American Civil Liberties Union
Center for Democracy and Technology
Consumer Federation of America 
Consumer Federation of California
Consumers Union
Eagle Forum
Electronic Privacy Information Center
Free Congress Foundation
Junkbusters, Inc.
National Consumers League
Neighbor To Neighbor
Privacy Rights Clearinghouse
Privacy Journal
Privacy Times
Utility Consumers' Action Network
U.S. Public Interest Research Group  

MAY 9, 2000 

The Honorable Alan Greenspan
Chairman
Board of Governors of the Federal Reserve System
20^th and C Streets, N.W.
Washington, D.C. 20551  

The Honorable Donna Tanoue
Chairman
Federal Deposit Insurance Corporation
550 17^th Street, N.W.
Washington, D.C. 20429  

The Honorable Lawrence Summers
Secretary
Department of the Treasury
1500 Pennsylvania Ave, NW
Washington, DC 20220  

The Honorable Ellen Seidman
Director
Office of Thrift Supervision
1700 G Street, N.W.
Washington, D.C. 20552  

The Honorable John D. Hawke, Jr.
Comptroller
Office of the Comptroller of the Currency
250 E Street, S.W.
Washington, D.C. 20219  

The Honorable Robert Pitofsky
Chairman
Federal Trade Commission
Room H-159
600 Pennsylvania Avenue, N.W.
Washington, D.C. 20580  

The Honorable Norman E. D'Amours
Chairman
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428  

The Honorable Arthur Levitt
Chairman
Securities and Exchange Commission
450 5th Street, N.W.
Washington, DC 20549-0609  

Dear Sirs and Madams:  

On behalf of the members of our broad coalition of organizations concerned with the privacy of citizens and consumers, and on behalf of all consumers of financial services generally, we are writing in response to confirmed reports that the several federal financial agencies may be delaying the compliance date of important new rules designed to implement the financial privacy provisions of Subtitle A of Title V of the Gramm-Leach-Bliley Act ("GLBA" or "the Act") (Pub. L. No. 106-102, codified at U.S.C. 6801 et seq.).  

As you know, our organizations and numerous others believe that the rules imposed by the Act do not provide consumers with adequate protection based on Fair Information Practices. We believe that companies should not have the right to share or sell confidential customer information for secondary purposes without informed opt-in consent. Nevertheless, we strongly support on-time implementation of the Act's rules effective November 2000 as an important step toward our goal of achieving full financial privacy protection for American consumers.  

Indeed, last week the President took the next step toward achieving our shared goal when he proffered his financial privacy protection plan to the Congress. The President's plan would close some of the loopholes in the Act and, importantly, establishes that all medical information and some sensitive financial information should be protected by a requirement of opt-in consent. The President's position that the Act is too weak is supported by many of your agencies and some of you have even testified to that effect before the Congress.  

Therefore, we find it unacceptable that you are now suggesting that the modest rules proposed by the Act would not be enforced until 15 months from now, instead of by November 2000. We are unalterably opposed to this proposal, which would allow financial institutions to fail to provide consumers with any notice regarding the institution's privacy policies and practices. Further, this proposal would delay providing customers their new opt-out rights to prevent having their financial information transferred to certain nonaffiliated third parties.  

We would note that the financial services industry has had ample notice and time to prepare for these new regulations. Indeed, the industry supported and argued for adoption of the Act that provides the statutory basis for your rules, arguing against the stronger privacy protections that a broadly bi-partisan group of legislators sought to enact either on the House floor or during the conference on the Gramm-Leach-Bliley Act. Following the enactment of the Act, the financial services industry repeatedly has cited the existence of these new requirements, and of your agencies' proposed rules, in arguing against adoption of additional financial protections - including those recently proposed by the President. In fact, as far back as November, Hjalma Johnson, the President of the American Bankers Association, issued a news release stating "During the first 100 days of 2000, I would like to see every bank in the country develop a formal privacy policy and make that policy publicly available - 100 percent of banks in 100 days, beginning January 1."  

We are hopeful that the financial industry's plan to delay and weaken these rules is not as successful with you as it has been with some state legislatures. Despite strong support for enactment of new privacy laws in several states, no state has yet taken advantage of the Act's provision allowing stronger state laws. In Washington State, for example, a strong privacy proposal went down to defeat only because industry convinced the legislature to "wait-and-see" how well the "tough" new law would be implemented by Washington, DC. Meanwhile, their cohorts in Washington, DC were apparently trying to convince you that they could not possibly offer consumers either the privacy disclosures or the modest right to opt-out of some third-party transactions by November 2000.  

The financial industry's demands to delay the privacy requirements of Gramm-Leach-Bliley are unacceptable and are not supported by the record.

• First, disclosure requirements are not new to the financial industry. Virtually every consumer financial law imposes disclosure requirements and the industry routinely complies with 180-day agency requirements. Typically, as is certainly true of this act's requirements, the regulations mirror the statutory language to such an extent that the true implementation period should be calculated from the date of passage, not the date on which the rules are published.
  
• Second, since 1997 the Fair Credit Reporting Act has required financial institutions to implement an opt-out system that only applies to some, not all, information. It is disingenuous for the industry to claim that they have no experience with applying opt-outs to some, but not all, information transfers, since they have been doing it already for three years.

We will be asking the Congressional committees of jurisdiction, as well as the bi-partisan Congressional Privacy Caucus, to examine the recommendation that your agencies grant these massive financial conglomerates a reprieve from rules they knew were coming and knew they could comply with. At a time when consumers are demanding more privacy protection, not less, it would be shocking if you endorsed this plan to delay giving consumers enforceable privacy rights.  

Thank you for your consideration of our views in this matter. We look forward to hearing from you.  

Sincerely,  

Greg Nojeim, American Civil Liberties Union
Deirdre Mulligan, Center for Democracy and Technology
Travis Plunkett and Jean Ann Fox, Consumer Federation of America
Sara Nichols, Consumer Federation of California
Frank Torres, Consumers Union
Phyllis Schlafly, Eagle Forum
Andrew Shen, Electronic Privacy Information Center
Lisa Dean, Free Congress Foundation
Jason Catlett, Junkbusters, Inc.
Susan Grant, National Consumers League
Shelley Moskowitz, Neighbor To Neighbor
Beth Givens, Privacy Rights Clearinghouse
Robert Ellis Smith, Privacy Journal
Evan Hendricks, Privacy Times
Jodi Beebe, Utility Consumers' Action Network
Edmund Mierzwinski, U.S. Public Interest Research Group