CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Internet

Web banks come up short on privacy

For all their convenience, most online banks fail to accommodate consumers wanting to keep their personal financial information private, a new study says.

For all their convenience, most online banks fail to accommodate consumers wanting to keep their personal financial information private, according to a study released Wednesday.

In addition, several online mortgage companies don't disclose privacy policies, violating a recent financial reform law, according to a report from the Center for Democracy and Technology (CDT), a Washington, D.C.-based activist organization. The group says it plans to file a complaint with the Federal Trade Commission, which enforces the privacy rules, if no changes are made at these institutions.

The study highlights an apparent contradiction in the industry. Financial institutions increasingly offer a variety of services online to make banking more convenient for customers. But the majority has yet to provide the same flexibility for "opting out" of data-sharing practices. Most banks require consumers to write or to call special phone numbers to prevent their personal information from being shared with third parties.

"This report shows a very mixed picture," said CDT Associate Director Ari Schwartz. "Some banks are leading the field in offering customers the choice they are demanding regarding privacy. Others are making it difficult for customers to opt for privacy, while many are taking coverage under exceptions in the law that allow them to share customer data without offering any opt out."

Such practices create a hurdle for consumers as they increasingly head online for banking services. Traffic to online banks grew by 77.6 percent between July 2000 and July 2001, according to a report issued Wednesday by Jupiter Media Metrix, a Web measurement and analysis company. That compares with only 19.8 percent growth in overall Web use in the same period.

The studies come nearly two months after a financial reform law set new safeguards for consumer privacy. The Gramm-Leach-Bliley Act, which went into effect July 1, requires financial institutions to let consumers opt out of sharing nonpublic personal information with other companies.

The law was meant to require banks, mortgage companies, insurance companies, credit-card issuers, financial planners and tax preparers to "protect against hazards or unauthorized access" to their customers' personal information.

 CNET Radio
Avivah Litan, Gartner Group VP and Research Director joined CNET Radio to discuss the report "A Slow Confusing Start to Giving Customers Control Over Their Information," released by the Center for Democracy and Technology. We asked Avivah Litan if there is validity to this report from the CDT. (5:44)  
• Play clip
To comply, most institutions blanketed consumers with privacy notices and information about how to opt out of data-sharing practices earlier this year. However, the CDT study showed that of more than 100 online banks surveyed, only 22 percent give consumers a simple means of keeping personal information from other companies. Instead, they force consumers to call or to write letters to prevent sharing.

Schwartz said another concern comes from banks sharing customer information within internal divisions and among affiliates. The Gramm-Leach-Bliley Act does not require banks to provide an opt out for sharing with affiliates and "marketing partners," which CDT and others consider a loophole in the law.

About 82 percent of the financial institutions surveyed gave consumers little or no control over affiliate data sharing.

In addition, many of the larger banks online offer the least number of privacy options. Nearly half give little or no means for customers to prevent data sharing.

Other banks had good report cards, however. Internet Bank and First Union were among the financial institutions that gave consumers superlative privacy protections, according to the CDT report. Internet Bank promised not to share consumer data without consent or offered an "opt in" policy; and First Union gave customers a Web site to remove personal data from affiliate sharing.

The CDT report, "Online Banking Privacy: A Slow, Confusing Start to Giving Customers Control Over Their Information," is a summons for legislators and federal regulators to monitor banks' practices more closely. It is also intended to encourage online banks to comply with privacy provisions.

Before the Gramm-Leach-Bliley Act went into effect, legal experts predicted many online companies would find themselves in violation of the financial privacy rules amid widespread uncertainties over their scope. The uncertainty prompted a belated flurry of notification efforts from several companies offering services that might fall under the law.

"Confusion is definitely a part of this. There are so many different practices out there, and some of them are good--but most are not," Schwartz said.