Privacy Notices Aim for Easy Reading: But Will Investors Read Proposed New Disclosures?
May 7, 2007
How many regulators does it take to develop a clear, easy-to-read privacy notice?
So far, eight federal agencies and all 50 state insurance commissions have been asked to weigh in on the proposed financial privacy notice, which is meant to replace the standard, small font, multi-fold notices written in that dialect of the English language affectionately known as "legalese."
A prototype of the new form was released in March. Financial institutions have been asked to comment by May 25.
"The main challenge is educating people overall, and to level the playing field," said Loretta Garrison, senior attorney at the Federal Trade Commission in Washington.
The effort to re-jigger privacy notices stems from last year's Financial Services Regulatory Relief Act, which is meant to help financial institutions-from thrifts to commercial banks, to investment companies-cope with some of the regulations set forth in the 1999 Gramm-Leach-Bliley Act. That law required institutions to notify their customers about what personal information each collects and whether that information is then shared with other institutions or affiliates. The notice must also give customers the opportunity to request that certain data not be exchanged. Companies are required to furnish these notices to new customers, and then annually until the relationship is severed.
"In 2001, these notices magically appeared in people's mailboxes," Garrison said. But the benefit to clients remained unclear. "Consumers didn't know what they were and didn't know what to do," she said.
Companies, meanwhile, griped about the time they took to prepare, and the cost of this added disclosure, which demands the forms be sent annually in envelopes separate from other documents, even if no information is ever shared, or policies do not change.
As recently as last month, U.S. Rep. Peter Roskam (R-Ill.), introduced legislation to amend the 1999 law to exempt companies that do not share information with their affiliates from sending the notice annually.
Meanwhile, U.S. Rep. Nydia Velazquez (D-N.Y.) last month introduced a law that, among other provisions, would provide the same relief to community banks.
As important as informing consumers about financial institutions' privacy policies is, said Kleinmann Communication Group President Susan Kleinmann, the notices are too opaque and daunting. Rather than read them, people often just toss them in the trash, she told attendees at Insight Forums' Financial Communications Forum in Boston last month.
"Policy becomes quite meaningful to the consumer when it becomes meaningful to the organization itself," said Kleinmann, who has been working with the FTC and other agencies in developing the new prototype form.
The goal was to take the formidable forms and turn them into easy-to-read documents with white space, bullet points and plain English. Sometimes, she said, that means kicking the lawyers out of the room.
The draft form was tested among 44 consumers of varying degrees of financial literacy and with various types of relationships with financial institutions, in eight major cities, including Boston, Austin, Texas, Baltimore and St. Louis, she said. Although they had all received privacy notices in the past, few understood that they had options, and appreciated the idea that the institution they relied on seemed to want to make complex policies clear to them. Results from even such a tiny sample are telling, she said.
The new document is two-and-one-half pages long, including a half-page opt out form at the back. The first page includes a chart at the top explaining to customers why they are receiving the form, what information a company may collect and how that information might be used. Beneath is a table that lists reasons an investment company might use personal information: for marketing, everyday business, to assist their affiliates' everyday business purposes or for joint marketing ventures. The table shows whether the institution uses the data for those purposes, followed by a column showing whether investors can limit that use.
Page two includes more background on the law: how often the notices come, how information is collected, how it is protected and why consumers cannot limit all uses. At the bottom are definitions of terms, such as "affiliate" and "everyday business purposes."
The guidelines call for companies to use font no smaller than 10 point, and while color and company logos are acceptable, they should not interfere with the text, Garrison said. Although using this new form will not be mandatory, companies that do, and that follow all the accompanying guidelines, are guaranteed a legal safe harbor.
That can mean quicker compliance exams and, for small fund shops especially, perhaps lower development costs, since federal authorities will create a downloadable fill-in form, Garrison said.