March 31, 2000
Jonathan G. Katz
Securities and Exchange Commission
450 5th Street, NW
Washington, DC 20549
File No. S7-6-00
USAA appreciates the opportunity to submit comments on the proposed privacy rules issued pursuant to section 504 of the Gramm-Leach-Bliley Act of 1999.
Introduction to USAA
The United Services Automobile Association (USAA) has been serving present and former members of the U.S. military and their families for more than 77 years and has become one of America's leading insurance and financial services companies. The association, well known for its exceptional customer service, offers its 4.5 million customers a variety of insurance, banking and investment products and services designed to help them meet their financial security needs.
The wide range of products and services offered by the USAA family of companies includes: property and casualty, life and health insurance; annuities; no-load mutual funds; discount brokerage; trust services; deposit and savings accounts; mortgages and relocation services; vehicle purchase assistance; and credit cards. The USAA Alliance Services Company offers additional quality products and services via strategic partnerships with outside vendors, including: catalog merchandise, long distance, Internet service, home security, floral service, rental car programs, and cruise travel. With the exception of its property and casualty insurance products and alliance services, which are available only to USAA members, products are available to the general public.
USAA has a relatively unique relationship with its customers. The association is owned by its customers and thus does not have the shareholder-driven obligations that some companies have to return dividends and profits. USAA's customers are commonly known within the organization - and self-referentially - as "members" of the USAA family. USAA's mission in serving its membership has been to provide "one-stop" financial services that address the unique needs of the military community and to back them with impeccable service that is tailored to the requirements of the men and women in uniform and their families. USAA members demand - and the Association is always striving to provide - a complement of financial products, which are always offered under the USAA brand.
USAA's foremost goal in implementing new privacy requirements is to ensure that USAA is able to maintain the legacy of trust and reputation for great service that it has developed with its customers for over three quarters of a century.
General USAA Comments
USAA has comments on specific provisions in the regulations, but would first like to make some general observations. We strongly believe in the protection of customer privacy. Assuring our members that we protect their privacy is essential to maintaining a relationship of trust.
We have learned that to effectively communicate the message, communications must be short and simple. A lengthy and complex disclosure overshadows the message. USAA is very concerned that the Commission's proposed disclosure requirements - if not modified - will severely hinder our customer service efforts. The disclosures proposed by the Commission are too lengthy, too confusing, and appear to limit the ability of affiliated companies to provide a single point of service for administering customers' opt-out inquiries and elections.
In serving our unique customer base, which includes a large and growing percentage of active duty U.S. military personnel around the world, we have found that our members demand streamlined services. USAA conducts very few face-to-face transactions and strives to provide outstanding response time and quality using an array of the most up-to-date technology and communications services. We have deep concerns about the impact of the current draft proposal on USAA's ability to continue this extraordinary level of customer service. It is our hope that the Commission will strive to ensure that integrated financial service providers like USAA can provide a common privacy disclosure notice to its customers that is simple and understandable and then offer a single point of contact to exercise the opt-out rights granted under the Gramm-Leach-Bliley Act.
USAA is a member of a number of national associations that represent the lines of business and products that we offer. We would therefore like to endorse those comments that will be submitted by the following associations, since they address in more detail the specific needs of USAA's parent and subsidiary companies:
Detailed USAA Comments
Section 248.3 Definitions
USAA would disagree that the examples given in the Commission's rule represent "financial information." In particular, we oppose including all information on an application or the fact of an individual's customer relationship in the definition of "personally identifiable financial information."
USAA believes that the Fair Credit Reporting Act (FCRA) provides an excellent framework for defining the term "financial information." The FCRA regulates consumer reports which include information "bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility" for certain products. The FCRA also recognizes transaction information. We believe that the combination of transaction information and consumer report information cover the type of financial information that should be protected. One advantage of using definitions from the FCRA is that both financial institutions and the Commission have experience in applying those definitions. Also, most financial institutions currently provide an opt-out under the FCRA, and using the same definitions in these regulations would help avoid customer confusion as to the scope of the two opt-outs.
USAA strongly supports this approach, since it acknowledges Congressional intent not to provide consumers with expectations for special treatment of information that is otherwise available from public sources. In USAA's case, it would not be uncommon to obtain a customer name and address from a public source, verify it via a non-public source, have it restated by the customer at the time of transaction, and then update this information based on U.S. Postal Service or other public records.
The Commission invited comment on an "alternative definition" which would treat "information that is publicly available as nonpublic if the institution does not obtain the information from a listed public source." USAA is extremely concerned about the use of the source of information to define whether it shall be deemed "publicly available." This definition would be impossible to manage, since the same piece of data could easily be classified differently and since it would require a source tracking process that would be unreasonably cumbersome.
Section 248.4 Initial notice to consumers of privacy policies and practices required
USAA urges the Commission to include in this section a clarification that the common initial privacy notice is required only when the first product is purchased from an affiliated company, as long as the notice covers all information relevant to the additional products. USAA members will often sign up for multiple products offered by the various USAA affiliates as soon as they become eligible for membership. USAA does not anticipate that duplicative initial privacy notices provide any value to a new member.
Section 248.6 Information to be included in initial and annual notices of privacy policies and practices
First, the Gramm-Leach-Bliley Act statute does not include this information as a required element under Section 503(b). Second, customers already receive this information via the Fair Credit Reporting Act opt-out notice.
As discussed above, USAA strongly believes that the privacy notices that result from this rule should be as simple and streamlined as possible, in order to best serve the customer. USAA argues that requiring lengthy and duplicative disclosures about affiliate information sharing practices is not in the best interest of our membership. This additional disclosure would simply be confusing to customers because, unlike the other detailed disclosures made under Section 503(b), it is not included in a customer's opt-out election under Gramm-Leach-Bliley.
First and foremost, USAA has learned that consumers will be more responsive to simple disclosure forms. The bulk of calls that USAA received in the wake of new Fair Credit Reporting Act requirements were for clarification on the meaning of the detailed disclosure documents, not to exercise opt-out rights.
Second, the lengthier the documents, the less likely it is that affiliated institutions could institute combined or common notice and opt-out forms - thus defeating a stated goal of the Commission in Section __.4 (see above). Finally, the Commission's required disclosures are far more extensive than those required by the Gramm-Leach-Bliley statute, which leaves considerable leeway to reconsider the current proposed approach.
Section 248.7 Limitation on disclosure of nonpublic personal information about consumers to nonaffiliated third parties
Many of USAA's customers are active-duty military personnel who are stationed away from home and who have delegated the management of financial affairs to a spouse or other family member in the interim. USAA strives to ensure that our members have the flexibility they need to manage their finances in these situations and urges the Commission to acknowledge this type of circumstance. USAA also offers the example of a joint account held with a minor child who cannot legally exercise a choice in this matter.
USAA's assessment is that requiring opt-out notices be sent to all parties to a joint account will simply result in multiple mailings to a single address.
Section 248.8 Form and method of providing opt out notice to consumers
USAA currently has dozens of toll-free numbers for our members to use in updating and accessing their accounts. Our membership is scattered around the U.S. and around the world, and USAA has found toll-free telephone numbers an excellent way to provide our members with quick, low-cost, high-quality responses and services.
A number of features of the USAA voice-response system make it a superior choice for allowing customers to exercise opt-out rights. The system is available 24 hours a day, 7 days a week. It requires a higher level of authentication to enter the system than some of the other options listed by the agencies. The update to USAA's records is immediate, similar to an internet based opt-out. During normal business hours, the system would also allow customers to request instant clarification by a live USAA representative and then be returned to the system to complete their selections.
Section 248.13 Limits on sharing of account number information for marketing purposes
USAA, for example, assigns a "member number" to our customers to confirm their eligibility for certain of our products and provide a unique identifier that all affiliated companies and approved third-party vendors can recognize. However, this member number alone is not adequate to allow an individual to debit or credit particular deposit accounts, credit cards, insurance policies, or investment accounts. Use of the member number simply allows USAA to speed up service to our customers and provide fully integrated account servicing to them.
Section 248.16 Effective date
From a customer's point of view, the six-month time frame would ensure a flood of new customer notices at the critical end-of-year time period when holiday mailings and tax information are also hitting mailboxes. A longer implementation period would allow companies to stagger their mailings, ensuring that customers have the opportunity to contemplate the notices and make appropriate decisions regarding their various accounts.
Finally, USAA requests that the Commission consider the creation of a safe harbor defense against inadvertent failures. We are concerned that such failures may occur despite the institution of appropriate policies and procedures and good faith efforts to comply with the regulations.
Again, USAA appreciates the opportunity to comment on this proposed regulation and respectfully requests your consideration of our views.
Bradford W. Rich
SVP, General Counsel