There is still anxiety over the security of financial information sent over the Internet. Both vendors and consumers who would like to take advantage of the Internet as a forum for commerce continue to be uncertain about whether credit card information can be transmitted without constant worry that information will be hijacked or go astray in some way that will have deleterious results. While this may be one of the most pressing current technological problems on the Internet, there already exists an interesting federal web of access and privacy policies concerning records of financial institutions. Some of these are so obscure that few even know of their existence, while others have been in place for so long with little legislative scrutiny that it makes sense for Congress to take a hard look at the original policy and decide whether it should be affirmed or updated.
While there may be ancillary policies, the major privacy protection for bank records is the Right to Financial Privacy Act. Congress passed the Act in response to a Supreme Court decision which ruled that a customer had no privacy rights attached to his or her bank account and that the transactional information belonged to the institution. If Congress thought it was correcting this decision in the Right to Financial Privacy Act, it is unclear to an observer exactly how it thought the statute would accomplish this. Essentially, the Act is a procedural statute which requires government agencies to notify a financial institution of their need to see an individual's financial records. The bank then is required to notify the customer. As long as the government follows the procedural rules, there is no basis on which to deny access except, perhaps, that the agency's reasons for requesting the records are not adequate. In the mid-1980s, Congress amended the Act to allow for non-notification in the case of national security and various criminal investigations. The Act also provides that notice can be delayed under certain circumstances. While the statute allows most individuals to know that the FBI or some other agency is reviewing their bank records, it offers no real protection for the individual. There are perhaps 20 litigated cases, almost all of them involving the bank and the agency.
For those interested in access to government records concerning financial institutions, the obstacles to disclosure are almost insurmountable. When Congress passed the Freedom of Information Act in 1966, it attached two specific exemptions to the already existing set of seven. Apparently pushed by two powerful politicians -- Sen. Hubert Humphrey (D-Minn.) and Sen. Everett Dirksen (R-Ill.) -- Exemption 8 provided protection for bank records, while Exemption 9, passed at the behest of the oil industry, covered wells.
Exemption 8 allows agencies to withhold information "contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions."
There was little interest in bank records during the early years of the FOIA, and Exemption 8 was little used and little scrutinized. Not until the consumer movement resulted in legislation like the Truth in Lending Act, which required banks to more adequately explain the terms on which money was lent to consumers, or the Community Reinvestment Act, which required neighborhood banks to lend some money for local community investment, did the interest in government information on banks become more pronounced. But when public interest groups tried to learn more about the performance of banks under such laws, the agencies frequently cited Exemption 8 as the reason why those records should not be disclosed.
When Consumers Union tried to get records from the government, the D.C. Circuit Court of Appeals sided with the agency, noting that "if Congress has intentionally and unambiguously crafted a particularly broad, all-inclusive definition, it is not our function,