Banks balk at info-sharing provision in privacy law
Claim compliance with Calif. SB 1 will raise IT costs
Computerworld - Banks doing business in California are planning to appeal a recent federal court decision that lets the state enforce tough new provisions related to the sharing of customer information with affiliates.
The provisions are part of California's Financial Information Privacy Act, known as SB 1, which went into effect July 1. The law, which is hugely unpopular among financial service providers, requires banks to give customers the opportunity to opt out of cross-marketing programs in which their information is shared with affiliates such as mortgage and credit card companies.
Most financial companies in the state had expected that the affiliate sharing provisions in SB 1 would be preempted by existing guidelines in the federal Fair Credit Reporting Act of 1996, under which no such permission is required.
An attempt by the American Bankers Association, the Financial Services Roundtable and the Consumer Bankers Association to legally block the affiliate sharing provisions of SB 1 was rejected by a California Federal District Court judge in late June.
"We were certainly disappointed by that ruling," said Harvey Radin, a spokesman for Bank of America Corp. in New York. "The decision really makes it harder for our customers to do business with us." IT expenses associated with maintaining and processing customer preference information could contribute to increased costs, he added.
Under the law, companies have to send notices to all California-based customers and give them a chance to opt out of affiliate sharing. They must wait 45 days for replies. During that time, customer records have to be quarantined and can't be shared with others. Companies that share information with nonaffiliated third parties also need to get separate opt-in permissions.
From an IT standpoint, complying with the requirements means creating new database tables for recording information about when notices were sent out, when they were returned and a customer's preference, said Arshad Noor, CEO of StrongAuth Inc., an identity and compliance management company in Cupertino, Calif.
It also means putting policies in place "that spell out what business divisions need to do and a process for ensuring that they check this table before sharing any information with affiliates" and third parties, Noor said.
"Companies are making a huge effort to comply with the law. It caught a lot of them by surprise," said Fritz Elmendorf, vice president of communications at the Consumer Bankers Association. A lot of that group's members have "simply shut down cross-marketing activities" because they have not yet gone through the process of sending out notices, he said.
Notating the opt-out and opt-in selections on customer files "becomes complicated, time-consuming and expensive," given the separate systems that banks often maintain for mortgages, credit cards and deposit accounts, Elmendorf said. "Mergers often complicate this and compound it where there may be multiple systems in multiple states," he said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts