The Surprising Virtues of the New Financial Privacy Law

60 Pages Posted: 6 Jan 2003

See all articles by Peter Swire

Peter Swire

Georgia Institute of Technology - Scheller College of Business; Georgia Tech School of Cybersecurity and Privacy; Cross-Border Data Forum


The financial privacy law passed by Congress in 1999 has been the target of scathing criticism. Financial institutions have complained about the high costs of the billions of notices sent to consumers, apparently to widespread consumer indifference. On the other side, privacy advocates have condemned the law as woefully weak.

This article disagrees with the criticisms. Part I describes the main provisions of Title V of the Gramm-Leach-Bliley Act, showing a better match with basic privacy principles than many have realized. Part II explores the history of how GLB became law, placing the enactment into the context of a historic peak of privacy policy activity in the late 1990s. This history draws on my dual perspective, as an academic who has written extensively about financial and other privacy issues, and as the Clinton Administration's Chief Counselor for Privacy during the period.

Part III looks at the most hotly contested issue in the privacy debate, the rules for sharing personal information with affiliated entities and third parties. GLB establishes a basic rule that information can flow freely within a financial institution and to its affiliates. Customer choice - an opt out ability to prevent sharing - applies for transfers to non-affiliated companies. The article argues that an exception to that principle of customer choice, the "joint marketing exception" should be repealed. It then explores the knotty issue of how to handle data sharing in today's vast financial conglomerates, suggesting possible statutory modifications.

Part IV looks at the much-maligned notices that financial institutions have sent out in compliance with GLB. The critics have accurately complained about the legalistic and detailed language in the current notices. The critics have largely overlooked, however, important benefits from these notices. Publication of the notices and the new legal obligation to comply with them have forced financial institutions to engage in considerable self-scrutiny of their data handling practices. Many firms have hired a Chief Privacy Officer or made other institutional changes. The current notices, even in their imperfect form, have reduced the risk of egregious privacy practices. And improved notices, with a plain-language short form on top, would enhance accountability while also communicating far more clearly with ordinary customers.

In short, there are surprising merits of the GLB privacy provisions. Considerably more was accomplished in the Act than observers would have predicted in the spring of 1999 or than critics have recognized to date. Important flaws do exist, but specific and achievable changes in the statute and implementing regulation can go far toward reducing the magnitude of those flaws.

Keywords: financial services, banking regulation, privacy, Gramm-Leach-Bliley, financial privacy

JEL Classification: D18, D72, D78, D82, K22, K23

Suggested Citation

Swire, Peter, The Surprising Virtues of the New Financial Privacy Law. Available at SSRN: or

Peter Swire (Contact Author)

Georgia Institute of Technology - Scheller College of Business ( email )

800 West Peachtree St.
Atlanta, GA 30308
United States
(404) 894-2000 (Phone)

Georgia Tech School of Cybersecurity and Privacy ( email )

Atlanta, GA 30332
United States

Cross-Border Data Forum

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics