Interesting People mailing list archives
IP: Citibank's meaningless privacy notice: [risks] Risks Digest 21.38
From: David Farber <dave () farber net>
Date: Thu, 10 May 2001 05:43:28 -0400
Date: Thu, 3 May 2001 02:03:04 -0400 (EDT) From: VASSILIS PREVELAKIS <vassilip () dsl cis upenn edu> Subject: Citibank's meaningless privacy notice Citibank(South Dakota, N.A.) sent a leaflet to its customers to "...tell you how you can limit our disclosing personal information about you." Observe what great choice Citibank customers have: [...] Categories of Nonaffiliated Third parties to whom we may disclose personal information Nonaffiliated third parties are those not part of the family of companies controlled by Citigroup Inc. We may disclose personal information about you to the following types of nonaffiliated third parties: * Financial services providers, such as companies engaged in banking, credit cards, consumer finance, securities and insurance, * Non-financial companies, such as companies engaged in direct marketing and the selling of consumer products and services If you check box 1 on the Privacy Choices Form, we will not make those disclosures except as follows. First, we may disclose information ^^^^^^^^^^^^^^^^^ about you as described above in "Categories of Personal Information we collect and may disclose" to third parties that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements. Second, we may disclose personal information about you to third parties as permitted by law, ^^^^^^^^^^^^^^^^^^^ including disclosures necessary to process and service your Citi Card account. [...] Sharing with Citigroup Affiliates (Box 2) The law allows us to share with our affiliates any information about your transactions or experiences with you. Unless otherwise permitted by law, we will not share with our ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ affiliates other information that you provide to us or that we obtain from third parties (for example credit bureaus) if you check Box 2 on the Privacy Choices Form. [...] The options the clients are given are non-sensical as the bank retains the right to share information "as permitted by law" with just about everybody. Let's consider Box 1. Assuming that Citibank does not break the law, if the customer does not check the box, Citibank can share personal information with third parties. If the customer checks the box, Citibank "may disclose personal information to third parties" So whether Box 1 is checked or not the effect is the same unless Citibank breaks the law in sharing information with third parties. Only in this case checking the box makes a difference. If the box is checked, the customer essentially asks Citibank to stop performing these illegal activities. Let us now consider box 2. Regardless of the state of the box, Citibank can share with its affiliates "any information about [Citibank's] transactions or experiences with [the customer]." The information that box 2 is supposed to control is information "obtain[ed] from third parties". Again if the box is not checked then this information may also be shared, while if the box is checked personal information may still be shared unless prohibited by law. Great choice! On their web site "http://www.citibank.com/privacy" Citibank claims: "6. We will tell customers in plain language initially, and at least once annually, how they may remove their names from marketing lists. ..." If the language that was used in the leaflet is "plain" then Citibank must assume that all their clients are lawyers. In fact the whole purpose of the leaflet is to *pretend* that Citibank cares about the privacy of the customers, while retaining the right to distribute the personal information of their customers in any way they like. I have no problem with that - if I want privacy I can open a dollar account with a European bank and enjoy the protection of the EU laws. I *do* object, however, to being handed a document like that which treats me like an idiot. Vassilis Prevelakis, University of Pennsylvania
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Citibank's meaningless privacy notice: [risks] Risks Digest 21.38 David Farber (May 10)