|March 31, 2000
To Whom It May Concern:
I am writing on behalf of the American Automobile Association (AAA) and its member clubs regarding proposed regulations to implement Title V of the Gramm-Leach-Bliley Act, P.L. 106-102.
The American Automobile Association (AAA) is a not-for-profit membership organization founded in 1902. AAA's initial mission centered on the establishment of just laws governing the operation and ownership of automobiles. As AAA has matured, its focus has evolved to transportation infrastructure development, traffic safety, driver education and the provision of products and services to members.
Organizational Structure. AAA's organizational structure is unique. Its members consist of 79 automobile clubs operating in different areas of the United States. Each member club is chartered under the laws of the state(s) in which it operates. Each is governed by a local board of directors and operated by a separate staff. Clubs range in size from as small as a county to as large as several states. Club membership varies accordingly from as few as 10,000 to several clubs with memberships in excess of 1 million. One club, the largest, has six million members.
In order to maintain membership in AAA, member clubs are required to provide specified services to AAA members. All clubs are required to offer emergency roadside service, the flagship service for which AAA is perhaps best known, and the primary reason that people join and renew their memberships. In addition, clubs are required to offer travel services, described in greater detail below, and to offer bail bonds, car rental discounts, fee-free travelers cheques, notary services, passport photos and international driving permits. Finally, all clubs are required to publish a member's publication that is mailed periodically to each household.
Although each club is separate, AAA links the clubs into a network and ensures consistent, quality services through strict standards. AAA has procedures that permit memberships to transfer between clubs when a member moves into a different operating area, and AAA acts as a clearinghouse for national programs. AAA clubs serve their members through a network of 1000 local offices and over 39,000 employees located throughout the United States.
Member Network. From the foregoing, it is clear that members join AAA to be part of this network, which in turn provides them with emergency roadside service and access to a broad range of products and services (many clubs offer products and services beyond those that are required for membership in AAA). As a fully taxpaying, not-for-profit organization, the dues that members pay and revenues generated from club activities are used to cover the cost of providing services and dedicated to constantly improving the quality of products and services offered.
When new members join AAA, they choose to become part of a network with the collective resources to offer prompt, efficient and courteous emergency roadside service and a variety of complementary products, services and technologies--effectively "opting-in" to receive these offers. These offerings are comprised of carefully selected alliances with financial and nonfinancial partners.
Respecting Member Privacy
A commitment to provide unsurpassed service to our members is the philosophical foundation upon which AAA is organized. We strive to provide our members with the highest quality products and services, so understanding their interests and needs is important. At the same time, AAA recognizes that these activities must not compromise members' privacy.
We have followed with considerable attention the deliberations of Congress regarding the Gramm-Leach-Bliley Act (the Act) and the subsequent promulgation of regulations to implement Title V of P.L. 106-102. Based on the experience of an organization whose members have in effect "opted-in" to a network to serve their diverse automobile and travel needs and interests, AAA offers the following comments in response to the Federal Trade Commission's proposed rulemaking on privacy. The comments address specific questions posed by the agency.
Definition of Affiliate
The Act generally prohibits dissemination of nonpublic information to nonaffiliates absent notice and certain procedural requirements. In Section 313.3(a) of the proposed regulations, the Commission defines "affiliate" to mean persons controlled by, controlling, or under common control with others. Under a strict interpretation of this definition, it is unclear whether AAA member clubs would be considered affiliated with each other.
AAA is governed by a board of directors that is comprised primarily of outside directors from the Boards of local affiliate clubs throughout the country. Among its duties, the board is charged with the re-accreditation of clubs on a regular basis by ensuring compliance with strict quality, performance and financial standards, and is empowered to remove a club's accreditation and affiliation if these standards are not met. In this sense, the clubs are indeed under "common control" by virtue of AAA's governance process.
We believe that the definition of "affiliate" should recognize an organizational structure such as that of AAA.
Application of the Proposed Rule to Travel Agencies
In Section 313.3(j) of the proposed regulations, the Commission defines a financial institution as "any institution the business of which is engaging in activities that are financial in nature as described in section 4(k) of the Bank Holding Company Act " The Commission further notes that an entity will be considered a financial institution only if it is "significantly engaged" in financial activities.
Based on the Federal Reserve Board's "Regulation K" which regulates the international operations of U.S. banking organizations, the Commission determined in its rulemaking to extend the privacy protections of Title V to include operating a travel agency "in connection with financial services." The Commission seeks comment on the "the extent to which travel agencies are in fact operated in connection with financial services."
Products and Services Offered. The travel services offered by AAA member clubs consist of the following activities:
Financial Activities are Incidental to Travel Services. AAA believes that the above-mentioned activities should not result in a finding that AAA or the clubs are a "financial institution." Indeed, if by definition the airlines, hotels, theme parks and tour wholesalers are not "financial institutions," how could a club on whose behalf these accommodations are booked be considered a "financial institution?" Moreover, to the extent that traveler's cheques, check cashing and insurance sales are sometimes considered financial activities, in the case of the AAA travel agent and travel agency, these activities are merely incidental to the provision of travel products and services and clearly do not meet the standard of being "significantly engaged" in financial activity.
Accordingly, AAA believes that the regulatory purposes underlying the Act would not be served by broadly sweeping travel agents into the definition of "financial institution."
Disclosure Requirements--More Flexibility Needed
AAA recognizes that the Commission has a formidable task of balancing the need to implement the law while minimizing the burden of imposing excessive regulation to achieve its purposes. In response to the commission's request for comment on the regulatory burden as well as the methods of providing annual notice and "opt-out" requirements, we offer the following comments.
A one-size fits all approach will be an excessive and costly burden to organizations seeking to implement the privacy regulations. This is especially true of a membership organization whose communication channels to members come from 79 separate auto clubs. We request that the Commission allow flexibility in the methods by which organizations are permitted to issue disclosure notices.
Notice Through Member Publications. In the case of AAA, our club publications are the best place for notice to be given members; for many clubs this publication is the only established and direct means of communicating with each and every member. Each club is required to publish a member publication at least 4 times per year. Some clubs in fact publish their member publications 10-12 times per year. All households receive the publication by mail as part of their membership dues. AAA publications are valued by members, and our research shows that readership is high. Envelope stuffers, by contrast, enjoy notoriously low readership. Accordingly, AAA member club publications are the logical place for notice to be given in a format that members are most likely to actually see and read.
An annual notice provided in some other format would add to the cost of serving members and may fall short of the desired objective. The cost of existing club publications must often be subsidized beyond the advertising revenues received. For example, including notice in the annual renewal bill can be a burden since clubs have different renewal procedures, including automatic renewal as well as 13-14 month membership periods, pro-rated membership periods that are less than a year, and other timing uncertainties due to members transferring from one club operating area to another. Because of such factors, an annual separate notice would require a separate mailing at a cost that would ultimately be passed on to the member.
Section 503(a) of P.L. 106-102 provides flexibility for how entities meet the necessary notice requirements, and we urge the commission to provide organizations with the option and ability to use member publications as a method to provide notice.
Multiple Member Households. The commission also seeks comment on methods for providing notice in cases where there is more than one party in the household. AAA believes the responsibility for disclosure should occur at the level on which the relationship is based. For example, AAA has approximately 24 million member households, to which the club publications are mailed. The most logical and cost effective means of providing notice is to each of these households, regardless of how many members may reside in the household.
The same considerations apply to the method of providing the "opt-out" procedure. AAA's current policy requires members to "opt-out" in writing. This is to assure correct spelling, correct transcription of the member's identification number and a valid match routine. Without this documentation, the potential for error is greatly increased and could result in the undesired "opt-out" of another member. The typical way that a member can exercise "opt-out" is to remove the mailing label from the publication in which the notice is published, and affix the label to a request to be suppressed from marketing mailings. This method assures accuracy. We estimate that the requirement to provide an additional response device to the member would cost:
The goal of providing a meaningful "opt-out" can be achieved, without adding immeasurably to the costs of providing this service--costs that will inevitably have to be passed on to the member.
An organization with proven methods of providing notice and "opt-out" should retain the flexibility to meet these objectives using proven tools by which they communicate with their members. Because some states already allow membership organizations to use their magazines or publications to publish legally required notices, that precedent has already been established. For example, California's Nonprofit Corporation Law, Section 5016, provides that "A notice or report mailed or delivered as part of a newsletter, magazine or other organ regularly sent to members shall constitute written notice or report pursuant to this division when addressed and mailed or delivered to the member, or in the case of members who are residents of the same household and who have the same address on the books of the corporation, when addressed and mailed or delivered to one of such members, at the address appearing on the books of the corporation."
Existing Communication Channels. The Commission has invited comment on whether organizations should be required to accept "opt-outs" through any means the institution has already established to communicate with consumers. AAA clubs have multiple channels of contact with members, many of which would not be appropriate vehicles for communicating an "opt-out." For example, AAA has a toll-free number (1-800-AAA-HELP) for members to call for emergency roadside assistance. Requiring AAA to accept "opt-out" notices from members via this number would seriously hamper our ability to respond to members' emergency needs.
In addition, many of our members now communicate with us via electronic mail and often use only "screen names." Many do not include full name, address, membership number or phone number in the electronic communications. If AAA clubs are required to accept "opt-out" notices via e-mail, the amount of processing required to confirm the identity of the member becomes unduly burdensome.
A number of commentators have noted that the implementation requirements of the Act will be comparable in scope to the activities undertaken to ensure Y2K compliance as the typical system stores information in a myriad of locations. Since the implementation effort cannot effectively begin until the regulations are final, as matters stand now, affected institutions will have six months to effect implementation.
Given the scope of the new requirements and the systems that must be put in place to manage implementation of the new policy, it seems reasonable to grant organizations the time necessary to do the job properly. As earnest as an organization will be to comply, there are technological challenges that cannot be quickly resolved no matter how well intended the effort.
AAA encourages the commission to extend the deadline to a date when we can be assured that all affected financial institutions will be in compliance with the regulations. This includes those entities that will be subject to multiple regulatory requirements.
The challenge of drafting and implementing meaningful privacy policies will be an on-going one. After nearly a century of providing members with individualized, high-quality products and services, AAA recognizes the delicate balance that must be achieved when weighing member benefits along side respect for privacy. As we stated at the outset, our goal is to provide members with meaningful protection for their personal data and how it is used, while maintaining our ability to leverage the Association's collective resources to provide members with the best products and services possible.
Thank you for your consideration of AAA's views.
Susan G. Pikrallidas