Financial Privacy Legislation May Lead to Simplified Notices; What Will the Effect be on Consumer Opt-outs?

by Jeff Sovern

In 1999, Congress enacted the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801 et seq., permitting financial institutions to disclose information about their customers provided they notified customers that they have the right to keep the information confidential. The result has been a flood of privacy notices. See W.A. Lee, Opt-Out Notices Give No One a Thrill, 166 Am. Banker Issue 131, at 1 (July 10, 2001) (more than a billion notices sent to consumers by that time). It appears that few consumers have opted out, with estimates running under ten percent, though little information on opt-outs has been available. Why have so few consumers opted out? Is it because few consumers actually care enough about the privacy of their financial information to opt-out? Or is it because consumers have so much difficulty wading through the notices? In that regard, critics have complained about the readability of the notices (though the Lee article cited above reports that an American Bankers Association telephone survey found that two-thirds of the consumers who said they had received the notices also said they read them), see John Schwartz, Privacy Policy Notices are Called Too Common and Too Confusing, N.Y. Times, May 7, 2001 at A1; Mark Hochhauser, Lost in the Fine Print: Readability of Financial Privacy Notices (2001), while some have implied that financial institutions prefer complicated forms. Here, for example, is an excerpt from a speech by Julie Williams, then-Acting Comptroller of the Currency, given on July 12, 2005:

[W]hen presented with the prospect of lessening burden and saving costs by providing a streamlined, short form privacy notice containing only certain key information – some in the industry seem to balk. Marketing departments get uneasy because simple and straightforward disclosure of a bank’s information sharing policies and an easy means for customers to opt out of that sharing might mean – that customers will actually understand those policies – and decide to opt out! The tension here is that shorter, focused consumer disclosures can meaningfully reduce regulatory burden, but, if they are done well, they will also empower consumers to make some decisions that a particular bank may not like.

(emphasis in original). Soon we may get a chance to find out whether and how consumers respond to simplified notices. Last fall Congress added a new subsection (e) to 15 U.S.C. § 6803, directing federal regulators to develop a model privacy disclosure form. Federal regulators presumably have no incentive to fashion a form that is more complex than necessary, and so, If we're lucky, the new form will be both short and comprehensible. While financial institutions will be under no obligation to use the model form, the statute offers them an incentive to do so by providing that those using the model form will be deemed in compliance with the statute. And if financial institutions prefer their own more complicated forms to the simpler form, that too will say something.