Report: Banks, Mortgage Firms Fail Online Privacy Test

Most financial-service Web sites fail to give users appropriate options for protecting the use of their personal financial information, according to a report released Wednesday by the nonprofit Center for Democracy and Technology (CDT).

The study found that mortgage companies and big banks are the worst offenders, with some apparently violating legal standards, and others making it difficult or impossible for consumers to opt out of information-sharing programs.

Out of 100 banks studied, 22 provide customers with consumer-friendly ways of keeping their personal information from being shared with other companies, according to the report.

While most banking Web sites make it simple for customers to open accounts,pay bills and conduct other financial transactions online, it is usually notas simple to keep personal information private, the report said. Thirty-fourof the banks studied acknowledged that they share information with unaffiliated parties, but provide no online options for controlling privacy.

Failure to Give Notice

The center said several mortgage companies do not inform customers of their privacy practices, which is a “direct violation” of a banking law that went into effect July 1st. CDT said it has written to the companies and will file a complaint with the U.S. Federal Trade Commission (FTC) if there is no response.

CDT associate director Ari Schwartz said the report presents a “mixed picture” of financial institutions’ online privacy practices.

“Some banks are leading the field in offering customers the choice they are demanding regarding privacy,” he said. “Others are making it difficult for customers to opt for privacy, while many are taking coverage under exceptions in the law that allow them to share customer data without offering any opt-out.”

Best and Worst

Among the best sites, according to the report, is First Union, which provides a secure site for customers to remove information and includes a toll-free number for assistance.

In contrast, Community First requires customers to call a toll-free number to get opt-out forms sent to them by regular mail. The customers must then fill out those forms and mail them back, CDT said.

Two big banks, Comerica and Mellon, require customers to print out forms and mail them in, while Greenpoint Financial requires separate opt-out steps for each of its business units, the report said.

Loopholes in Banking Act

Privacy continues to rank among the biggest concerns consumers have aboute-commerce, the report noted.

“Over a quarter of Americans who have gone online have used the Internet to bank or invest,” CDT said. “Given that such a large number of people fear improper use of their personal information, many have begun to wonder if current safeguards of financial information are adequate.”

CDT said there are also “large holes” in the law limiting information sharing. The newly enacted Gramm-Leach-Bliley Act allows companies to share information about customers with their own affiliates and joint marketing partners.

“Given the size of corporate families in today’s economy, the number of firms that may legally exchange information with each other is immense,” the report said.

Too Much Work?

CDT said it spoke with the chief privacy officers of some of theinstitutions to find out why their policies varied so widely. Among thereasons given: The law gives no incentive for banks to make opt-outsconvenient, many institutions lack the technology to offer an integratedopt-out system, and a system that was too easy for consumers to use would overwhelmcustomer-service personnel with requests to process.

“The inconsistency in online implementation of financial privacy rulesneed(s) to be addressed,” the CDT report said. “We hope that companies willrecognize that their customers care about privacy, and we urge the industryto offer online opt-outs” as part of their standard policy.