cards to the tune of several million dollars in fraud. Pacific Charter did this without getting customer consent.
- The Minnesota Attorney General sued U.S. BankCorp for selling customer data like account numbers, account balances, Social Security numbers, etc. to Memberworks. That company in turn telemarketed services to customers and was able to debit their accounts directly for services many of them were not aware they bought.
What is needed when such radical changes as the merging of three industries are imposed on the marketplace? The go-slow approach, with adequate consumer education and adequate consumer safeguards in law and industry practices. That is why we are supportive of the disclosure and opt-in provisions of AB 1707.
3. Privacy and profiling. The Financial Modernization Act enables the unprecedented merger of sensitive consumer information. But do consumers really want such profiles developed without their consent? Polls and recent cases indicate No.
- A 1998 AARP poll found that 81%, or 4 out of 5, consumers opposed internal sharing of customer data by affiliates. Only 10% supported it.
- A 1998 Lou Harris poll found that 78% had refused a company their personal information for privacy reasons. 82% felt they had lost all control of their personal information.
- A 1999 Wall Street Journal poll found that the number one issue of concern to those surveyed was privacy, outranking even terrorism, education and other burning issues.
- Take a look at the uproar that has greeted the long form of the Census this year.
- Also, look at the controversy that met the merger of Doubleclick and Abacus, when their customer profile data bases were going to be merged without consent.
4. Consumer benefits. I would like to address some of the industry assertions of the so-called consumer benefits that would be lost if opt-in were required for affiliate and third party sharing.
Industry representatives have talked about the convenience of one-stop shopping, of merged statements, and of highly customized services. Granted, some customers are savvy enough about the pro's and con's of allowing the three industries to safely merge their customer data. But most are not. I hearken back to the results of telecommunications deregulation begun 15 years ago. The fallout from that process has been confusion and fraud.
The marketplace must be allowed to mature before opt out can provide adequate consumer safeguards.
Besides, we are not living in a time of scarcity of information. There has been a lot of discussion recently of the New Economy that is emerging now, fueled by the Internet. Information is abundant. The three merged industries have ample opportunities now to tell consumers about the customized services and one-stop shopping benefits of combining their data. Let consumers use this information to decide for themselves that they want their personal information used in a merged industry environment.
Again, let's give this radical new marketplace time to mature before putting an opt-out model into place. After al, we are not saying that information sharing should be outlawed. On the contrary, nothing in AB 1707 prevents information sharing among the three merged industries. IF the new breed of companies can make a good case for affiliate sharing and can offer adequate safeguards, consumers will flock to these services, fully informed.
Let the marketplace mature. The information abundance of the New Economy will ensure that these merged companies will get the word out just fine.
5. Business costs. Let me address industry concerns regarding supposed costs and business barriers of the opt-in approach. Industry representatives say that opt-in is too costly and will put up barriers to businesses that want to merge with each other and reach out to new customers. I ask, costly compared to what? These industries are currently very successful. There is no evidence that their current business models will not succeed in the future. What we are really talking about is that opt-in MAY mean their profits won't be as high as they could be if they have to take extra steps to inform customers of their consent actions. And I stress MAY. Remember this is the New Economy, the Internet Age.
Besides, it may be that some cost is to be expected ... in order to be able to use customer data in a merged system ... in order to ensure consumer safeguards ... in order to allow the time for the marketplace to mature. We are not saying opt-in has to be forever. There may be a time when there will be enough consumer awareness to shift to an opt-out model.
To conclude, having a bank account is a necessity for most individuals. Because of the sensitivity of customer information shared and merged across all three industries, and because of the consumer confusion and fraud potentials in such situations, we support AB 1707, in particular the opt-in and disclosure provisions.