Watch your mail carefully for the next few weeks. Financial institutions
of all
kinds will be telling you, sometimes deviously, how much they care about
your
privacy.
After you stop snickering, start paying attention to what they say -- if
you can
understand the obscure language some of them will use -- and then take
some
defensive steps to limit the damage that a new federal law is doing to
everyone's privacy.
The Financial Services Modernization Act, as its sponsors named this creepy
piece of legislation, tore down the Depression-era walls that prohibited
some
kinds of financial institutions from owning other kinds. Insurance companies
couldn't own banks, for example.
There were good reasons for the previous policy -- to protect customers
--
but the powerful financial industry got the old law repealed. Bad idea,
but
money rules in Congress these days.
The lawmakers also looked at data privacy as they considered the bill.
As
you'd expect, they mostly did the money folks' bidding in this case, too.
The
act gave the up-and-coming financial conglomerates the right to share your
data among all companies under any single corporate umbrella. In other
words, your life insurer may soon be able to learn how you spend your money
using a credit card issued by a bank owned by the same corporate parent.
That was horrible, but the law also gave financial institutions the right
to pretty
much do as they pleased with your data outside their corporate families
--
unless you explicitly tell them not do share it.
By July 1, all financial institutions have to notify you of your minimal
privacy
rights. The way they're doing it, as you might expect, raises suspicions
about
how much they really want you to exercise those rights.
First, the privacy advisories are likely to look like junk mail or some
stuffer
that comes with your monthly bill. If you're like me, you tend to toss
out
direct-marketing mail and the extraneous stuff that shows up in monthly
bank
or credit-card statements. I'm sorry to say that we all need to examine
everything for the time being.
Second, institutions are cloaking the advisories as helpful new guides
and
services rather than compliance with federal law. The non-profit Privacy
Rights Clearinghouse (www.privacyrights.org), based in San Diego, faxed
me some examples. US Bancorp proudly declares its ``Consumer Privacy
Pledge'' while Wells Fargo and Wal-Mart's credit-card unit call it a ``Privacy
Policy.'' Invariably, they tell you how much they value your business and
your
privacy, but forget to note that they're telling you all this because the
new law
requires it.
Third, they're writing the policies in obscure ways. ``According to the
law,
these new financial-privacy notices are supposed to be written in a `clear
and
conspicuous' style,'' says a readability study commissioned by the Privacy
Rights Clearinghouse and posted on its Web site. ``This means that the
language used should be `reasonably understandable,' a term which is not
defined. But based on the readability statistics, none of these 17 notices
was
even close to meeting that criterion.''
Could it be that the financial institutions don't want you to know what
they're
doing? Or is it just the result of lawyers mucking with disclosure forms?
Either
way, customers need better disclosure.
I strongly advise you to look carefully for these notifications, and then
do
whatever it takes to inform the financial institutions that your data is
not theirs
to share. Remember, your inaction is their go-ahead to treat your information
as a commodity.
Note to readers: If you get a privacy notification that's especially
well-disguised or obscurely worded, please send me a copy. I'll create
a
gallery of the worst offenders and post it online.
SPEAKING OF OBFUSCATION: Microsoft's ``Passport'' system, which
authenticates users of Hotmail, Microsoft's Instant Messenger software
and
other products, is also designed to be the entry point to the ``Hailstorm''
world of pervasive Web-based services. But our favorite monopolist has
come under well-deserved fire for Passport's amazing ``Terms of Use,''
which
were so broadly favorable to the company as to be ludicrous.
These kinds of documents are common, and outrageous. They give customers
few rights, if any, and give sellers practically total license to sell
defective
goods with impunity.
In the Passport case, the terms of use could have been interpreted to mean
Microsoft had permission to use its customers' patents and other intellectual
property without reimbursement. After a furor, which began when the
Register (www.theregister.co.uk), an online publication, reported the terms,
Microsoft revised them, saying the document was out of date.
The terms are still not what you'd call consumer-friendly. And if you want
to
learn just how these kinds of terms get written, you may want to stop by
Stanford University this afternoon for a colloquium where Jack Russo, a
Silicon Valley lawyer who specializes in intellectual-property issues,
will
deconstruct the Microsoft document from several points of view.
Line up the 15 major points in the terms of use, Russo said Tuesday, and
look
at them from a consumer's side and Microsoft's side. ``They're 180 degrees
apart,'' said Russo, of Russo & Hale in Palo Alto.
The colloquium is open to the public. It starts at 4:15 p.m. today in the
NEC
Auditorium, which is located in -- you guessed it -- the Gates Computer
Science Building. It will also be available afterward in a streaming media
format (www.stanford.edu/class/ee380/).