July 9, 1998
Ms. Jane Coffin
Office of International Affairs
National Telecommunications and Information Administration
14 St. and Constitution Ave., NW
Washington, DC 20230
Re: Docket No. 080422102-8102-01
Dear Ms. Coffin:
First Union Corporation appreciates this opportunity to comment on the issues of consumer online privacy and Internet service provider self-regulation. First Union is a leader in providing ways for customers to get information and complete an array of financial transactions online. As an Internet financial services delivery innovator, First Union is also committed to giving customers security and privacy when using our online services.
Specifically, the National Telecommunications and Information Administration is seeking comments on the Department of Commerce staff discussion paper entitled Elements of Effective Self-Regulation for the Protection of Privacy. The Department of Commerce has posed several questions which those choosing to comment might address. As a financial institution, First Union=s aim in submitting a comment to this discussion paper is threefold: (i) to urge that no action be taken that would unduly hamper the growth of the online service industry in its critical first stages of development, (ii) to emphasize that the financial services industry is already heavily regulated in ways that make further consumer privacy protection regulations unnecessary, and (iii) to encourage continued emphasis and favor toward self regulation of consumer privacy initiatives, an area in which financial institutions have always been leaders.
Most service industries are looking to the Internet as a broad new avenue by which they can reach their customers. Government should, while strongly encouraging these industries to take steps to assure users of online services that their personal information will be protected,
Ms. Jane Coffin
July 9, 1998
refrain from taking action that would arrest the development of these online services. While using the Internet is undoubtedly a new way for service provider businesses to increase their revenue, consumers benefit just as much, if not more, from having online services available. If action is taken to mandate a regulatory scheme governing online privacy, it could result in many industries reducing their online activities and thus depriving consumers of numerous benefits and sources of information and services. Conversely, if companies have the flexibility of a self-regulatory regime, underscored not with government mandate but with government guidance, they will be able to respond to consumer needs, broaden consumer services, and give the public more and better access to information than ever before, all while protecting the privacy of their personal information.
Financial institutions are already accustomed to functioning well under a regime of heavy government regulation. These regulations already include consumer privacy protection; for example, the Fair Credit Reporting Act, Regulation E and the Financial Privacy Act of 1974 protect information through numerous, complex layers of regulation with which banks already must comply. Moreover, financial service providers must also comply with an array of state privacy protection laws. Accordingly, there is clearly no need for any further layers of regulation governing financial institutions that are aimed at protecting consumer privacy.
Bank regulatory agencies already have full enforcement powers in relation to all consumer privacy matters. Therefore, as banks move more toward online service, these same regulators will be monitoring banks= activities closely to assure protection of consumer privacy. Most important, though, is the fact that consumers will not put their confidence or their money in a bank that does not have adequate means by which to protect privacy. This is a potent motivator for banks to take the actions which they have over the years to assure that financial information is kept confidential.
Because banks have always done business with the expectation of its customers= privacy
as a cornerstone of that business, banks are uniquely suited to function under a scheme of self- regulation as far as consumer privacy is concerned. Indeed, many financial institutions have begun to tout their ability to protect consumer privacy as a competitive edge, taking more and more voluntary action to enhance security measures. This is especially true as technological innovations allow banks and other industries to take further and better measures to protect privacy, especially through enhanced encryption technology. Because banks already see the need to self-regulate to stay competitive, they are uniquely suited to continue with such a regime. Being forced to comply with a government consumer privacy mandate or a regulatory scheme would force banks to divert resources toward compliance efforts and away from the very innovations that have allowed financial institutions to stay at the forefront of consumer privacy protection up to now.
Ms. Jane Coffin
July 9, 1998
First Union appreciates the opportunity to participate in these explorations of how to best protect consumer privacy online. Self-regulation is the clear answer for financial institutions, and quite probably for many other industries that are beginning to offer consumers a wider array of personal choice and knowledge through online services. We will continue to be at the forefront of the development of electronic commerce as it serves to improve and enhance both business success and personal quality of life.
Vice President and Assistant