Featured Jobs
|
July Business Services
|
|
Strongpoint Partners
|
|
Retirement Plan Administration Consultant Blue Ridge Associates
|
|
Mergers & Acquisition Specialist Compass
|
|
Regional Vice President, Sales MAP Retirement USA LLC
|
|
Compass
|
|
Combo Retirement Plan Administrator Strongpoint Partners
|
|
ESOP Administration Consultant Blue Ridge Associates
|
|
Managing Director - Operations, Benefits Daybright Financial
|
|
DC Retirement Plan Administrator Michigan Pension & Actuarial Services, LLC
|
|
Retirement Plan Consultants
|
|
Anchor 3(16) Fiduciary Solutions
|
|
Cash Balance/ Defined Benefit Plan Administrator Steidle Pension Solutions, LLC
|
|
Relationship Manager for Defined Benefit/Cash Balance Plans Daybright Financial
|
Free Newsletters
“BenefitsLink continues to be the most valuable resource we have at the firm.”
-- An attorney subscriber
|
|
Guest Article
As Compliance Gears Up, the Legality of GLB Privacy Rules Is Upheld in Federal Court
Summary: With the ink barely dry on federal privacy regulations, the constitutionality of consumer privacy rules already has been challenged and upheld in federal district court. |
(June 5, 2001) - Federal rules restricting the use and disclosure of nonpublic personal information -- specifically, individually identifiable financial and health information -- do not violate First Amendment free speech protections, the U.S. District Court for the District of Columbia ruled in Trans Union LLC v. Federal Trade Commission, 2001 WL 477382 (D.C.D.C., April 30, 2001).
This ruling has implications for group welfare benefits plans, which handle protected financial and health information that is passed on to insurance companies subject to the consumer privacy protections under the Gramm-Leach-Bliley Act of 1999 (GLB).
Facts of the Case
GLB generally protects financial information that consumers provide to financial institutions, including insurance companies. GLB regulations issued by the Federal Trade Commission (FTC) were challenged as impermissible on the ground that, among other things, the GLB statute only applies to financial information but the regulations extend protections to nonpublic personal information.
Trans Union, which brought the suit, is a credit-reporting agency that provides consumer credit reports that include identifying consumer information, such as name, address, social security number and telephone number. Trans Union sold the information for commercial and noncommercial purposes, and has target-marketing lists that provide its customers with names and addresses of individuals who live in a household that meets particular criteria.
It is Trans Union's use and disclosure of information that is subject to GLB protections and was at issue in this case. The FTC regulations limit and define the conditions under which financial institutions may disclose nonpublic personal information about consumers to nonaffiliated third parties. Thus, the court analyzed whether the consumer credit report information is personally identifiable financial information.
The court determined that Congress provided for especially broad privacy protections for all information in these consumer lists that is derived using nonpublic personal information. The court added that this protection applies even where the information is otherwise publicly available, as long as it was derived using nonpublic personal information.
The court decided that the information may or may not be nonpublic personal information -- which includes information provided by consumers -- depending on how it is disclosed.
Financial institutions rely on a broad range of information that they obtain about consumers, including addresses and telephone numbers. The federal agencies concluded it would be inappropriate to carve out certain types of information that a financial institution would rely on. Therefore, the court found that the agencies' interpretation of GLB was permissible.
Furthermore, the agencies decided that any information should be considered financial information if it is requested by a financial institution to provide a financial product or service.
Even homogenized information -- which is stripped of all intrinsically financial data -- is within the definition, the court said. Consumer information remains protected. It cannot be resold or re-shared by third parties, or profiled or repackaged to avoid privacy protections except under certain limited circumstances, the court noted.
Implications
This ruling is strong support for the permissible application of GLB privacy protections to consumer information obtained through the administration of group health, life, disability and other group welfare benefits plans. Although employers and other plan sponsors are not financial institutions, and thus not subject to GLB directly, the information they forward to insurance companies is protected. Therefore, insurance companies, brokers and agents obtaining this information are subject to the GLB's notice and security requirements. This in turn indirectly affects plan sponsors that receive privacy notices from insurers, agents, etc., for distribution to plan participants.
This ruling should minimize the reluctance in the benefits community to comply with GLB due to questions of authority or legality in implementing the privacy requirements. The ruling also puts insurers and others on notice that the information protected by GLB is broad.
Excerpted from the June 2001 supplement to Employer's Guide to the Health Insurance Portability and Accountability Act, published by Thompson Publishing Group, Inc.©Thompson Publishing Group, Inc., 2001. All rights reserved.
BenefitsLink is an independent national employee benefits information provider, not formally affiliated with the firms and companies who kindly provide much of the content and advertisements published on this Web site, including the article shown above.