michael: If you check around there have been a lot of news stories written about this law. Until this law was passed, there were laws in place that separated banks from the insurance and securities industries. That is, your bank couldn't also be your stock broker or your insurance company. The main law creating this situation was called the Glass-Steagall Act, and was passed in 1933 right in the middle of the Great Depression. Speculation in the stock market by banks was a major cause of the stock market crash of 1929, and the goal of the law was to prevent another such crash. Scores of banks failed when their stock investments turned sour at the same time as depositors wanted their money out. When these three industries are combined into single corporate entities, society is putting all of its financial eggs into one basket - a crashing stock market leads to rising insurance claims and makes the bank insolvent precisely at the time that it needs to have lots of cash on hand. We as a society have learned this lesson, and due to this law, sometime in the future we will learn it again.
Fast-forward to the present. The Gramm-Leach-Bliley Act of 1999 got rid of most of those restrictions, freeing banks and securities firms and insurance firms to consolidate. Gramm, Leach and Bliley are three Republican Congressmen who have all received huge bribes (sometimes called campaign contributions) from the banking industry. Essentially, like the 1996 telecommunications law which paved the way for the return of Ma Bell (the seven Baby Bells have merged into four, while stifling all possible competition in any way possible), this law will eventually result in a financial services industry dominated by a very few mega-institutions. The law was written to override not only the old Federal law, but also state laws which would have prohibited these mergers. It was strongly supported by the Republicans and lightly supported by the Democrats, after massive lobbying from the banking and financial industries. The securities firms and insurance firms loved this, because "having a lot of money in your bank account" is a good indicator that you'd be willing to invest in the stock market, and now they can simply purchase the data from your bank, or better yet, merge with it, to get access. The banks loved it because insurance and securities represented new revenue streams that were previously untapped. Additionally, it allows all sorts of conflicts of interest - advising customers to buy stock in company A while the bank itself is selling it, etc. etc.
Anyway, one of the weak additions to the bill insisted on by Clinton were the provisions affecting privacy. In a nutshell:
- Banks can share any and all information about your financial doings with any corporation that they have a business relationship with or are otherwise associated with. They can sell anything they know about you - Social Security numbers, account numbers, who you write checks to, what you buy with your credit card, etc. A Washington Post column sums it up nicely.
- You can't opt-out of that.
- Banks can also share any and all information about your financial doings with anyone else.
- You can opt-out of that.
- But the business relationship mentioned at the start could be something like "We are in business with company X for the purpose of selling your financial information", so the exception totally swallows the rule.
- Ha-ha, you lose.
So now the deadline is approaching, and lots of financial institutions are sending out privacy notices as required by law. Some small percent of institutions are sending out opt-out notifications, allowing you to "opt-out". I believe that most institutions are not sending opt-out notices, because frankly, they don't need to - any use of your financial data can be covered under the no-opt-out-required if the bank sets it up properly. None of the several institutions I do business with provided me with any opportunity to opt-out, although all warned me that they would sell my financial information. Here's a direct quote from one:
"We do not share any personal information about you or our former members with third parties except as permitted or required by law, and as necessary for business purposes."
So they share my information "as permitted by law", for any business purpose. Translation: they promise not to violate the law, and to attempt to make money. Wow, what an incredible commitment to privacy. Of course, you might not get to this sentence if you only read the beginning of the notice, which starts out "[Bank] is committed to protecting the privacy of your personal information."
My guess is that very few of these notices contain any meaningful commitment to privacy. Read them carefully. If you get an opt-out notice, do it - it won't have any effect on what actually happens to information about your bank account, credit history, credit card purchases, etc., but the industry is using the low return rate of opt-out notices as a statement that customers don't care about privacy (when in fact, most people probably just throw away these tiny-print legalese forms). I don't really have any other advice - I very much doubt that you'll be able to locate any banking institution that would be reasonably convenient for you to deal with that will in any way respect your privacy.