In early June 1999, Minnesota Attorney General Mike Hatch filed a lawsuit against Minneapolis-based U.S. Bancorp, alleging that the bank illegally released private customer information to a telemarketer.
According to Hatch’s complaint, U.S. Bank violated the federal Fair Credit Reporting Act, engaged in consumer fraud, and practiced deceptive advertising. Hatch said in a media release that the bank had provided private customer information—including credit card account numbers, checking account numbers, credit insurance status, finance charges, account balances, birth dates, Social Security numbers, transactions, credit limits, marital status, occupation, and homeownership status—to Stamford, Connecticut-based telemarketer MemberWorks, Inc. In exchange, the bank is alleged to have received US$4 million plus a twenty-two percent commission on each sale. About one million people in eighteen states are affected by the bank’s actions.
Hatch alleges that U.S. Bank encouraged MemberWorks to deceive customers during telemarketing sessions. U.S. Bank also, according to Hatch, broke banking laws by allowing MemberWorks to automatically withdraw funds from customer checking accounts via bogus, unauthorized charges.
Federal and state statutes require all banks to publish privacy policies that state how customers’ personal information will be used, who has access to that information, and if the bank intends to disclose the information to anyone else. According to Hatch’s complaint, U.S. Bank’s privacy policy, printed in its U.S. Bank Customer Agreement, says “We share your concerns about the privacy of your personal information and strive to maintain its confidentiality.” There is no disclosure in the agreement that indicates the bank will reveal confidential information to any third party.
Federal law does not currently prohibit banks from selling customer information. That’s something Hatch would like to see addressed in new legislation. In this case, according to Hatch, U.S. Bank violated the Fair Credit Reporting Act by violating the bank’s own privacy disclosure statement.
As of mid-June 1999, the House Commerce Committee was considering two pieces of proposed legislation that would prohibit the selling of bank customer information and require enforceable privacy policies. Proposed legislation that would allow financial institutions including banks, insurance companies, and brokerage houses to merge and share customer information easily passed the House and Senate banking committees in early 1999. Then privacy issues began to register on the nation’s collective radar and President Clinton asked both parties to strengthen financial privacy protection statutes. Two days before Hatch filed his complaint, the U.S. Comptroller of the Currency warned the banking industry that it would face new regulation if it didn’t protect customer privacy.
“People are appropriately careful about protecting their Social Security number, checking, and credit card information,” said Hatch in a media release. “When a bank hands out this information to the highest bidder, it has to answer to its customers and to the Attorney General’s Office.”
U.S. Bancorp public relations director Donn Waage denied Hatch’s charges, telling the Minneapolis Star Tribune, “We are not selling information out there. We are working with these companies in a cooperative arrangement and we don’t think that is the same thing.”
Waage’s statement would lead a reasonable observer to conclude that U.S. Bank may have sold its customers’ personal information to additional third parties in addition to MemberWorks. Ironically, Waage identified several other U.S. Bank “marketing partners” including Barnes & Noble, Hilton Hotels, and H & R Block.
0 responses. Comments closed for this article.