Flash data demonstrate that CUs may not understand privacy responsibilities

ARLINGTON, Va.-NAFCU used privacy issues as the focus subject of its Flash Report with a new bolder look and more concise economic information. The study of a random sampling of its members looked into credit union members’ satisfaction with the institutions’ privacy policies after the Gramm-Leach-Bliley Act. An overwhelming 82% of credit unions surveyed said they felt their members were comfortable with their privacy policies, while 18% had heard complaints about some aspect of the policy. Of those who received complaints, the median number of complaints over the previous 12 months was six, with the majority receiving less than 10 complaints. The majority of the complaints received concerned the members’ desire for an `opt-out’ option that was not to the members’ expectations. The other common complaint was that members did not want their information shared with third parties. Forty-three percent of the respondents indicated that they did offer members an option to opt-out, while the others did not. What surprised NAFCU’s research team was that 45% of those surveyed thought they were required by federal law to offer their members an `opt-out’ option. According to NAFCU, the vast majority of credit union information sharing practices fall within the exceptions to the `opt-out’ requirements. Many credit unions offered members the chance to `opt-out’ simply as a member service. The Flash noted that probably very few credit unions have to provide members with `opt-out’ notices. Approximately 30% thought they were required under state law to do so. Survey participants said the most commonly affected third-parties affected by privacy policies included service providers and joint marketing providers, each cited by 24% of respondents. Other affected parties included auto dealers (15%), credit card companies (10%), mortgage companies (9%), corporate credit unions (7%), other credit unions (6%), and other entities (5%). Additionally, only 7% of credit unions said that NCUA conducted “extremely thorough” examinations of the institution’s privacy policies. Thirty-five percent said NCUA performed an “adequate” examination of the policies, while one-third said the agency did not examine their privacy policies at all.