BOSTON (05/09/2000) - Federal bank and securities regulators have extended the deadline -- from this November to July 2001 -- for financial institutions to comply with privacy rules outlined in the Gramm-Leach-Bliley Act passed by Congress last fall.
Under this financial modernization act, regulators have until May 12 to publish the final rules under which companies can give out consumers' financial information to unaffiliated third parties. The act also mandates that companies let customers opt out of having their personal financial information shared with other firms.
The deadline was postponed by eight months to give financial institutions time to gear up for the change, according to Cherie Umbel, a spokeswoman at the National Credit Union Administration (NCUA) in Alexandria, Virginia.
The NCUA is one of the agencies involved in crafting the rules to implement the privacy provisions of the Gramm-Leach-Bliley Act. Umbel said the NCUA has already adopted and posted the final regulations on its Web site, located at www.ncua.gov.
The other agencies involved are: the Office of the Comptroller of the Currency; the Office of Thrift Supervision, a bureau of the U.S. Treasury; the Federal Reserve Board; the Federal Deposit Insurance Corp.; the Federal Trade Commission; the U.S. Treasury Department; and the Securities and Exchange Commission.
Anya Astafieva, an analyst at Meridien Research Inc. in Newton, Massachusetts, said the extended deadline gives financial services firms more time to formulate their overall business and technology strategies for complying with the new rules. It also gives firms an opportunity to observe how other companies are approaching the issue.
The extension provides financial institutions with more breathing room for completing Web-based projects needed to comply with the privacy law, Astafieva added.
Industry groups such as the American Bankers Association (ABA) in Washington applauded the extension as a welcome concession to the companies that will be affected by the new law.
"This is a transition period, not a delay," said Catherine Pulley, an ABA spokeswoman. "The law still goes into effect in November, but (companies) are not required to comply until 2001."
During a public comment period on the new rules, financial institutions asked for the compliance delay "as an operational issue," Pulley said. Most do end-of-the-year mailings to their customers and would have had difficulty complying with the law and sending out those mailings at the same time, she added.
But Mark Rotenberg, director of the Electronic Privacy Information Center in Washington, decried the move.
"We're very disappointed that the privacy law is not going forward (on its original schedule)," he said. "This is a modest proposal, and companies have had ample time to prepare. There is not justification for the delay. This just adds to the (contention) that further steps are necessary to protect privacy."
And while Rotenberg said he supported a proposal that the Clinton Administration made last week to further tighten the privacy rules passed in November, he added that his top concern is ensuring that the government is "implementing last years' regulations."