FTC Seeks Input on Revisions to Credit Card Data Privacy Guidelines

Computerworld - The Federal Trade Commission (FTC) has issued a request for public comments about a proposed set of data privacy guidelines that would affect companies looking to share credit records and other consumer information with affiliated businesses.

The proposed revisions to the Fair Credit Reporting Act (FCRA) include requirements such as making sure individuals are notified about such data-sharing arrangements and are given the ability to opt out of having their personal information transferred from one company to another.

James Grady, an analyst at Giga Information Group Inc. in Cambridge, Mass., said the FTC is proposing the privacy guidelines partly because of the growth of affiliate marketing programs that link e-commerce Web sites operated by different online retailers.

"Privacy groups and activists have sounded the alarm, accusing a lot of these companies of forming affiliate relationships as a way of getting around privacy restrictions," Grady said.

The guidelines clarify how the FCRA applies to firms that aren't traditional credit-reporting organizations, such as banks and credit card companies. FTC spokesman Howard Shapiro said the revisions are primarily aimed at retailers—although he wouldn't comment on whether the commission is targeting e-commerce sites.

Notifying Web Shoppers

The five members of the FTC voted unanimously to post the proposed guidelines in the Federal Register and to open a public comment period that's scheduled to run through the end of this month. According to the proposal, online shoppers and other Internet users must be given the right to opt out whenever a company shares transactional data or other personal information with its affiliates.

The FTC said its guidelines are similar to proposed regulations issued by a group of federal banking agencies that includes the Federal Reserve System's board of governors, the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency and the Office of Thrift Supervision. The guidelines also match the privacy provisions of the Gramm-Leach-Bliley Act that Congress approved in 1999 to deregulate the financial services industry, the commission added.

Opting Out The FTC said opt-out notices or links must: Be labeled appropriately and placed on Web pages that users frequently access, such as those where transactions are completed. Include text or visual clues to encourage users to scroll down the page if that’s necessary in order to view the entire notice. Be free of other elements, such as graphics or audio components, that could distract attention from the text of the notice itself.