Report: Banks, Mortgage Firms Fail Online Privacy Test

The study found that mortgage companies and big banks are the worst offenders, with some apparently violating legal standards, and others making it difficult or impossible for consumers to opt out of information-sharing programs.

Out of 100 banks studied, 22 provide customers with consumer-friendly ways of keeping their personal information from being shared with other companies, according to the report.

While most banking Web sites make it simple for customers to open accounts, pay bills and conduct other financial transactions online, it is usually not as simple to keep personal information private, the report said. Thirty-four of the banks studied acknowledged that they share information with unaffiliated parties, but provide no online options for controlling privacy.

Failure to Give Notice

The center said several mortgage companies do not inform customers of their privacy practices, which is a "direct violation" of a banking law that went into effect July 1st. CDT said it has written to the companies and will file a complaint with the U.S. Federal Trade Commission (FTC) if there is no response.

CDT associate director Ari Schwartz said the report presents a "mixed picture" of financial institutions' online privacy practices.

"Some banks are leading the field in offering customers the choice they are demanding regarding privacy," he said. "Others are making it difficult for customers to opt for privacy, while many are taking coverage under exceptions in the law that allow them to share customer data without offering any opt-out."

Best and Worst

Among the best sites, according to the report, is First Union, which provides a secure site for customers to remove information and includes a toll-free number for assistance.

In contrast, Community First requires customers to call a toll-free number to get opt-out forms sent to them by regular mail. The customers must then fill out those forms and mail them back, CDT said.

Two big banks, Comerica and Mellon, require customers to print out forms and mail them in, while Greenpoint Financial requires separate opt-out steps for each of its business units, the report said.

Loopholes in Banking Act

Privacy continues to rank among the biggest concerns consumers have about e-commerce, the report noted.

"Over a quarter of Americans who have gone online have used the Internet to bank or invest," CDT said. "Given that such a large number of people fear improper use of their personal information, many have begun to wonder if current safeguards of financial information are adequate."

CDT said there are also "large holes" in the law limiting information sharing. The newly enacted Gramm-Leach-Bliley Act allows companies to share information about customers with their own affiliates and joint marketing partners.

"Given the size of corporate families in today's economy, the number of firms that may legally exchange information with each other is immense," the report said.

Too Much Work?

CDT said it spoke with the chief privacy officers of some of the institutions to find out why their policies varied so widely. Among the reasons given: The law gives no incentive for banks to make opt-outs convenient, many institutions lack the technology to offer an integrated opt-out system, and a system that was too easy for consumers to use would overwhelm customer-service personnel with requests to process.

"The inconsistency in online implementation of financial privacy rules need(s) to be addressed," the CDT report said. "We hope that companies will recognize that their customers care about privacy, and we urge the industry to offer online opt-outs" as part of their standard policy.