|
Introduction
My first privacy expertise was in the area of financial services. I worked
extensively on banking regulation issues when in practice during the late
1980s, my early teaching and scholarship focused in that area, and I am a
past President of the American Association of Law Schools Section on
Financial Institutions and Consumer Financial Services. My views on
financial privacy as of 2002 are contained in
"The Surprising Virtues
of the New Financial Privacy Law." This page is split between: (1) my
academic work on financial privacy before entering government; (2) financial
privacy in 1999 and 2000, when I served as Chief Counselor for Privacy for
the Clinton Administration; and (3) events since January, 2001.
My Academic Work on Financial Privacy Before Entering Government
As I shifted my research interest to the law of cyberspace during the 1990s,
financial services became the area where I could develop and test my ideas.
In 1997, to support this research, I was selected as an Ameritech Faculty
Fellow to conduct research on "The Role of Law in Assuring Financial
Privacy."
At a conceptual level, my 1997 paper on
"The Uses and Limits of
Financial Cryptography: A Law Professor's Perspective" comes first. It
explores the extent to which purely technological solutions can ensure
financial privacy. The answer is that cryptography and other technologies
can do a fine job at getting data from Point A to Point B while making it
difficult or impossible for hackers to read the data. These technologies,
however, offer little help in protecting onward data flows from the bank
employee who is authorized to see the data. Something other than technology
is needed if we wish to prevent the bank, or the bank employee, from
disclosing that data to someone else.
The question then becomes which data flows from financial institutions are
advantageous or instead should be limited. My 1999 paper on
"Financial Privacy and the
Theory of High-Tech Government Surveillance" asks what it would be like
if the government had a complete dossier of every purchase you ever made in
life. This government surveillance would have advantages such as reducing
money laundering and fraud on government benefit programs. Total financial
surveillance would also, however, raise serious concerns. The paper thus
uses financial privacy as a way to explore more general questions about the
advantages and disadvantages of new surveillance technologies.
Related issues arise from the flow of sensitive financial data within the
private sector. (Indeed, the subpoena power of government means that records
held in the "private" sector are usually readily available to the
government.) The chapter on financial services in the 1998
Brookings book indicates the complexity of trying to regulate data flows
in the financial area. At this stage I was also trying to determine the
extent to which a
law-and-economics approach to contracts would provide the level of financial
privacy in the private sector that individuals desired. I wrote a 1997
paper on
"Markets, Self-Regulation, and Government Enforcement in the Protection of
Personal Information" as part of this research effort about how to
decide what combination of markets, self-regulation, and government rules
would be appropriate to get the benefits of data flows while also protecting
personal privacy. As explained in my 2002 article, I now
think there are serious enough market failures to require significant
legislation for financial privacy.
Financial Privacy During My Time in the Clinton Administration
My 2002 article
gives a detailed history of how and why Title V of the Gramm-Leach-Bliley
Act of 1999 became law. Many of the documents from this period are available
at the Presidential Privacy Archives, and some additional material is cited in
a draft article from
early 2000 that has not been formally published. In my role as Chief
Counselor for Privacy, and building on my background as a banking law
professor, I was privileged to be part of the Administration's team during
consideration of this bill.
In May, 1999 President Clinton supported financial privacy protections in what I
believe was the first presidential event in history focused on the
protection of personal privacy. The Administration's views were most clearly
set forth in testimony by Treasury Undersecretary Gary Gensler that summer. I had the
somewhat delicate task of trying to explain the
Administration's position to a major meeting of the American Bankers
Association.
The Administration worked with Congress from May through the tortuous
process that culminated in the signing of the bill in November, 1999. At the
signing, President Clinton said that the Treasury Department, the National
Economic Council, and the Office of Management and Budget (where I worked)
would prepare legislation the next year to complete the unfinished business
on financial privacy protection.
President Clinton announced the new proposal in the spring of 2000. (speech
- fact sheet -
bill language)
I was very involved (along with many others) in the drafting of the bill,
and gave speeches to industry and other audiences explaining its rationale.
A portion of the
bill was
passed by the House Financial Services Committee, but no financial privacy
legislation passed in 2000.
On a separate topic, OMB, Treasury, and the Department of Justice released a report in January, 2001 on privacy and bankruptcy records. It turns out
that bankruptcy records contain a good deal of sensitive financial
information, including Social Security numbers and current bank account
numbers. Along with advantages of putting bankruptcy records up on the
Internet, therefore, there are risks of identity theft and theft from those
bank accounts. Writing this study offered an opportunity to look at the
broader issue of electronic access to public records, in a context that was
both federal (most public records are held by the states) and concerned
financial information (which is more sensitive than many other types of
personal information).
Financial Privacy After January, 2001
From this writing in the summer of 2002, financial privacy is likely to be a
lively topic in coming years. Senator Sarbanes re-introduced the Clinton
Administration financial privacy bill in 2001. Initial studies found that
online banks, for instance, have not done a terribly good job of
implementing the 1999 law. (CDT
study - my statement). The state of North Dakota had the first referendum on
financial privacy protection, and a decisive majority of over 70%
voted
for stricter rules. Some of my observations on these issues are in a
spring, 2001 interview called
"Peter
Swire on Privacy, Pay Phones, and Strong Crypto."
As discussed in my
"2002 article, financial privacy proposals in the state legislatures
create an incentive for industry to seek new federal legislation that would
preempt stricter state laws. This incentive is heightened by industry desire
to reauthorize the Fair Credit Reporting Act in 2003, and the pending
expiration of the preemption provision in the FCRA reform law passed in
1996. With industry having significant reasons to want federal legislation,
and with privacy advocates pushing for rules that are stricter than Gramm-Leach-Bliley,
we can see ingredients for a legislative battle in 2003.
Statutes
Fair
Credit Reporting Act
Relevant Publications
"The Surprising Virtues
of the New Financial Privacy Law," Minn. L. Rev. (forthcoming, 2002).
"None of Your
Business: World Data Flows, Electronic Commerce, and the European Privacy
Directive." Co-authored with Robert E. Litan, Brookings Institution
Press (1998).
"Financial Privacy and the
Theory of High-Tech Government Surveillance," 77 Wash. U. L.Q. 461
(1999)
"The Uses and Limits of
Financial Cryptography: A Law Professor's Perspective," chapter in the
proceedings of Financial Cryptography '97 (Springer-Verlag, 1997).
Other Resources
"CLINTON-GORE PLAN TO ENHANCE CONSUMERS' FINANCIAL PRIVACY: PROTECTING CORE
VALUES IN THE INFORMATION AGE", April 30, 2000
Office of the
Comptroller of the Currency (OCC)
Federal Trade Commission (FTC)
|
