January 20, 2022

News

News Network

Consumer Privacy: Better Disclosures Needed on Information Sharing by Banks and Credit Unions

16 min read
<div>Banks and credit unions collect, use, and share consumers' personal information—such as income level and credit card transactions—to conduct everyday business and market products and services. They share this information with a variety of third parties, such as service providers and retailers. The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide consumers with a privacy notice describing their information-sharing practices. Many banks and credit unions elect to use a model form—issued by regulators in 2009—which provides a safe harbor for complying with the law (see figure). GAO found the form gives a limited view of what information is collected and with whom it is shared. Consumer and privacy groups GAO interviewed cited similar limitations. The model form was issued over 10 years ago. The proliferation of data-sharing since then suggests a reassessment of the form is warranted. Federal guidance states that notices about information collection and usage are central to providing privacy protections and transparency. Since Congress transferred authority to the Consumer Financial Protection Bureau (CFPB) for implementing GLBA privacy provisions, the agency has not reassessed if the form meets consumer expectations for disclosures of information-sharing. CFPB officials said they had not considered a reevaluation because they had not heard concerns from industry or consumer groups about privacy notices. Improvements to the model form could help ensure that consumers are better informed about all the ways banks and credit unions collect and share personal information. Excerpts of the Gramm-Leach-Bliley Act Model Privacy Form Showing Reasons Institutions Share Personal Information Federal regulators examine institutions for compliance with GLBA privacy requirements, but did not do so routinely in 2014–2018 because they found most institutions did not have an elevated privacy risk. Before examinations, regulators assess noncompliance risks in areas such as relationships with third parties and sharing practices to help determine if compliance with privacy requirements needs to be examined. The violations of privacy provisions that the examinations identified were mostly minor, such as technical errors, and regulators reported relatively few consumer complaints. Banks and credit unions maintain a large amount of personal information about consumers. Federal law requires that they have processes to protect this information, including data shared with certain third parties. GAO was asked to review how banks and credit unions collect, use, and share such information and federal oversight of these activities. This report examines, among other things, (1) what personal information banks and credit unions collect, and how they use and share the information; (2) the extent to which they make consumers aware of the personal information they collect and share; and (3) how regulatory agencies oversee such collection, use, and sharing. GAO reviewed privacy notices from a nongeneralizable sample of 60 banks and credit unions with a mix of institutions with asset sizes above and below $10 billion. GAO also reviewed federal privacy laws and regulations, regulators' examinations in 2014–2018 (the last 5 years available), procedures for assessing compliance with federal privacy requirements, and data on violations. GAO interviewed officials from banks, industry and consumer groups, academia, and federal regulators. GAO recommends that CFPB update the model privacy form and consider including more information about third-party sharing. CFPB did not agree or disagree with the recommendation but said they would consider it, noting that it would require a joint rulemaking with other agencies. For more information, contact Alicia Puente Cackley at (202) 512-8678 or CackleyA@gao.gov or Nick Marinos at (202) 512-9342 or MarinosN@gao.gov.</div>

What GAO Found

Banks and credit unions collect, use, and share consumers’ personal information—such as income level and credit card transactions—to conduct everyday business and market products and services. They share this information with a variety of third parties, such as service providers and retailers.

The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide consumers with a privacy notice describing their information-sharing practices. Many banks and credit unions elect to use a model form—issued by regulators in 2009—which provides a safe harbor for complying with the law (see figure). GAO found the form gives a limited view of what information is collected and with whom it is shared. Consumer and privacy groups GAO interviewed cited similar limitations. The model form was issued over 10 years ago. The proliferation of data-sharing since then suggests a reassessment of the form is warranted. Federal guidance states that notices about information collection and usage are central to providing privacy protections and transparency. Since Congress transferred authority to the Consumer Financial Protection Bureau (CFPB) for implementing GLBA privacy provisions, the agency has not reassessed if the form meets consumer expectations for disclosures of information-sharing. CFPB officials said they had not considered a reevaluation because they had not heard concerns from industry or consumer groups about privacy notices. Improvements to the model form could help ensure that consumers are better informed about all the ways banks and credit unions collect and share personal information.

Excerpts of the Gramm-Leach-Bliley Act Model Privacy Form Showing Reasons Institutions Share Personal Information

Federal regulators examine institutions for compliance with GLBA privacy requirements, but did not do so routinely in 2014–2018 because they found most institutions did not have an elevated privacy risk. Before examinations, regulators assess noncompliance risks in areas such as relationships with third parties and sharing practices to help determine if compliance with privacy requirements needs to be examined. The violations of privacy provisions that the examinations identified were mostly minor, such as technical errors, and regulators reported relatively few consumer complaints.

Why GAO Did This Study

Banks and credit unions maintain a large amount of personal information about consumers. Federal law requires that they have processes to protect this information, including data shared with certain third parties. GAO was asked to review how banks and credit unions collect, use, and share such information and federal oversight of these activities. This report examines, among other things, (1) what personal information banks and credit unions collect, and how they use and share the information; (2) the extent to which they make consumers aware of the personal information they collect and share; and (3) how regulatory agencies oversee such collection, use, and sharing.

GAO reviewed privacy notices from a nongeneralizable sample of 60 banks and credit unions with a mix of institutions with asset sizes above and below $10 billion. GAO also reviewed federal privacy laws and regulations, regulators’ examinations in 2014–2018 (the last 5 years available), procedures for assessing compliance with federal privacy requirements, and data on violations. GAO interviewed officials from banks, industry and consumer groups, academia, and federal regulators.

What GAO Recommends

GAO recommends that CFPB update the model privacy form and consider including more information about third-party sharing. CFPB did not agree or disagree with the recommendation but said they would consider it, noting that it would require a joint rulemaking with other agencies.

For more information, contact Alicia Puente Cackley at (202) 512-8678 or CackleyA@gao.gov or Nick Marinos at (202) 512-9342 or MarinosN@gao.gov.

News Network

  • Tajikistan Independence Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Alabama Man Sentenced to Prison for Tax Evasion
    In Crime News
    An Alabama man was sentenced to serve 12 months in prison for tax evasion, Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Prim Escalona for the Northern District of Alabama announced today.
    [Read More…]
  • Cameroonian Citizen Extradited from Romania to Face Covid-19-Related Fraud Charges
    In Crime News
    A citizen of Cameroon was extradited to the U.S. yesterday to face federal charges for his alleged involvement in a fraud scheme perpetrated against American consumers.
    [Read More…]
  • Sint Maarten Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Native American Youth: Agencies Incorporated Almost All Leading Practices When Assessing Grant Programs That Could Prevent or Address Delinquency [Reissued with revisions on Aug. 27, 2020.]
    In U.S GAO News
    The Departments of Justice (DOJ), Health and Human Services (HHS), the Interior (Interior), and Education (Education) administered at least 38 grant programs from fiscal years 2015 through 2018 that could have helped prevent or address delinquency among Native American youth. These agencies made about $1.9 billion in awards to grantees through these programs during this period. These agencies incorporated almost all of the leading practices GAO identified for performance measurement or program evaluation when assessing the performance of selected grant programs. For example, HHS's Administration for Children and Families (ACF) incorporated 13 of the 14 leading practices for performance measurement but did not fully assess grantee data reliability for one of its programs. By developing a process to assess the reliability of grantee data contained in the annual performance reports that tribal recipients submit, ACF could obtain further assurance that it has an accurate representation of grantee performance. GAO also found that Interior's Bureau of Indian Education (BIE) did not conduct formal data reliability checks on performance data that grantees report and did not always collect performance reports from grantees in a timely manner for one of its programs. By developing a process to assess the reliability of a sample of grantee performance data and taking steps to alert grantees when they are late in submitting performance reports, BIE could better ensure that grantees are complying with the terms and conditions of the grant program and better understand how the program and its grantees are performing. Officials in all 12 interviews with tribes or tribal consortia GAO interviewed cited risk factors that contribute to juvenile delinquency in their communities. Number of Interviews in Which Tribal Officials Cited Risk Factors Contributing to Juvenile Delinquency Note: The figure includes the most common risk factors tribal officials cited for juvenile delinquency. While tribal officials cited restrictions placed on federal grant funding, difficulty communicating with program staff, and challenges hiring and retaining staff as barriers to implementing federal programs, they also identified promising practices, such as executing culturally relevant programs, for preventing or addressing juvenile delinquency. Federal and other studies have noted that exposure to violence and substance abuse make Native American youth susceptible to becoming involved with the justice system. GAO was asked to examine federal and tribal efforts to address juvenile delinquency and the barriers tribes face in doing so. This report examines (1) federal financial assistance targeting tribes that could prevent or address juvenile delinquency; (2) the extent to which federal agencies assess the performance of selected grant programs and incorporate leading practices; and (3) the juvenile delinquency challenges tribes report facing. GAO identified relevant grant programs during fiscal years 2015 through 2018—the most recent data available when GAO began the review. GAO analyzed documents and interviewed agency officials to determine how they assessed grant program performance and conducted interviews with 10 tribes and two tribal consortia to discuss challenges with delinquency. GAO is making three recommendations, including that relevant HHS and Interior offices develop a process to assess the reliability of tribal grantee performance information and that an Interior office take steps to alert grantees that are late in submitting progress reports. Interior concurred with the two recommendations. HHS disagreed with GAO's recommendation. GAO clarified the recommendation to HHS and continues to believe it is warranted. For more information, contact Gretta L. Goodwin, (202) 512-8777, or GoodwinG@gao.gov.
    [Read More…]
  • United States – Iceland Economic Partnership Dialogue
    In Crime Control and Security News
    Office of the [Read More…]
  • Alabama Salesman Sentenced to Prison for Tax Evasion
    In Crime News
    A Hoover, Alabama, salesman was sentenced to 24 months in prison yesterday for tax evasion, announced Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Prim F. Escalona for the Northern District of Alabama.
    [Read More…]
  • Operation Legend: Case of the Day
    In Crime News
    A Bates City, Missouri, man was charged in federal court after law enforcement officers seized nearly two dozen firearms and illegal drugs from his residence.
    [Read More…]
  • Coldspring man gets life in postal carrier death case
    In Justice News
    A 45-year-old rural [Read More…]
  • Two Iranian Nationals Charged for Cyber-Enabled Disinformation and Threat Campaign Designed to Influence the 2020 U.S. Presidential Election
    In Crime News
    An indictment was unsealed in New York today charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. Presidential election.
    [Read More…]
  • Keynote Address of Deputy Attorney General Jeffrey A. Rosen on Combatting Fraud in the Age of COVID-19 at the BBB National Programs NAD 2020 Conference
    In Crime News
    Remarks As Prepared For [Read More…]
  • U.S.-Japan Security Consultative Committee (“2+2”) Meeting
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Border Security: CBP Has Taken Actions to Help Ensure Timely and Accurate Field Testing of Suspected Illicit Drugs
    In U.S GAO News
    What GAO Found U.S. Customs and Border Protection (CBP) has policies and procedures for its officers and agents to test substances that they suspect are illicit drugs—referred to as a presumptive field test. Field officials that GAO spoke with said these policies and procedures provide sufficient guidance for conducting presumptive field testing. The policies and procedures address various topics, such as approved and recommended types of test equipment, use of the equipment, training, and requirements for documenting illicit drug seizures. They also address laboratory confirmation of field test results (confirmatory testing), which U.S. Attorney's Offices require for federal prosecution. GAO found that CBP's Office of Field Operations and U.S. Border Patrol conducted at least 90,000 presumptive field tests associated with an arrest from fiscal year 2015 through 2020. The average time for CBP to complete confirmatory testing across its labs decreased from 100 days in calendar year 2015 to 53 days in calendar year 2020, as of September 2020. This occurred while the total number of requests for confirmatory testing increased from about 4,600 in calendar year 2015 to about 5,600 in calendar year 2020, as of September 2020. With regard to accuracy, CBP officials have taken initial steps to upgrade the software system used to document confirmatory test results. This should provide CBP with information on the extent to which presumptive field test results align with confirmatory test results. Average Time to Complete Confirmatory Testing and Number of Requests for Confirmatory Testing Processed Across all U.S. Customs and Border Protection (CBP) Laboratories, Calendar Year 2015 through September 24, 2020 CBP has taken a number of actions to help ensure timely and accurate field drug testing, including: Identifying, testing, and deploying test equipment. For example, CBP tested multiple types of chemical screening devices to determine their performance and capabilities to detect fentanyl at low purity levels. Enhancing presumptive and confirmatory field testing capabilities by building permanent onsite labs and deploying mobile labs in certain field locations. Providing round-the-clock access to chemists who help interpret presumptive field test results. Why GAO Did This Study Within the Department of Homeland Security, CBP reported seizing approximately 830,000 pounds of drugs in fiscal year 2020. When CBP officers and agents encounter suspected illicit drugs, they conduct a presumptive field test. A positive test result is one factor CBP uses to establish probable cause for an arrest or seizure. GAO was asked to review issues related to CBP's field drug testing. This report examines (1) CBP's policies and procedures for testing suspected illicit drugs in the field; (2) available data on CBP's field drug testing; and (3) CBP's efforts to help ensure timely and accurate test results. GAO analyzed CBP data on presumptive field testing and laboratory confirmation of results from fiscal year 2015 through 2020; reviewed related policies and procedures; and interviewed CBP officials in five states at land, air, and sea ports of entry, Border Patrol stations and checkpoints, and CBP labs. GAO selected these locations to include varying levels of drug seizures, among other factors. For more information, contact Rebecca Gambler at (202) 512-8777 or gamblerr@gao.gov.
    [Read More…]
  • The Bahamas Travel Advisory
    In Travel
    Do not travel to The [Read More…]
  • Local tax preparer charged with fraudulently filing tax returns
    In Justice News
    A local man who had [Read More…]
  • Assistant Attorney General Beth A. Williams Delivers Opening Remarks at the Federalist Society, Colorado Lawyers Chapter Panel Discussion: “Reviewing the Supreme Court’s 2019/20 Term”
    In Crime News
    Thank you for that kind introduction, Will, and for the invitation to join you today. Though I wish I could join you in person, even at this distance, it is a great pleasure to be here with you all.
    [Read More…]
  • Two Arrested in Los Angeles for Their Roles in Hospice Fraud Conspiracy
    In Crime News
    Two California hospice facility owners were arrested today in Los Angeles on criminal charges related to their alleged participation in a kickback and health care fraud scheme.
    [Read More…]
  • The United States Opposes the ICC Investigation into the Palestinian Situation
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Tax Cuts and Jobs Act: Future Rulemaking Should Provide Greater Detail on Paperwork Burden and Economic Effects of International Business Provisions
    In U.S GAO News
    What GAO Found GAO's interviews with officials representing eight selected U.S.-based companies revealed considerable uncertainty in how the international business provisions of Public Law 115-97—commonly known as the Tax Cuts and Jobs Act of 2017 (TCJA)—may be affecting business planning decisions. Some companies reported making specific changes, such as moving intellectual property back to the U.S. in response to a new deduction for income earned from certain foreign-derived sales of property or services attributed to assets located in the U.S. Preliminary studies on another provision taxing net income earned by foreign subsidiaries exceeding a specified threshold of certain assets hypothesized that this provision could encourage moving tangible property outside the U.S. Other business representatives emphasized the importance of nontax factors in business planning decisions, such as entering foreign markets where executives believe potential customers may be located. The Department of the Treasury (Treasury) and the Internal Revenue Service (IRS) proposed eight regulations and finalized six of them to implement four international provisions of TCJA between December 2017 and October 2020 (the most current information available at the time of GAO's review) and used guidance to supplement the regulations. The agency generally complied with legal requirements for issuing regulations and offered public comment opportunities for some guidance. However, Treasury and IRS did not fully address expectations set in government-wide guidance related to Paperwork Reduction Act (PRA) burden estimates, economic analysis requirements for regulations, and public comment on significant guidance: IRS generally did not provide specific estimates of the incremental paperwork burden of TCJA's international regulations and instead estimated the total burden for all business tax forms. The Office of Information and Regulatory Affairs' PRA guide says agencies should estimate the time and money required for an information collection. GAO's interviews with representatives of selected companies show why it is important for IRS to consider burden because representatives reported challenges, such as gathering required information from foreign subsidiaries. Anticipated economic benefits and costs of Treasury's and IRS's regulations were generally not quantified. An executive order requires agencies to provide such information to the extent feasible for regulations with the largest anticipated economic effects. As a result, Treasury and IRS made important decisions about regulations, such as whether to allow foreign military sales to be eligible for a U.S. deduction, without more specific information about the potential economic effects. IRS did not provide an opportunity for public comment before issuing revenue procedures related to TCJA's international provisions. The Office of Management and Budget identified ensuring public comment opportunities for significant guidance when appropriate as a leading practice that agencies should follow. The President recently directed a government-wide review of agency guidance processes. Why GAO Did This Study TCJA made sweeping changes to taxing U.S. corporations' international activities: (1) a transition tax on untaxed overseas earnings of foreign subsidiaries that accrued prior to 2017; (2) a tax on the net income earned by foreign subsidiaries exceeding a specified threshold of certain assets; (3) a deduction for income from certain foreign-derived sales of property or services exceeding a specified threshold of certain assets; and (4) a tax on certain payments made to a related foreign party referred to as base erosion payments. GAO was asked to review IRS's implementation of TCJA and early effects of the law. This report: (1) describes how TCJA's international provisions may be affecting U.S.-based corporations' international business activities; and (2) assesses IRS's and Treasury's development of relevant regulations and guidance to implement the provisions. GAO interviewed representatives from eight companies' tax departments randomly selected from among the 100 largest U.S.-based companies and compared relevant regulations and guidance against procedural requirements.
    [Read More…]
  • Securing, Stabilizing, and Developing Pakistan’s Border Area with Afghanistan: Key Issues for Congressional Oversight
    In U.S GAO News
    Since 2002, destroying the terrorist threat and closing the terrorist safe haven along Pakistan's border with Afghanistan have been key national security goals. The United States has provided Pakistan, an important ally in the war on terror, with more than $12.3 billion for a variety of activities, in part to address these goals. About half of this amount has been to reimburse Pakistan for military-related support, including combat operations in and around the Federally Administered Tribal Areas (FATA). Despite 6 years of U.S. and Pakistani government efforts, al Qaeda has regenerated its ability to attack the United States and continues to maintain a safe haven in Pakistan's FATA. As the United States considers how it will go forward with efforts to assist Pakistan in securing, stabilizing, and developing its FATA and Western Frontier bordering Afghanistan, it is vital that efforts to develop a comprehensive plan using all elements of national power be completed and that continued oversight and accountability over funds used for these efforts are in place.This report provides background information on Pakistan; the status of U.S. government efforts to develop a comprehensive plan; and information on the goals, funding, and current status of U.S. efforts to use various elements of national power (i.e., military, law enforcement, development and economic assistance, and diplomacy) to combat terrorism in Pakistan. The scope of this report does not include the plans, goals, operations, activities, and accomplishments of the intelligence community.
    [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.