Prepared Remarks to the Interagency Public Workshop entitled "Get Noticed: Effective Financial Privacy Notices"

Get your thoughts noticed by sending them to Privacilla!

Home > Past Releases and Reports > Prepared Remarks to the Interagency Public Workshop entitled "Get Noticed: Effective Financial Privacy Notices"

Prepared Remarks of Jim Harper, Editor of Privacilla.org, to the Interagency Public Workshop entitled "Get Noticed: Effective Financial Privacy Notices"
December 4, 2001

It's a pleasure to be here and I want to congratulate Toby Levin from the Federal Trade Commission and all the people who worked so hard to put together today's workshop.

Briefly, let me make a disclaimer that I always try to make when I speak about privacy. In addition to editing Privacilla, I represent clients before Congress. None of them have any privacy issues, but almost every issue touches on privacy in some way and I do advise companies on privacy from time to time. So watch for bias on my part as you would with any privacy advocate.

At Privacilla, we try to sort out some fundamental questions, like "Gee, what is privacy anyway?" I think the answers might help us communicate about privacy with consumers.

The number one problem with the privacy issue is that the word "privacy" is used to describe so many different concerns with the modern world. You can call something a privacy notice, and some people are going to think it's about spam, some people will think it's about identity fraud, some people will think it's about security, and so on, and so forth.

The thing that I think would be most helpful in giving effective notice under the Gramm-Leach-Bliley Act would be to drill down and be accurate on what the notices are really about. And answer the question, "What's this got to do with me?" That might just keep some notices from hitting the trash quite so quickly.

Our read of the GLB notice requirements is that they mostly have to do with a version of privacy called "freedom from marketing." But it's not complete freedom from marketing. It's freedom from accurate marketing.

If you opt-out and you're young, you might start getting offers to purchase annuities. If you opt out and your poor, you might start to hear about tax shelters or private banking services in Antigua.

Freedom from accurate marketing may be privacy to some people, and those may be the small percentage of people who apparently opted-out. So this tiny minority of consumers has benefited from the Gramm-Leach-Bliley notice and opt-out requirements.

It should be obvious that the number of opt-outs is the wrong measure of success for these notices. I do think, though, that the agencies should come up with a measure for success of this program and make it a part of their planning documents under the Results Act. We need to get an idea as citizens of what we are getting for all the spending and the billions of dollars in regulatory costs.

People are obviously thinking about standardizing privacy policies, and looking to nutrition labels as a sort of guide. I have a link on Privacilla to a beautiful set of CDC charts that show what has happened to obesity levels in the United States since around the time nutrition labeling began. I want to caution you: the graphs are very fattening.

So we should ask how we have done as social engineers in the past before we go down that road again. If privacy under Gramm-Leach-Bliley is going the direction of healthy eating, I think we ought to opt out.

Not all the news on privacy is bad. Let me put forward an example of communications along these same lines but in a different industry that do what we would like the Gramm-Leach-Bliley notices to do. Earthlink is running television ads that illustrate in a hard-hitting, visceral way why they are a better ISP than other ISPs that share information. It's a market-based response to perceived consumer concern with privacy. This ad is funny. If it wins Earthlink market-share, good for Earthlink and good for consumers. If Earthlink guesses wrong, the whole ISP industry doesn't have a regulatory albatross around its neck.

Gramm-Leach-Bliley moved us away from the system that today is pitting ISPs against each other to deliver privacy on the terms consumers want it. Financial services companies are obviously spending their resources on compliance rather than competition, and consumers are worse off for it

The model to follow is the unregulated model that allows ISPs to compete against each other on privacy in whatever way they think they can get to consumers. Putting companies in competition to deliver privacy will get us there. Regulation and deadening uniformity will not.