Computerworld

Deadline Extended on Financial Data Privacy Law

Federal regulators have extended the deadline " from this November to July of next year " for financial institutions to comply with privacy rules outlined in a law passed by Congress last fall.

Industry groups such as the American Bankers Association (ABA) in Washington applauded the extension, though privacy experts said it was unwarranted.

"This is a transition period, not a delay," said Catherine Pulley, an ABA spokeswoman. "The law still goes into effect in November, but [companies] are not required to comply until 2001."

Under the Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act of 1999, regulators had until Friday to publish the final rules under which companies can give out consumers' financial information to unaffiliated third parties.

The act also mandates that companies let customers opt out of having their personal financial information shared with other firms.

The agencies involved in implementing the rules postponed the compliance deadline by eight months to give financial institutions time to gear up for the change, according to Cherie Umbel, a spokeswoman at one of those organizations, the National Credit Union Administration in Alexandria, Virginia.

During a public comment period on the new rules, financial institutions asked for the compliance delay "as an operational issue," Pulley said. Most do end-of-year mailings to their customers and would have had difficulty complying with the law and sending out those mailings at the same time, she added.

But Mark Rotenberg, director of the Electronic Privacy Information Center in Washington, decried the move.

"We're very disappointed that the privacy law is not going forward [on its original schedule]," he said. "This is a modest proposal, and companies have had ample time to prepare. There is not justification for the delay. This just adds to the [contention] that further steps are necessary to protect privacy."

Anya Astafieva, an analyst at Meridien Research Inc. in Newton, Massachusetts, said the extended deadline gives financial services firms more time to formulate their overall business and technology strategies for complying with the rules. It also gives firms an opportunity to observe how other companies are approaching the issue, she said.