Credit card privacy laws are meant to protect consumers, but thanks to corporate lobbying these laws do not always go as far as they should. There are also many loopholes in credit card laws that allow credit card companies to use your information in ways that you might not expect.
In general, under the Fair and Accurate Credit Transactions Act (FACTA) and the Fair Credit Reporting Act (FCRA), the main laws governing credit card companies’ use of consumer information, sharing personally-identifying information is off-limits.
However, information like shopping habits, income, and even payment habits might be legal to share if personally-identifying information is first removed. As a result, you will want to make sure you are GDPR compliant.
Here is more on the credit card privacy laws you should know.
Credit Card Privacy Laws You Should Know
FACTA was enacted in 2003 to strengthen the original laws under FCRA in light of changing technology and consumer habits. In my opinion, these laws still do not go far enough to protect consumers from having their personal information shared, but as we will see, pro-active consumers can take steps to strengthen the law on their own behalf. The main consumer protections you have as a credit card holder are:
- The Disposal Rule, which requires creditors to handle and if necessary, destroy consumer information in a way that prevents the unauthorized access or use of information in a consumer report.
- The Notice of Consumer Rights, which requires creditors to inform consumers of their rights to file fraud alerts, block information in a report arising from fraud, and obtain copies of documents used to commit fraud.
- Consent to Use Medical Information must be obtained from a consumer in order for medical information to be used for employment or credit purposes, and the information must also be relevant.
- The Privacy Rule, which requires creditors to provide initial privacy notices to consumers and customers, and provide privacy notices on an annual basis as long as the creditor/customer relationship continues.
- Limitations on Nonpublic Personal Information, which prevent companies from sharing personally-identifying information reasonably considered nonpublic, such as income, account numbers, and similar information, to unrelated companies. However, companies may share this type of information with their affiliates.
Clearly, existing credit card privacy law does not address many consumer concerns. For instance, most consumers do not know that credit card companies can share personally identifying information with affiliates, and be perfectly protected under the law.
How to Make Credit Card Privacy Law Work for You
As with so many other financial tasks, ultimately the burden of ensuring personal information stays private and is not shared amongst credit card companies and their affiliates falls on the consumer. Fortunately, there are mechanisms built into the law that allows consumers to further limit the use of their information.
- Opt-out of information sharing. Credit card companies that disclose nonpublic personal information to affiliates and non-affiliates must provide consumers the opportunity to opt out of such disclosures either through a website, a written request, or other reasonable means.
- Register with the Direct Marketing Association and opt-out of receiving any type of junk mail or unsolicited offers. This limits firms’ ability to share your information with others.
- Consider security freezes and other opt-out mechanisms offered by the three major credit reporting bureaus, TransUnion, Equifax, and Experian.
- Contact your local political representatives and let them know that you want stronger consumer protection laws in place so that even information that does not personally identify you is restricted from being shared.
Credit card privacy laws do not protect your information as thoroughly as you might expect. By being proactive and blocking credit card companies and marketers from using your information, you will not only increase your expectation of privacy but reduce your risk of identity theft and other financial fraud.
steven y. uehara says
CITI credit card from AT&T left a messg. about helping me with a payment program and other options for payment on my account with them. The lady from AT&T credit card even left her name and phone # to call back. The messg.was left on my mothers answering machine pretaning to me. I gave them no ph.# of my parents,and my mother called me about a mainland # that left the messg. I told her that i already called them, andwent to their house that day and listened to the messg. Is that against the law?
russell geary says
I purchased a diamond ring on my master card. The fraud alert people called my house and told my girlfriend about the purchase. She is not on my card. The ring was for her. It was supposed to be a surprise at christmas’ I’m waiting to hear from them with their offer. How do you put a price on a breach of confidentiality. They broke the law and I want them to do the right thing. I feel like David fighting Goliath.
I have an Microsoft Outlook email account where I do only the basic emailing and receiving emails. I just received an email from Microsoft Outlook Calendar informing me that I need to pay my Citibank credit card and the balance is XXX. I never gave either Citibank nor Microsoft permission to communicate about any credit card transactions on my account. I’d like to know how Microsoft accessed my Citibank account and how they arrived at the notion that it is within their right to disseminate this information; to anyone. I don’t give any establishment permission to share my personal information. They must have taken it under the cover of one of those mile-long privacy agreements that no one has the time to read or knowledge to understand…