What Is the Gramm-Leach-Bliley Financial Services Modernization Act of 1999 And How Does Information Sharing Affect Your Privacy?


Congress passed, and the President signed on 12 October 99, sweeping new legislation creating powerful, one-stop financial supermarkets. The law had long been sought by the financial industry. It allows banks, insurance companies and investment companies (stocks and bonds) to merge, or affiliate, together into holding companies. The bill, numbered S. 900, and called the Gramm-Leach-Bliley Financial Services Modernization Act, unfortunately legalizes Orwellian privacy intrusions into our daily financial lives, with virtually no consumer protections.

How Does The New Law’s Information Sharing Provision Work And What Is Happening on July 1st? Since at least 1997, banks and other financial firms have shared your confidential experience and transaction information with their affiliates and with telemarketers. The new law’s modest privacy provisions provide that banks and other financial institutions must provide a notice of their information sharing policies and a limited right to opt-out (say no) to some sharing, by July 1st, 2001, or lose the right to continue that sharing. The law was designed to give companies the benefits of information sharing, without really protecting consumers. Under the law, companies can share all your "experience and transaction information" from your account relationship, with any of their affiliates, even if you say no. The law even allows companies to share this information with some third parties, as if they were affiliates, even if you say no. The law gives you only a limited right to "opt-out" or say no to information sharing with non-affiliated third parties, such as some telemarketers. Nevertheless, opting-out is still worth doing to prevent telemarketers from ruining your life. See below.

What is Experience and Transaction Information? How much money do you have in the bank? Who owns your accounts jointly? What do you buy with your credit card – airline tickets, medical expenses, beer? What is your Social Security Number? What is your account number? How much do you have in the bank’s investment affiliate accounts in what kinds of stocks? How much life insurance do you have? These are all types of experience and transaction information generated from your account relation with a financial institution. Your medical records are protected by a separate law when held by hospitals, doctors or HMOs, but not from affiliate sharing when held by insurance companies affiliated with banks.


Why is financial privacy important? Besides leading to more unwanted junk mail and telemarketer calls and credit card cramming, privacy invasions and information sharing could lead to denial of insurance or loans. Privacy invasions also lead to expensive rip-offs, identity theft and stalking. Here are some examples of recent privacy invasions. The new law will slow rip-off #1, but do nothing about rip-off #2. If a recent court decision is upheld, it may slow identity theft and stalking.



In December 2000, Minnesota Attorney General Mike Hatch sued Fleet Mortgage, affliliated with the big bank holding company, FleetBoston: "The suit accuses the company of sharing customers' home mortgage account numbers and other personal information with telemarketers. The suit also alleges that Fleet actively participated with these companies in a deceptive telemarketing program aimed at Fleet's mortgage customers."

In June 1999, Minnesota sued US Bank for allegedly selling customer information (social security numbers, credit card and checking account numbers, as well as detailed account-related information, including how and where you use your credit card, how much money was in each of your accounts, etc) to a telemarketer, which made deceptive calls to customers and stuck them with the bill for junky products they did not want; the bank pocketed a cool $4 million plus a 22% commission.

In the settlement reached with US Bank, the company agreed to tougher rules than what Congress did. The bank agreed to give consumers an opt-out from all inside-the-bank sharing and outside-the-bank sharing or selling of information. Congress merely gave consumers disclosure for inside sharing and most outside selling and sharing, and a loophole-ridden opt-out for some outside sharing and selling.


On 19 April 2000, the state settled with the third party telemarketer the bank used, Memberworks. The suit was filed after General Hatch had already filed and settled a suit with US Bank (see above).  In the complaint against MemberWorks, Hatch alleged the company used consumersâ personal financial information, such as checking account or credit cards numbers, account balances, addresses and phone numbers, to conduct direct mail and telemarketing campaigns to Minnesota consumers on behalf of US Bank. According to its filings at the SEC, in 1998, Memberworks had contracts with 19 of the 25 largest banks in the country. Recently, US Bank settled with 39 other state attorneys general.


In 1998, NationsBank (since merged with Bank of America) was fined $7 million for securities law violations of sharing customer info with its subsidiary affiliate, NationsSecurities. The affiliate convinced low-risk customers to buy uninsured, high-risk investments, and many senior citizens lost portions of their life savings.


Banks share experience and transaction information, but also share Social Security Numbers. On the positive side, federal regulators have determined that Social Security Numbers are non-public personal information that cannot be shared by financial institutions if consumers exercise their right to opt-out under the new law. Banks had been sharing names, addresses and Social Security Numbers of customers with credit bureaus, which subsequently sold this information to internet information brokers, private detectives, and debt collectors. Most experts believe the sale of these products, known as credit headers, leads to financial identity theft and stalking. Up to 500,000 Americans a year are victims of identity theft. In 1999, New Hampshire resident Amy Boyer became the first known victim of an Internet stalker, who killed her after finding her on the Internet.

In April, a U.S. judge upheld the new law. Since the banks failed to give consumers notice of this particular sharing, they’ve lost the right to share, and all consumers are protected from future sharing. The credit bureaus, of course, are appealing.

Legislative Fight Leads To Ongoing Bi-Partisan Privacy Caucus in Congress and Helps Create Privacy Coalition.

The Financial Services Modernization Act was debated against a backdrop of privacy nightmares. Following revelations about financial privacy invasions by banks, their telemarketers, and their affiliated stockbrokers, privacy champions from both major parties led a fierce, but unsuccessful fight in committees and on the House floor to add strong opt-in privacy protection to the bill. Under their defeated amendments, companies would not be able to share with either affiliates or third parties, until you said yes. In the House Banking Committee, champion Jay Inslee (D-WA) narrowly missed passing stronger protections. In the House Commerce Committee, champions Ed Markey (D-MA) and Joe Barton (R-TX) actually passed a stronger privacy amendment, but House leadership would not allow their amendment to be debated on the floor. In the Senate, efforts by champions Richard Shelby (R-AL) and Paul Sarbanes (D-MD) were stymied by pro-industry, although Senator Sarbanes succeeded in conference committee in amending the bill to allow stronger laws to be considered in state legislatures.

A broad coalition of organizations supported bi-partisan efforts to strengthen that bill. The coalition includes consumer groups such as U.S. PIRG, Consumer Federation of America and Consumers Union, civil liberties groups such as the ACLU, privacy groups such as the Electronic Privacy Information Center, and family organizations such as the Free Congress Foundation and Eagle Forum. That group continued as the Privacy Coalition and expanded its scope. The coalition continued to work with Senators Shelby, Sarbanes and Chris Dodd (D-CT) and Representatives Markey and Barton and others to pass real privacy protection bills.

When their efforts to amend S. 900, the Financial Services Modernization Act, failed in 1999,, these members formed a Privacy Caucus and introduced new tough bi-partisan bills to protect consumer privacy. In the House, in 2000, Reps. Markey and Joe Barton (R-TX) introduced HR 3320 and in the Senate, Sen. Shelby introduced S. 1903. Both bills would require banks to obtain your affirmative consent (opt-in), before sharing your confidential account information either with inside bank affiliates or with outside third parties. We are working with Sen. Shelby and Reps. Markey and Barton to re-introduce these bills in 2001.

For More Information

Financial Privacy from the Privacy Rights Clearinghouse