Consumer privacy provisions contained in a landmark financial services bill passed last year unexpectedly appear to apply to a host of companies involved in the money-transfer business, including department stores, car rental companies, automakers and computer software companies.
Lawmakers last year inserted privacy rules in the financial services bill to make it more difficult for banks, insurance companies and securities firms to share private information with unaffiliated third parties, such as telemarketers. Government officials said, however, that the new law has significant implications for other, largely unregulated industries that engage in related financial activities, such as realty appraisers, collection agencies, check-guarantee firms or any entity that transmits or handles consumer financial transactions.
Such broad application of the privacy provisions could prove useful for consumers eager to prevent companies from sharing personal financial information. But regulators say few nonfinancial businesses appear aware that they will be covered by the new law. Regulators must implement the law through new regulations due in final form by May 12.
The rules come at a time when retailers and marketers are gearing up to make use of massive computerized information on how consumers shop, when they spend their money and a host of other personal data.
"We think it's good for consumers," said Frank Torres of Consumers Union, a nonprofit group that publishes Consumer Reports magazine, because it requires the financial subsidiaries of companies such as General Electric Co. and Ford Motor Co., which provide many of the same kinds of loans and other services that banks do, to comply with the rules.
"Many retailers and other companies that don't think they are financial in nature would have to have a policy and a way of communicating that policy and then, if they are planning on sharing that information, giving their customers a chance to opt out," said Karen Shaw at the Washington-based financial services consulting firm of ISD/Shaw Inc.
Bank regulators at the Treasury Department and the Federal Reserve Board will oversee how banks comply with the law. The Securities and Exchange Commission will oversee its implementation in the securities industry, and state insurance commissioners around the country will oversee its implementation with insurers.
The Federal Trade Commission will write the regulations and oversee companies that engage in financial activities but fall outside those three areas.
In addition to General Electric and Ford, that list might include travel agencies, retailers that provide in-house credit cards or lay-away plans and a joint venture of Citigroup Inc., Microsoft Corp. and First Data Corp. that is developing software to allow companies to bill and accept payments over the Internet.
The problem, federal officials say, is that regulators will publish draft regulations in early February, which will give companies only a few weeks to voice objections or other suggestions before the rules are published in final form in May.
"Firms that think they may be covered should take a close look at the proposed regulations and comment," said David Medine, associate director in the FTC's division of financial practices. "We don't want people to be caught by surprise. We want them to be involved in the process."
It still hasn't been decided which types of nonfinancial companies should be covered by the new regulations. While the bill Congress passed is clear about how banks, brokers and insurers must comply, it is less clear on how industries under the FTC's jurisdiction would be treated.
The problem lies in a list of businesses, such as travel agencies or car rentals, that the law says must adhere to the new privacy rules. This list was originally crafted by the Fed to give banks as much leeway as possible to affiliate with a variety of businesses.
Now that leeway could make the law apply to an overly broad set of companies, federal regulators say, though they also insist they will work hard to be reasonable and not use the vagueness of the list to assert widespread jurisdiction.
An administration official, who requested anonymity, said that "some of the quirks in application hadn't been thought through" when the White House and Congress were arguing over the privacy provisions, but he acknowledged the general intent of making unregulated financial lenders comply with the same rules banks must was intentional.
"We are aware of the act and we're studying it and trying to determine how we're going to implement the provisions throughout our company," said Dan Jarvis, spokesman for Ford Motor Credit Co., the lending unit of Ford.