Everyone has been getting them lately, and if you're the average American household, you've already received 15.
The "them" here is the often misleadingly titled "privacy policies" from banks, credit cards, insurance companies, mortgage providers and other financial companies. Buried beneath a host of confusing legalese is the bottom line: We reserve the right to sell and/or share information we have about you to telemarketers, credit card companies, spammers and others unless you tell us not to.
According to the Financial Modernization Act of 1999 (also called the Gramm-Leach-Bliley Act), all financial institutions must notify their customers of their privacy-keeping and privacy-compromising intents before Sunday.
More than a billion notices have been mailed, often requiring a law degree to penetrate the wherefores and therefores. However carefully or poorly worded the statements may be, though, the onus is ultimately on the consumer to tell the companies they do business with not to sell their personal data.
Consumer advocates Ralph Nader and Remar Sutton have set up a website, that provides a single basic form letter people can print out, sign and send to all their financial institutions -- probably the easiest "opt-out" option available.
Before President Clinton signed the GLB bill into law, Rep. Ed Markey (D-Massachusetts) and Sen. Richard Shelby (R-Arizona) authored a stronger bill that would prohibit the sale of personal data unless a consumer specifically "opted in" to do so. But lobbyists for the banks, mortgage firms and credit card companies called in their chips and put the burden on the consumer.
"The industry lobbyists threatened to walk away from the legislation if the Shelby-Markey opt-in was adopted," Nader wrote in a recent syndicated column. "The Clinton Administration and a bi-partisan majority in the Congress surrendered to the threats and left privacy protections to the financial industry's demand for a weak, ineffectual opt-out approach."
According to The American Banking Association's Consumer Guide to GLB, the new law mandates that all financial companies "disclose annually to all customers, in clear and conspicuous terms, its (sic) policies and procedures for protecting customers' nonpublic personal information."
But "clear and conspicuous" is evidently in the eye of the beholder.
For instance, one 1,000-word privacy statement could probably have been boiled down to the following excerpt: "We will not disclose any nonpublic personal information about you to any other third parties, except as permitted by law."
As David Vladeck of Public Citizen explained, "Most of these notices were drafted by lawyers trained in the art of obfuscation.
"If an informed consumer is really their goal, then they should really provide the consumer some real information. But the forms that are being distributed now give the lie to that argument. I just don't know anyone who would argue with a straight face that the kinds of notices being sent out in fact enable consumers to do anything other than roll it up and throw it into a trash can."
Yet even if a consumer responds to the legal miasma with a signed Nader/Sutton letter, they are only protecting themselves against the transfer of their private data to unaffiliated third parties. Data-sharing within a company or corporate conglomerate is one of those exceptions "permitted by law" under GLB.
"If you look at how far the tentacles reach within major financial institutions, there's no part of the economy that is not touched," Vladeck said. "If you have, say, your bank account with Citicorp, there are some 1,500 affiliated companies with which your data can be shared. And those companies do everything: mortgages, insurance, credit cards, school loans, auto loans. It's hard to overstate just how big a loophole that is."
Although it's been reported that consumers must send their opt-out replies by Sunday, only financial institutions are required to post their privacy policies by the end of the month. Consumers may in fact still opt out after Sunday.
Discuss this story on Plastic.com
Public: Take Our Privacy, Please
Hide Out Under a Security Blanket
