Credit card privacy laws are meant to protect consumers, but thanks to corporate lobbying these laws do not always go as far as they should. There are also many loopholes in credit card laws that allow credit card companies to use your information in ways that you might not expect.
In general, under the Fair and Accurate Credit Transactions Act (FACTA) and the Fair Credit Reporting Act (FCRA), the main laws governing credit card companies’ use of consumer information, sharing personally-identifying information is off-limits.
However, information like shopping habits, income, and even payment habits might be legal to share if personally-identifying information is first removed. As a result, you will want to make sure you are GDPR compliant.
Here is more on the credit card privacy laws you should know.
Credit Card Privacy Laws You Should Know
FACTA was enacted in 2003 to strengthen the original laws under FCRA in light of changing technology and consumer habits. In my opinion, these laws still do not go far enough to protect consumers from having their personal information shared, but as we will see, pro-active consumers can take steps to strengthen the law on their own behalf. The main consumer protections you have as a credit card holder are:
- The Disposal Rule, which requires creditors to handle and if necessary, destroy consumer information in a way that prevents the unauthorized access or use of information in a consumer report.
- The Notice of Consumer Rights, which requires creditors to inform consumers of their rights to file fraud alerts, block information in a report arising from fraud, and obtain copies of documents used to commit fraud.
- Consent to Use Medical Information must be obtained from a consumer in order for medical information to be used for employment or credit purposes, and the information must also be relevant.
- The Privacy Rule, which requires creditors to provide initial privacy notices to consumers and customers, and provide privacy notices on an annual basis as long as the creditor/customer relationship continues.
- Limitations on Nonpublic Personal Information, which prevent companies from sharing personally-identifying information reasonably considered nonpublic, such as income, account numbers, and similar information, to unrelated companies. However, companies may share this type of information with their affiliates.
Clearly, existing credit card privacy law does not address many consumer concerns. For instance, most consumers do not know that credit card companies can share personally identifying information with affiliates, and be perfectly protected under the law.
How to Make Credit Card Privacy Law Work for You
As with so many other financial tasks, ultimately the burden of ensuring personal information stays private and is not shared amongst credit card companies and their affiliates falls on the consumer. Fortunately, there are mechanisms built into the law that allows consumers to further limit the use of their information.
- Opt-out of information sharing. Credit card companies that disclose nonpublic personal information to affiliates and non-affiliates must provide consumers the opportunity to opt out of such disclosures either through a website, a written request, or other reasonable means.
- Register with the Direct Marketing Association and opt-out of receiving any type of junk mail or unsolicited offers. This limits firms’ ability to share your information with others.
- Consider security freezes and other opt-out mechanisms offered by the three major credit reporting bureaus, TransUnion, Equifax, and Experian.
- Contact your local political representatives and let them know that you want stronger consumer protection laws in place so that even information that does not personally identify you is restricted from being shared.
Credit card privacy laws do not protect your information as thoroughly as you might expect. By being proactive and blocking credit card companies and marketers from using your information, you will not only increase your expectation of privacy but reduce your risk of identity theft and other financial fraud.