When opening an account with any financial institution, you are required to provide personal information, ranging from your date of birth to social security number to your address.
Once your account becomes activated, you receive a Privacy Notice in the mail, which most likely is tossed in the garbage. But why is this little brochure sent to you?
With the push to conserve paper, most banks, such as Chase, place their Privacy Notices online. In recent years, as technology has developed, obtaining a Privacy Notice electronically has become more accessible and you can view the notice before setting up an account with a particular institution.
Privacy Notices became mandatory by Gramm-Leach-Bliley Financial Modernization Act of 1999 in order to protect the rights of consumers. The Act mandates that companies must give consumers privacy notices explaining the institution’s information-sharing practices, and also express whether or not a consumer can limit that sharing. The Federal Trade Commission is in charge of enforcing that law.
It is important to note that not all sharing can be limited.
What information is shared?
Most people disregard the privacy notice, but given the rise of identity theft and the controversy surrounding the NSA’s alleged credit card hack, it is important to be informed on what is or isn’t legal regarding information-sharing. The FTC gives a privacy notice template on their website.
After your account is opened, the company will usually share your information 30 days after mailing you the privacy notice. Thirty days is the “reasonable-amount” of time needed to opt-out of specific information sharing.
Some of the things that can be shared about you include:
- Social security number
- Account balances and payment history
- Credit history and credit score (creditworthiness)
- Address and phone number
- Daily transactions
Depending on the financial institution, more of your information could be revealed. Although it is illegal for financial institutions to sell your information, sharing your information is important for their business operations.
Your information is shared internally and with affiliates and non-affiliates. Affiliates are companies related by control or ownership, and non-affiliates are outside companies. The companies can be financial or non-financial in nature. Companies share your information with both parties in order to market to you. Your family demographic can be another piece of shared information. For instance, Luvs may send you coupons for diapers, but you didn’t register with them.
Rarely does this sharing result in negative ramifications, other than an exhaustive supply of junk mail.
Opting-Out and What’s Illegal
As mentioned before, you are lawfully entitled to opt-out of some, but not all of this information sharing. For the most part, you cannot opt-out of internal information sharing; meaning, if the reason is for banks’ everyday business purposes, marketing purposes, or affiliated purposes (with only information about transactions and experiences being shared), you cannot limit this sharing at most banks.
However, you can limit sharing of information from your credit report (creditworthiness) with affiliates and their ability to directly market to you. In many cases you can opt-out of your bank-sharing information with non-affiliates. Some banks don’t share with non-affiliates and will state that. There is no overarching opt-out button for all your accounts.
Some banks, like Chase, allow you to opt-out online, but you can also call your bank and ask to be directed.
Remember, banks are not allowed to sell information about you to the government or to any party. If you suspect your information is being sold or used for anything other than marketing reasons, you should contact the Federal Trade Commission.
Banks only share your information with the federal government if there is an open investigation. In the case of the NSA’s alleged misconduct, they were accused of unlawfully extracting information from international accounts without financial institutions’ permission or knowledge. If this is true, it was an invasion of customers’ privacy, and therefore unlawful.
This allegation may lead to new laws surrounding the privacy of customers’ financial information in relation to the federal government. The Privacy Rights Clearinghouse Fact Sheet 24 sums up your rights and how to protect yourself.