When you apply for a home mortgage, you sometimes have to disclose so much personal information that you feel financially strip-searched.

But who gets access to all that private data--your income, assets, federal and state tax details, bank account numbers and credit-card balances? Is it the telemarketers who pick dinner time to pitch you their wares? Is it the mass marketers who stuff your mailbox with home-equity and credit-card deals you don't need?

Does your most intimate personal financial profile become part of an electronic dossier on you, available online as a public commodity to anyone who'll pay for it?

Congress last week began to answer questions like these for the first time for millions of Americans with home mortgages. A key piece of the 1999 financial services modernization act hammered out on Capitol Hill provides guidelines for banks, mortgage companies, credit unions and others in the lending business on what they can--and cannot--do with the personal data they've got on you.

Although the legislation, which could become law as early as next week, won't take effect until next year, here's a preview of your forthcoming new privacy protections. The law will cover virtually all your financial dealings with creditors, not just your home mortgage.

Under the financial services act, each of your lenders, including the company that services your mortgage and keeps your payment records, will have to tell you, at least once a year, how it handles your private data. In a "clear and conspicuous" disclosure form, the lender will have to divulge whether it ever makes private customer data available to nonaffiliated outside companies for any purpose. If it does--as opposed to simply retaining the information for its own internal uses--it will now be required to allow you to "opt out" of the customer pool that is shared with outsiders.

For the first time you'll be able to tell every financial institution you deal with: Keep my files private and in-house; I don't want the world to be able to root around in my financial dossier as if it's a Halloween candy bag; I don't want anyone--telemarketers, health insurers, time-share salesmen and the like--to see my mortgage data. And the lender will have to comply, under pain of stiff federal penalties.

But the opt-out possibility won't prevent your lender from sharing your data with its own corporate affiliates. The lender will have virtually no restrictions on what it passes along to stock brokerage, insurance, credit-card or other companies that are part of the same conglomerate.

A mortgage company that's part of a diversified financial services holding company, in other words, will be free to pass along every speck of information it has on you to every other commercial organization under the same banner. Your lender will also be able to share your files with nonaffiliated third-party companies with whom it has contracts to perform marketing or other functions. You won't have the legal right to opt out of in-house data-sharing arrangements. Of course, you don't have that right today, nor do you receive any mandatory disclosures.

To groups such as Consumers Union, the lack of opt-out control by the borrower on affiliate data-sharing is a huge flaw in the new legislation. Frank Torres, Consumers Union's legislative counsel, calls this an "outrageous" concession by Capitol Hill to the financial services industry. He worries that the law will foster mega-mergers of insurers with banks, mortgage companies and investment firms. Once under the same corporate roof, says Torres, "what's to prevent the health and life insurance [affiliate] to look at other files [such as your mortgage] to determine whether to insure" an applicant?

Torres and other consumer advocates worry that credit-card and mortgage data may play a role in what you pay for auto and health insurance. And if your medical records on file with an insurance affiliate reveal that you have a condition that's likely to force you to lose your job in the near future, "maybe [an affiliated] mortgage lender won't want to give you a home loan, or will charge you more," says Torres.

Financial industry privacy experts, such as Marcia Sullivan of the Consumer Bankers Association, say fears about misuse of customer data in-house "are way overblown."

"It just doesn't make business sense for [lenders] to mistreat their customers," she says.

But congressional leaders aren't going to wait long to find out. House banking committee hearings on the implications of the new data-sharing rules are being planned for early 2000. In the meantime, watch for the new financial privacy disclosures. And opt out if you don't want your mortgage records open to the world.