THE ATTORNEY GENERAL OF THE STATE OF NEW YORK
BUREAU OF CONSUMER FRAUDS AND PROTECTION
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IN THE MATTER OF
CHASE MANHATTAN BANK USA, N.A.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
X
:
:
:
:
ASSURANCE OF DISCONTINUANCE
PURSUANT TO EXECUTIVE LAW 搂63(15)
Pursuant to the provisions of Article 22-A of the General Business Law
("GBL") and Section 63(12) of the Executive Law, Eliot Spitzer, Attorney General of the
State of New York State, caused an inquiry to be made into certain marketing practices of
Chase Manhattan Bank USA, N.A.
Based upon this inquiry, the Attorney General makes the
following findings:
FINDINGS OF FACTS
1. Chase Manhattan Bank USA, N.A. is a subsidiary of The Chase Manhattan
Corporation. Its principal place of business is located at 802 Delaware Avenue, Wilmington,
Delaware 19801. Chase Manhattan Bank USA, N.A. and The Chase Manhattan Corporation are
herein referred to as "Chase".
2. Chase is a credit card issuer and has approximately 20 million accounts
nationwide. Chase also holds a substantial number of residential mortgages.
3. Chase has engaged in marketing programs with major nonaffiliated telemarketing
and direct mail entities for the purpose of offering consumer products and services to its
2
cardholders and mortgagors. The products and services offered to consumers included
memberships in discount shoppers' clubs, emergency road service plans, dental and legal
services plans, travel clubs, home and garden supply clubs and credit card registration and
magazine subscription services.
4. In connection with those marketing programs, Chase provided information to
nonaffiliated third party vendors in computer readable form including a list of names, addresses,
phone numbers and encrypted account numbers (or, in the case of Chase's mortgage business,
loan numbers) of Chase customers and, in the case of Chase customers having credit cards,
certain other information that related to the extent and timing of customer usage of Chase's credit
cards over time (including, for example, credit line, credit balance, the period of time the
customer has had the card and the date of the customer's last transaction) to enable the
nonaffiliated third party vendor to conduct computerized analyses (the "computer tapes") to
create a list of Chase customers who were likely to have an interest in purchasing the products or
services of the nonaffiliated third party vendor. According to Chase, the computer tapes were
provided to the nonaffiliated third party vendors under agreements which provided that the
information be kept confidential.
5. The nonaffiliated third party vendors with whom Chase established marketing
programs entered into agreements with Chase pursuant to which they paid Chase a fee in the
event that a Chase customer purchased the product or service offered by the nonaffiliated third
party vendor.
6. Once the nonaffiliated third party vendor conducted the computerized analysis of
the computer tapes and generated the list of Chase customers who were likely to purchase the
3
particular product or service to be offered, the nonaffiliated third party vendor arranged for
telemarketing or direct mail representatives to have access to the list of cardholder names,
addresses and telephone numbers of those specific Chase customers in order to conduct
telephone and/or direct mail solicitations.
7.
Chase customers who were contacted by nonaffiliated third party vendors and/or
their agents had not been advised of the specific types of information that had been in the
possession of the nonaffiliated third party vendor.
8. On or about July 1, 1999, Chase voluntarily imposed a moratorium on such
marketing efforts.
9.
At the time of the opening of a credit card account and periodically thereafter,
Chase provided its cardholders with a copy of its "Customer Information Principles" which set
forth its policies for protecting the privacy and confidentiality of customer information. Chase
informed customers, inter alia, that it does not share information about its customers with
unrelated companies except in certain limited circumstances, including making available special
offers of products and services that it felt may be of interest to Chase customers. Chase
provided a similar statement of its "Customer Information Principles" in its initial welcome kit
for Chase customers who had obtained mortgages from Chase.
10. Chase did not include information on how to opt-out in its initial notice to
mortgagors and did not include information on opting-out on its website or identify in its opt-out
notice to credit card holders an 800 number by which consumers can opt-out.
11. The Attorney General believes that Chase has not fully and adequately disclosed
to Chase customers that specific types of information on the computer tapes were provided to
4
nonaffiliated third party vendors for the purpose of offering Chase customers products and
services other than Chase's own products and services. The Attorney General further believes
that Chase also failed to fully and adequately provide Chase customers with notice of the
opportunity not to have that information shared with nonaffiliated third party vendors or of the
means to exercise that opt-out. The Attorney General further believes that, as a result of such
inadequate disclosure, Chase customers were unable to make a fully informed decision as to
whether to have the information on the computer tapes provided to nonaffiliated third party
vendors.
12. The Attorney General believes that Chase's practice of providing this information
regarding Chase customers to nonaffiliated third party vendors without more detailed and more
conspicuous disclosure of those practices and without a more convenient means to opt-out was
contrary to the consumer protection statutes of the State and to consumers' expectations of
privacy with respect to financial information provided to or acquired by Chase.
13. The Attorney General further believes that Chase's practice of failing to provide
more detailed and conspicuous disclosure to Chase customers regarding its policy of information
sharing and the means to opt-out constituted conduct violative of GBL Article 22-A and
Executive Law 搂63(12).
CHASE STATEMENT
Chase has expressly denied that any of its actions described above violates the consumer
protection laws of the State of New York including GBL Article 22-A and Executive Law
搂63(12). Chase has further asserted that its policy with respect to the use of information
regarding Chase customers has been properly disclosed in its customer information principles
5
and in subsequent disclosures to Chase customers and was consistent with its stated intention to
make available products and services that Chase believed would be of interest to Chase
customers and that information about Chase customers was appropriately protected by the terms
of its confidentiality agreements with the nonaffiliated third party vendors. Chase provided
additional information regarding information sharing when it notified customers with Chase
credit card accounts that the customers could inform Chase that they did not want to receive
telemarketing calls or direct mail solicitations. A welcome kit informed Chase credit card
customers that they could opt-out at any time by contacting Chase at a specified 800 number.
Chase also published its customer information principles online at its website at www.chase.com.
Chase has further stated that information about Chase customers was not provided to
nonaffiliated third party vendors if the Chase customers had exercised their opportunity to opt-
out and that the opportunity to opt-out was clear, the means to do so was easily accessible to
customers and the opt-out was, in fact, exercised by Chase customers. Chase further states that
the identity of the stores or other providers at which cards were used and the specific purchases
made were not disclosed to the nonaffiliated third party vendor and that the individuals making
telemarketing calls to Chase customers did not have access to information regarding the credit
balance or credit line, or regarding the extent or timing of the Chase customers' use of their
credit cards or the identity of the stores or other providers at which cards were used or the
specific purchases made.
IT NOW APPEARS that Chase is willing to enter into this Assurance without
admitting that it has violated any law, or that it otherwise committed any wrongful or improper
act and further without admitting that the alleged practices violate New York state consumer
6
protection laws, and the Attorney General is willing to accept this Assurance in lieu of
commencing a statutory proceeding.
IT IS HEREBY AGREED by Chase, its agents, affiliates, subsidiaries, and
assigns that:
1. Except as set forth herein, Chase shall not provide any information regarding a
Chase customer other than name, address and phone number to nonaffiliated third party vendors
for the purpose of allowing those vendors to market to Chase customers products or services of
the nonaffiliated third party vendors. For the purposes of this Assurance, the term "nonaffiliated
third party vendor" shall mean any entity that is not an affiliate of, related by common ownership
or affiliated by corporate control with Chase but does not include a joint employee of Chase, and
the term "customer" shall mean an individual Chase customer who has provided Chase with a
mailing address in the state of New York.
2.
Chase may furnish a list of names, addresses and telephone numbers of Chase
customers to nonaffiliated third party vendors provided that (a) the nonaffiliated third party
vendor cannot identify other specific financial information such as credit line or credit balance
regarding the Chase customer derived solely from information provided by Chase and (b) Chase
provides to each of its cardholders and mortgagors within a reasonable time from the date of
establishing a cardholder or mortgage relationship, as applicable, (or in the case of customer
relationships existing on the date of this Assurance, at any time prior to the initial release of the
customer's name, address and telephone number to the nonaffiliated third party vendor after the
execution of this Assurance), and not less than annually during the continuation of such
relationship, a disclosure which clearly and conspicuously (i) sets forth Chase's customer
7
information principles, including a description of the types of entities to which the Chase
customer's name, address and telephone number is provided and a notice that such information
may be shared for the purpose of telemarketing and/or direct mail solicitations unless the
customer directs that such information not be disclosed to such nonaffiliated third party vendors,
and (ii) gives the customer notice that the customer may direct Chase not to disclose his/her
name, address and phone number to nonaffiliated third party vendors by writing to Chase at a
designated address or by calling Chase at a specified toll-free number ("Opt-Out Notice"). The
Opt-Out Notice shall be set apart from the text of the customer information principles, shall be
headed Opt-Out Notice, or words of similar import and meaning, such heading to be in at least
12 point bold type and the body of the Notice shall be in at least 9.5 point type. Chase shall
further publish its customer information principles and method for opting-out on its website.
3. This Assurance shall not apply, either before or after the effective date of the Gramm-
Leach-Bliley Act signed into law by the President on November 12, 1999, to the disclosure of
customer information in accordance with the provisions of Sections 502(b)(2), 502(e) or 504(b)
of the Gramm-Leach-Billey Act, as originally enacted or as it may later be amended, or in
accordance with any regulations which may from time to time be promulgated thereunder;
except that, nothwithstanding the foregoing, this Assurance shall apply (i) to any marketing
program that was in existence on June 15, 1999 and was on the list of programs supplied to the
New York Attorney General's office by Chase, or (ii) to any similar program involving the
sharing of customer information with a nonaffiliated third party vendor that is not a financial
institution (as that term is defined in the Gramm-Leach-Bliley Act) for the purpose of marketing
such vendor's products. However, Chase may continue to provide customer information to those
8
entities whose names and/or marks appear on the face of Chase credit cards unless prohibited by
regulations issued pursuant ot the Gramm-Leach-Bliley Act.
4.
Chase shall not furnish to a nonaffiliated third party vendor a cardholder's account
number until and unless Chase is assured that the customer has accepted the products or services
and with the cardholder's consent has either recorded, or if the cardholders refuses to be
recorded, confirmed with a supervisory employee of the telemarketing company, the
cardholder's agreement to charge the products or services to a Chase credit card account.
5. Chase shall take steps to retrieve or direct to be destroyed all personal identifiable
account information retained by nonaffiliated third party vendors within the last two years,
except that, in the case of completed sales, the nonaffiliated third party vendor may retain such
information as is necessary for future billing or servicing purposes.
6. In the event that the regulations issued pursuant to the Gramm-Leach-Bliley Act
differ from the requirements of this Assurance as to the disclosures required with respect to the
form, content and timing of Chase's customer information principles and Opt-Out Notice, Chase
may, upon 15 days notice, to the Attorney General's office elect to comply with the federal
regulations and such compliance shall be deemed compliance with the terms of this Assurance.
The provisions of this Assurance shall remain in effect for a period of five (5) years from the date
of its execution.
7. In the event that New York enacts legislation that affords consumers greater
protections than the specific protections provided under this Assurance, such law shall govern
Chase's obligations under any statute to which this Assurance relates.
8. Chase shall file a report with the Attorney General within 90 days after the date on
9
which Chase must comply with regulations adopted pursuant to the Gramm-Leach-Bliley Act
indicating the manner and extent of its compliance with this Assurance of Discontinuance and
shall annex thereto copies of its revised customer information principles and Opt-Out Notices to
customers.
9. Nothing contained herein shall be construed as to deprive any individual of any
private right of action under the law. This Assurance shall not confer on any person any rights as
a third party beneficiary or otherwise against Chase.
10. Chase shall pay to the Attorney General within 10 days of the execution of this
Assurance the sum of $101,500 as costs of this investigation pursuant to Executive Law 搂63(15).
11.
Pursuant to Executive Law 搂 63(15), evidence of a violation of this Assurance
shall constitute prima facie
proof of a violation of the applicable statutes in any
10
civil action or proceeding hereafter commenced by the Attorney General.
WHEREFORE, the following signatures are affixed hereto this __ day of January,
2000.
CHASE MANHATTAN BANK USA,
N.A.
By:
ELIOT SPITZER
Attorney General of the
State of New York
120 Broadway
New York, New York 10271-0332
(212) 416-8323
BUREAU OF CONSUMER
FRAUDS AND PROTECTION
By:
THOMAS CONWAY
Assistant Attorney General in Charge
STEPHEN MINDELL
JANE M. AZIA
SHIRLEY STARK
Assistant Attorneys General
CORPORATE ACKNOWLEDGMENT
STATE OF DELAWARE
)
: ss
COUNTY OF
)
, being duly sworn, deposes and says:
I am a corporate officer of Chase Manhattan Bank USA, N.A., the entity described in
and which executed the foregoing Assurance of Discontinuance. I have executed the aforesaid
instrument with the consent and authority of Chase Manhattan Bank USA, N.A. and those
responsible for the acts of said entity and duly acknowledge same.
_______________________________
Sworn to before me this
day of January, 2000
___________________________
Notary Public
search
