Have you received a privacy notice in the mail recently? If you ever reviewed the privacy notices that you likely received, you will have noticed that they look remarkably similar. The reason is because in December 2009, the Federal trade Commission adopted a model privacy notice that many banks, credit card companies and other financial service businesses utilize.
Under the Model Notice, companies are required to indicate whether or not they share a customer’s personal information. Reasons why companies would share information include:
- For everyday business purposes – such as to process the customer’s transactions, to maintain the customer’s account, to respond to court orders and legal investigations or to report to credit bureaus.
- For marketing purposes – to offer customer’s products and services of the company
- For joint marketing with other financial companies
- For affiliates’ everyday business purposes For affiliate marketing – to offer customer’s affiliates products and services
If the company states that information is shared, the notice would also indicate whether a customer can opt-out of the sharing.
The second page of the Model Privacy Notice provides information about why the financial institution collects information from its customers, how the institution protects that information and why all sharing cannot be limited. In addition, the second page of the Notice defines terms found in the notice, including what is an affiliate and non-affiliate and what does joint marketing mean.
Generally, an affiliate is companies that are related by common ownership or control. Importantly, affiliates can include both financial and non-financial companies. For example, an affiliate of Bank of America would include Banc of America Mortgage Capital Corporation, Merrill Lynch Alternative Investments LLC and Newport Insurance Company, all companies owned by the bank. On the other hand, non affiliates are companies that are completely unrelated. Finally, joint marketing is a formal agreement between nonaffiliated financial companies that jointly market financial products or services to customers.
The Model Privacy Notice has been designed to provide customers with clear notification of what information is maintained on them and how they can limit that information. Why is this important? Data brokers are increasingly purchasing customer information and selling the information for profit. As noted in a recent BusinessWeek article, individuals have been placed on certain medical condition data lists even though they did not suffer from the listed medical condition. The article discusses the story of Dan Abate.
Dan Abate doesn’t have diabetes, nor is he aware of any obvious link to the disease. Try telling that to data miners. The 42-year-old information technology worker’s name recently showed up in a database of millions of people with “diabetes interest” sold by Acxiom (ACXM), one of the world’s biggest data brokers. One buyer, data reseller Exact Data, posted Abate’s name and address online, along with 100 others, under the header Sample Diabetes Mailing List. It’s just one of hundreds of medical databases for sale to marketers.
If a customer does not want to their information shared and sold to any wiling purchaser, the customer must know their rights. While usually overlooked, the Privacy Notice provides customers all the information they need to know about whether their information will be shared and if so, how can they opt-out of that sharing of information.
About the author: Andrew P. Bolson, Esq. is an attorney with Meyerson, Fox, Mancinelli & Conte, P.A. in Montvale, New Jersey. Andrew’s practice focuses on commercial and estate litigation, business law, real estate law, estate planning and privacy and Internet law.