GLBA, FERPA, NPRA and others are among the many that can potentially impact debtor, creditor and 3rd party collectors alike. In order for debtors and their advocates to remain on the cutting edge of adversiarial relations with creditors and 3rd party collectors one must remain abrest of all such new developments and how the courts react to these changes in the laws. One should always remember that reading of the laws is not sufficient for the simple reason that the courts must always rule on the law before one can know what the law is. In the case of GLBA and FERPA and other new legislation, much time will have to pass before the regulatory powers have ruled and the courts have ruled on their validity and correctness of application. We are rapidly approaching January 1, 2002 which is the date upon which FTC must make conclusions about how GLB will be administered and to whom all it will apply. It will take at least six months or more for their rulings to take full force and effect and then more time for the courts to rule on their applicability and legality. While it is quite clear that banks and all lending institutions fall under the auspices of FTC and GLB by the following exerpt from GLB commentaries, it yet remains to be seen how this will affect others such as 3rd party collectors. But first of all let us look at GLB and see what it has to say about those who are now clearly defined as falling under the auspices of GLBA -------------------------- The FTC declined the request made by commenters that it publish a definitive list of entities that will be subject to the FTC Privacy Rule. Instead, the FTC Privacy Rule refers the public to the list of activities contained in the FRBâ??s regulations set forth at 12 C.F.R. §§ 225.28 and 225.86(a). The FTC did, however, expand its listing of examples of entities that would be considered to be financial institutions. The list attempts to adapt many of the activities that the FRB has determined are closely related to banking to a non-banking context. It includes (i) a retailer that extends credit by issuing its own credit card directly to consumers,12 (ii) personal property or real estate appraisers, (iii) an auto dealer that regularly leases automobile on a nonoperating basis for more than 90 days, (iv) a career counselor for employees in financial occupations, (v) a check printing business, (vi) a business that regularly wires money to and from consumers, (vii) a check cashing business, (viii) an accountant or other tax preparation services that is in the business of completing income tax returns, (ix) a business that operates a travel agency in connection with financial services,13 (x) a business that provides real estate settlement services, (xi) a mortgage broker, and (xii) an investment advisory company or a credit counseling service. ----------------------------------- Since the above have been clearly denoted as having to comply with GLB then we can safely assume that many more will be included. It is interesting indeed to note that even check cashing services are included and that can provide interesting insights into who else might or might not be included, we need only look at the following exerpt from GLB. ------------------------------------- In its proposed rule, the FTC asked for comment on a standard to determine whether an entity is significantly engaged in financial activities such that it would be deemed to be a financial institution. Some commenters expressed concern that the test was too imprecise to let businesses know whether they were within the definition. In its final rule the FTC declined to define "significantly engaged." It found the revenue tests proposed by commenters to be too inflexible. Instead, the FTC included in the final rule several examples of situations that would not cause an entity to be significantly engaged in financial activities and, thus, not deemed to be a financial institution. For example, a merchant is not a financial institution if it offers customers "lay away" or deferred payment programs, if it accepts payment in the form of cash, checks or credit cards it did not issue, or if it allows a customer to write a check larger than the amount of purchase and to get cash back. -------------------------------------- Can anyone say "obfuscation?" While it can be argued that a bank or lending institution is not a merchant in the normal sense of the word, do they sell things such as promotional packages, various types of insurance, watches, statues or other merchandise? If so, do they accept payment in the form of cash they did not issue? checks they did not issue? credit cards they did not issue? I seriously doubt that any of them fail to accept payment in the form of cash they did not issue. And yes, I realize that in raising that point I am being facetious at best, but it does point out that there are a lot of ambiguities that must yet be resolved and the fact that there is still a lot of doubt and confusion on this issue and not only on the part of the debtor. Obviously then, the application of Title V of the GLBA to non-traditional financial institutions and the blurring of commerce and financial services that is taking place on the Internet will surely raise a series of interpretative questions and reflects the difficulty faced by the FTC in drawing bright line distinctions regarding whether a particular entity is engaged, at least to some extent, in financial activities and thus is a financial institution. The following exerpt seems to make it clear that I too may fall under the auspices of GLB in the following way, and in fact my attorneys are currently working on a contract which will meet the demands of GBLA as soon as they are in place. ------------------------------------------------- While section 503 calls for a privacy policy notice to be given when a customer relationship is established, the Proposal would have required a financial institution to provide a individual with a notice of its privacy policies prior to establishing a customer relationship. Under the Proposal, a customer relationship would have been established at the point at which a financial institution and a customer enter into a continuing relationship. This may range from the execution by the consumer of the contract necessary to conduct the transaction in question, taking steps necessary to open a credit card account, or in non-contractual situations, when the consumer pays or agrees to pay a fee or commission for a service. The notice must also be given to a consumer prior to the time that an institution discloses nonpublic personal information to certain third parties. Under the Privacy Rule the Agencies clarified their position on this point. An initial privacy policy notice generally must be given not later than the time when a financial institution establishes a customer relationship. As we can see from the following, many other interesting points ensue. How are we to interpret the implications? In the context of a discussion of the consumer relationship, the Agencies noted that several commenters agreed with the principle discussed in the Proposal that an individual should not be considered to be a consumer of an entity that is acting as an agent for a financial institution. The commenters noted that the financial institution that hires the agent is responsible for the agents conduct in carrying out the agency responsibilities. The Agencies stated that they agree and continue to believe that the financial institution is the entity that has the consumer relationship, even if it uses agents to help it deliver its products of services. This raises a number of interesting issues. How will an insurance agency, which is clearly deemed to be a financial activity in its own right, be treated under the Privacy Rule?. How will the Privacy Rules themselves apply to information that comes into the possession of an agent directly from a consumer, rather than being supplied to the agent by the institution (which is the information flow that is generally contemplated in the rules). Can we then protect ourselves in advance from any possibility that 3rd party collectors can gain sufficient information to make effective collection possible by filing appropriately worded GLB notices to our creditors in advance? Who knows at this point. It seems that the possibility may exist. Only time and the old trial and error method will provide the final answers. The following does however clearly indicate that 3rd party collectors are going to be affected in some way or another. To what extent is as of yet unclear. A financial institution will not be required to provide an annual notice to a customer with whom it no longer has a customer relationship. Examples of the termination of a customer relationship include (i) a deposit account that is treated as inactive under the institutionâ??s policies, (ii) in the case of a closed-end loan - a loan that is paid in full, which is charged off, or which is sold off without retaining the servicing rights (iii) in the case of an open-end credit relationship - where the financial institution no longer provides statements to the consumer or the institution sells credit card receivables without retaining servicing rights, or (iv) in other relationships where the institution has not communicated with the customer about the relationship for a period of twelve months, other than to provide annual privacy notices or promotional materials. The only thing that is clear is that the law is coming and in some situations is already in place and operational. But what else is coming and how to use it to one's advantage is still a ways into the future and much must be learned yet. This is posted to invite serious comments about GLB from the posters to this board. Let us hope that all will use it for that purpose. Enjoy
So then, at a very bare minimum, what should a proper opt-out form consist of. The following exerpt should provide some insights The Privacy Rule provides examples of an adequate opt out notice. Such a notice would include: An identification of all categories of nonpublic personal information that the institution discloses or reserves the right to disclose, and all of the categories of nonaffiliated third parties to which the bank discloses the information; An identification of the financial products or services that the consumer obtains from the bank either singly or jointly, to which the opt out direction would apply. The Privacy Rule provides that an institution provides a reasonable means to exercise an opt out right if the institution: Designates check-off boxes in a prominent position on the relevant forms with the opt out notice; Includes a reply form together with the opt out notice; Provides an electronic means to opt out, such as a form that can be sent via electronic mail or a process at the institutionâ??s website, if the consumer agrees to the electronic delivery of information; or Provides a toll-free telephone number that consumers may call to opt out.22 The opt out notice may be provided together with the privacy policy notice or on the same written or electronic form as the privacy policy notice. If the institution provides the opt out notice at a later time than it provides the privacy policy notice, it must include a copy of the initial privacy policy notice with the opt out notice. So then given the proper parameters and the fact that many folks have long since chunked those little notices they got in the mai, how to go about constructing a letter demanding opt out under GLBA should be adequately outlined above.
Bill, what is the "GLBA, FERPA, NPRA"? Thank you for the interesting post. Also thanks for the "Why don't you listen?" post. Tuit
GLBA is the Gramm-Lleach-Bliley Act. It is primarily a banking regulatory act but carries consumer privacy protection clauses and provisions. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT (FERPA) Deals with educational institutions and the student and parential privacy rights NRPA is a typo and should have been NPRM which is outlined here. In response to the Secretary's invitation in the NPRM, twenty-eight (28) parties submitted comments on the proposed regulations. An analysis of the public comments and of the changes in the regulations since publication of the NPRM follows. Substantive issues are discussed under the section of the regulations to which they pertain. Suggested changes and comments outside the scope of the NPRM are not addressed because the Secretary lacks the statutory authority to make the changes. I thought that some of the comments submitted were quite interesting.
I was pretty sure that was what the GLBA was but wasn't sure about the other two. Yes interesting reading. Again thanks Bill. Tuit
I'm glad you found them interesting. I also hope you find them to be useful. When dealing with such things, one should think about how best to use them to one's advantage. Otherwise it is just a waste of time. Since they are basically consumer protection laws of one kind or another then they were intended by the government to be used for that purpose. Often the originators of laws have no idea how they might eventually end up being used and sometimes they can be used for entirely different purposes than that for which they were intended or indeed for purpose which are exactly opposite to those which their perpetrators entended. I am more than certain that the inventor or the first knife had no idea that his invention would someday be used to pry open jars, cut boxes open or turn screws, clean fingernails and more. In fact, the inventor of the first knife had no such concept as screws, boxes or jars. He was completely clueless to the concept that man would one day use his invention to produce beautiful works of art either. So what work of art or whatever can be constructed from GLBA? One never knows until one tries.
Here is another extremely interesting part of GLBA 2.1.2.6. FCRA Considerations As indicated above, a privacy policy notice will have to include an FCRA affiliate sharing opt out notification to the extent applicable. As part of their compliance with title V of the GLBA, financial institutions, particularly those that have not traditionally considered themselves to be financial institutions should carefully review their current practices in regard to the FCRA. In this regard, the FTC Privacy Rule notes that the FCRA provides no limitation at all on communication by the entity of its own "transaction or experiences" with the consumer. The FCRA does, however, strictly limit the reporting of information obtained from other sources, such as consumer applications or credit reports. The FTC states that an institution may normally share such data with its affiliates only if it has complied with the notice and opt out procedures set forth in the FCRA. It also states that sharing such data with nonaffiliates may be effectively prohibited in most cases by the FCRA because the institution would become a consumer reporting agency subject to its restrictions on reporting information to third parties. And then more later on in the act. Notice that bottom one in particular. The consumer does not opt out. Clearly then, opting out must be a part of the process and it is something that appears important to do. Many things are coming to light here that I doubt most of us were ever aware of in GLBA 2.1.3.1. Conditions to Release of Nonpublic Personal Information to Third Parties Under the Privacy Rule, an institution may not either directly or through an affiliate disclose any nonpublic personal information about a consumer to a nonaffiliated third party (apart from Specified Disclosures) unless the institution has: Provided the consumer with a privacy policy notice; Provided the consumer with an opt out notice; Given the consumer a reasonable opportunity, before making such disclosure, to opt out of the disclosure; and The consumer does not opt out.
While concern over protection of consumer interests in personal information is currently very strong, it is important to note that anumber of commentators believe that the current broad ability to transfer and utilize information regarding consumers in the United States has been a major contributor to the current Internet related economic expansion the country is experiencing and that imposition of restrictions on the flow of such information runs the risk of working to the detriment of the economy and individual consumers. One case in point, are concerns recently expressed by the Federal Financial Institutions Examination Council that lenders are not reporting data on timely loan payments to consumer reporting agencies, thereby hindering the ability of other lenders to make accurate decisions regarding lending decisions with respect to such consumers and thus injuring the interests of those consumers.
3. Prohibition on Fraudulent Access to Financial Information Subtitle B of title V of the GLBA is directed at ending an increasingly prevalent practice by both entities and individuals to obtain confidential financial information regarding individuals by misrepresenting their right to such information.30 Government authorities have become increasingly concerned about the threat posed by this practice. This led the OCC to issue an alert to national banks regarding these practices.31 It has also spurred deceptive practices actions by the FTC and by state authorities. Section 521 of the GLBA prohibits any person from obtaining, or attempting to obtain, or cause to disclose or attempt to cause to be disclosed, customer information of a financial institution relating to another person - by making a false, fictitious, or fraudulent statement or representation to an officer, employee, or agent of a financial institution; by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution; or by providing any document to an officer, employee, or agent of a financial institution, knowing that the document is forged, counterfeit, lost, or stolen, was fraudulently obtained, or contains a false, fictitious, or fraudulent statement or representation. Section 521 of the GLBA also provides that it is a violation of subtitle B to request a person to obtain customer information of a financial institution, knowing that the person will obtain, or attempt to obtain, the information from the institution in any manner described above.
The penalties for violation. Section 523 makes it a crime to knowingly or intentionally violate or knowingly and intentionally attempt to violate the provisions of section 521 and provides for a fine in accordance with title 18 of the United States Code or imprisoned for not more than five years or both. Where a violation of section 523 occurs while violating another federal law or as part of a pattern of any illegal activity involving more than $100,000 in a twelve-month period, the violator is subject to a fine of up to twice the amount provided in subsection (b)(3) or (c)(3) of title 18 and imprisoned for more than ten years, or both. Section 522 generally provides for administrative enforcement of section 521 by the FTC in the same manner and with the same power and authority as the agency has under the Fair Debt Collection Practices Act. It also authorizes administrative enforcement by the OCC, FRB, FDIC, OTS and the NCUA with respect to institutions under their jurisdiction. Section 525 directs the foregoing agencies, the NCUA and the SEC or self-regulatory agencies, to review their regulations and guidelines to ensure that financial institutions under their jurisdiction have policies, procedures and controls in place to prevent the unauthorized disclosure of customer financial information. As with subtitle A, this subtitle permits states to provide greater protection than is provided by subtitle B.
Hey Westcap!! Would you be so kind as to step in here and tell us why it is that collection agencies and debt buyers are so worried about GLB and what they see as a potential threat to their operations? Inquiring minds would like to know???
Holly Cow Bill, Talk about depth! Give me a few minutes and I will post all that I know on this matter! : ) WestCap
Federal Compliance Information Gramm Leach Bliley Act (GLBA) : GLBA in A Nutshell What Does It Do? Requires "financial institutions" to notify "consumers" of their privacy policies upon establishing a "customer" relationship and annually thereafter. 16 C.F.R. § 313.1(a)(1)(2000). Describes conditions in which a financial institution may disclose "non-public personal information" about consumers to nonaffiliated third parties. 16 C.F.R. § 313.1(a)(2). Provides a method for "consumers" to prevent financial institutions from disclosing certain types of information to nonaffiliated third parties by giving the consumer the ability to "opt out" of the disclosure. 16 C.F.R. § 313.1(a)(3). Bans pre-text calling. (Already prohibited for collection agencies under § 807(10) of the FDCPA.) Who is Covered By the Act? Financial institutions, as broadly defined by the Act, which disclose "nonpublic personal information" about "customers" or "consumers" to "nonaffiliated third parties"-unless the transaction is exempted. Consequently, most financial institutions must comply with the GLBA. However, the following financial institutions need not comply: Collection agencies. Collection agencies are deemed to be financial institutions (65 Fed. Reg. 33646, 33655 fn.25). Collection agencies need not comply if they engage in tradtional collection activities. They are not governed by GLBA because a "customer relationship" does not exist between the debtor and the agency. Final Rule, 65 Fed. Reg. 33646, 33653 fn. 18. "A consumer has a 'customer relationship' with a debt collector that purchases an account from the original creditor (because he or she would have a credit account with the collector), but not with a debt collector that simply attempts to collect amounts owed to the creditor." (citing 65 Fed. Red. 11174 (Mar. 1, 2000). In short, collection agencies are not covered by the Act, unless they purchase debts and either attempt to collect the debt or locate the consumer. Retailers that extend credit through lay away plans are not covered by act. 16 C.F.R. § 313.3(k)(3). Merchants that allow a consumer to "run a tab" are not covered by the Act. 16 C.F.R. § 313.3(k)(3). Grocery stores that allow consumers to write a check for a higher amount than the grocery purchase and obtain cash back. 16 C.F.R. § 313.3(k)(3). How does a "financial institution" comply with the Act? Provide a clear and conspicuous written or electronic notice describing the institution's privacy policies to consumers at the time a "customer relationship" is established annually thereafter. This notice should identify: the type of "personally identifiable financial information" the institution has collected about the consumer; a description of where the institution obtained the information; if the institution shares this information with "nonaffiliated third parties" and the ability for customers to opt out or prevent the institution from sharing certain types of information with other parties. "Non affiliated third parties" are considered to be any party except someone who is employed jointly by you and your company who is not an affiliate. 16 C.F.R. § 313.3(m)(1)(I-ii)(2000). "Personally identifiable financial information" would include information a consumer includes on an application to obtain a loan or credit card, account balance information, payment history, overdraft information, and information from a credit report. See 16 C.F.R. §313.3(o)(2)(i). Personally identifiable financial information would not include aggregate information or blind data which does not include account information or "public information" about a consumer. How's That For Detail! WestCap
Well, now this is getting interesting indeed! That positively eliminates any possibility of a collection agency not having purchased the debt from the creditor, in otherwords acting on behalf of, from collecting any fees or other charges whatsoever. Obviously if no customer relationship exists then no contractual obligations exist and any attempt to collect extra fees whatsoever would constitute commission of a criminal fraud. I'd just love to see some of those birds walking around in nice bright orange coveralls with the words "Inmate Oklahoma County Jail" stamped on their backs and wearing those nice shiny bracelets and ankle chains. That's a real neat waist chain they put on them too. And no, you can't do that to a company or corporation, but you can put the head honcho there because when he commits fraud or consorts or advises others to do so he is no longer protected by the corporate umbrella. He is jail bait pure plain and simple.
I just wonder about that. A contract or "customer relationship" can only be enforced if there is first of all a valid agreement in the original contract with the creditor stipulating that the creditor has the right to sell or transfer the debt to a 3rd party and the debtor is notified before the transfer and given an opportunity to purchase the debt at the same price at which the creditor is willing to sell the debt to a 3rd party for. Absent these conditions, the debtor is under no obligaton to pay and the contract is null and void upon the completion of the transfer. Additionally, no one may be forced into a contract with a 3rd party. He has to have knowledge and give informed consent and must receive something of value in return for his consent to contract or no contract can exist. These are the very core definitions of a contract. The definition of a contract is that a contract cannot exist unless it is between two or more parties of legal age to contract, of suffiicient mental capacity to contract and there must be an exchange of items of value or valuable consideration. The reason that debt purchasers and collection agencies alike are able to function is based solely upon the ignorance of the debtor.
Correct me if I am wrong. If the collection agency doesn't purchase the debt, then it is not governed by the Act? It can proceed as it normally would (attempt to collect)since it isn't covered? How does that help?
You have to read both of my posts in order to see that in one type of situation one set of conditons would work to their disadvantage and in the other another set of conditions would work to their disadvantage. That's the way I see it.
Well then Westcap, thanks to you we now know that the collector who is acting in the name of the original creditor does not fall under the auspices of GLBA while the creditor who purchases the debt does clearly fall under GLBA. And of course, since we cannot know in advance if a debt will or will not fall into a collections state and hence quote possibly into the hands of a debt collector who will try to collect after having purchased the debt, it behooves us to send an opt out letter citing GLBA to all of our creditors before the problem potentially occurs. Strictly a precautionary measure and most certainly optionally available to us since any creditor with whom we have an account is potentially accountable for the safety and security of our personal and non-public information. Surely we can look to you with your vast expertise to help us design such a letter, can't we?
It is also clear that the sleazebag check cashing services fall under the auspices of GLBA and must also send their customers GLBA notices So if they fail to do so, which I am quite sure is usually the case, they can also now be nailed to the proverbial cross for their failure to observe the requirements of GLBA. It is more than high time that something positive be done to curb the shennagins of those rip-off artists. For those poor folks so unfortunate as to have fallen into their clutches, at last a remedy is at hand and criminal charges might well be filed against them for their failure to comply with GLBA too. Some states are now passing laws to curb their criminally high interest rates and shabby treatment of their customers. In those states where the activities of these cockroaches are being curbed, many are now closing their doors or attempting to move into other states which are not yet so tightly regulated and are also attempting to move themselves under different types of incorporation that will allow them to continue to operate with impunity. But filing of charges against them for failure to advise their customers of their rights under GLBA might also put a nice little hitch in their git-along. We will also be developing strategies to deal with them almost immediately. After all, we are a nation of laws and all are subject to the law. None is above the law. So let us learn how to make the law work for us.
