Welcome to the Department of Justice, Iowa Attorney General Tom Miller

For immediate release -- Friday, September 22, 2000.
Contact Bob Brammer - 515-281-6699

Miller says US Bank Agrees to Protect Customer Privacy

"US Bank is prohibited from sharing or selling customers' personal information to other companies for non-financial solicitations," says Attorney General Tom Miller.

Attorney General Tom Miller said today that US Bank has agreed to a multi-state settlement that completely prohibits the bank from giving people's personal financial information - including credit card account numbers - to unaffiliated third-party companies for purposes of marketing non-financial products or services.

US Bank, a Minneapolis-based national bank and credit card issuer with about two dozen branches in Iowa, also has agreed to give customers a right to "opt out" of having their personal information shared with affiliates or other businesses and used in solicitations for financial-related products or services. US Bank also will offer refunds to many customers and pay $2 million to states in the case.

Miller said a Federal District Court in Minnesota has approved settlement of a multi-state investigation focused on US Bank's sale of customer information such as names, addresses, telephone numbers, account numbers and other sensitive financial information to marketers. Bank customers then received telemarketing and mail solicitations for things such as dental and health coverage, travel benefits, credit card protection plans, and a variety of discount buying programs.

Consumers were billed for the products and services on their US Bank credit cards.

"The States alleged that US Bank sometimes misrepresented its privacy policy to customers," Miller said. "In some instances the bank specifically represented that customer information would be kept confidential, and sometimes the bank listed when information might be disclosed but failed to include any reference to its practice of providing such information to vendors for purposes of direct marketing."

The States noted, for example, that some consumers were unaware that solicitors had their personal information when consumers agreed to "free trial periods" for various products or services - and that they didn't realize their US Bank credit cards would be charged automatically after the trial period. Some consumers said they thought they would have to affirmatively give out their card number before they were charged, the States argued, and may not even have noticed they had made a purchase and were being billed.

Under the settlement, which was reached by US Bank and thirty-eight states plus the District of Columbia, US Bank:

  • Must provide refunds to customers whose information was provided to other marketers and who purchased a product or service but did not use it. US Bank will notify customers of the refunds, with oversight by the Federal Court and the States.


  • Must not give customers' personal information to unrelated third-party companies for non-financial solicitations.


  • Must give customers an opportunity to opt out of "cross-marketing activities." If a customer opts out, US Bank may not share the customer's personal information with its own affiliates for direct marketing purposes, nor with unaffiliated third-party companies for marketing the third-parties' financial products or services. Customers will be notified of the opt-out right and will be able to opt out by mail or toll-free number.


  • Must pay the States $2 million, including $66,666.66 to Iowa, for consumer education and litigation efforts.


US Bank did not admit any wrongdoing, and it did cooperate in the States' investigation. The Minnesota Attorney General previously settled allegations similar to the multi-state group's.

"This is a good resolution of an important consumer privacy issue," Miller said.

The Iowa Attorney General's Office has undertaken various actions related to consumer privacy, including a multi-state effort in July to block a bankruptcy trustee's plan to sell customer data of "Toysmart.com" as an asset when the company's privacy policy had promised such disclosure would never occur.

- 30 -