March 29, 1999
OCC Describes Effective Practices for Complying with Privacy Provisions in Fair Credit Reporting Act
WASHINGTON — The Office of the Comptroller of the Currency issued guidance today that is intended to help banks comply with provisions of the Fair Credit Reporting Act governing the treatment of personal information.
"The guidance provides examples of practices being used by banks that we believe constitute effective ways of complying with the law," said Comptroller John D. Hawke Jr. "These are examples of approaches actually being used by national banks to convey meaningful information to their customers about the treatment of personal data."
Under the 1996 amendments to the Fair Credit Reporting Act, affiliated companies can share information obtained from sources such as consumer reports and applications, provided that they clearly and conspicuously disclose their intention to do so and that they permit customers to "opt out" of having their information shared.
Although the law itself does not impose specific requirements regarding the placement or content of the opt-out notice and does not dictate that consumers be given convenient methods to opt out, the OCC guidance notes that banks have a special interest in addressing the privacy needs of their customers.
"Maintaining customer trust that the relationship should remain confidential is an essential component of banking relationships and banks continually rely on the willingness of customers to provide extensive confidential information," the advisory letter notes.
The advisory letter emphasizes that there are a number of ways banks can make their FCRA disclosures clear and conspicuous. One way is to provide notice in a stand-alone document. If the notice is included with other information, devices such as boxes, bold or colored type or underlining can be used to highlight the notice.
"As part of its FCRA notice, one bank provides a telephone number its customers can call with questions about information sharing and opt out," the OCC advisory notes.
Banks also have many options for giving customers convenient opportunities to opt out. They can, for example, include detachable opt-out forms as part of the affiliate information sharing notice. Some banks allow customers to opt out by telephone or through electronic means, such as through the bank's Internet site.
The advisory concludes by noting that "at a time of growing public sensitivity and concern about the treatment of personal information, this type of meaningful communication may enhance customer confidence and trust in their financial institutions."
- Advisory Letter 99-03 (PDF)