1 / 31

Is Confidentiality in Banking Outdated?

Is Confidentiality in Banking Outdated?. Peter P. Swire Chief Counselor for Privacy United States Government. Overview:. Chief Counselor for Privacy The Banking Heritage of Trust Reasons for Data Transfers U.S. Bank and Today’s Real Problems The Administration’s Proposals

abiola
Download Presentation

Is Confidentiality in Banking Outdated?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government

  2. Overview: • Chief Counselor for Privacy • The Banking Heritage of Trust • Reasons for Data Transfers • U.S. Bank and Today’s Real Problems • The Administration’s Proposals • Is Confidentiality in Banking Outdated?

  3. I. My Background: • Writings at www.osu.edu/units/swire.htm • Represented banks and ABHC in 1980s • Taught banking reg 6 times in law schools • “None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive” -- first mention in print of several exceptions

  4. “Chief Counselor for Privacy” • New Position announced by Vice President • In Office of Management and Budget • In Executive Office of the President • Public-sector data • Private-sector data • International point of contact

  5. II. The Banking Heritage of Trust • My father-in-law, Ted Putney • Trust officer & manager in Albany, N.Y. • Proud to have the “trust” of his clients • Family rule -- no names • Not measured by opening his clients to offers by affiliates or outside parties

  6. Two kinds of “trust” • Confidentiality and trust as great banking traditions • Safety and Soundness • “Trust” in financial stability • Laws and norms against undermining public confidence

  7. Two Kinds of “Trust” (cont.) • “Trust” as confidentiality: • Customer as borrower • Customer as depositor • Customer who seeks advice from banker • Customer who uses a bank’s cash management services

  8. Beyond Ted Putney: “Privacy is everyone’s concern, and these principles confirm what we have been saying all along -- the banking industry is still the center of trust and confidentiality” ABA Privacy Principles (including notice and opt-out for marketing)

  9. “Consumers of banking services have come to rely upon and, more importantly, expect that their financial information to which their institution is privy will be cautiously guarded.” Wisconsin Bankers Association, 1999

  10. “As a consumer, I am personally concerned about my name, address, telephone number, and financial information being on thousands of lists targeting me and my family for the sale of products and services I may not want or need.” Robert R. Davis, America’s Community Bankers, July 20, 1999

  11. “At the same time, there are legitimate -- even essential -- reasons for business to share information.” Robert DavisThe Administration agrees.

  12. III. Reasons for Data Transfers • Technology -- laptops more powerful than mainframes • Geographic changes -- national banking • Product changes -- more lines of business • Electronic payments -- credit & debit cards, electronic deposit, Internet payments, electronic benefits

  13. The vision for cross-marketing: • Marketing dream -- “every purchase the customer ever makes” • Economies of scope & scale • One-to-one marketing -- precisely the products the customer wants • One-to-one marketing -- pricing based on what consumer is willing to pay

  14. Why data mining may maximize profits: • Perhaps it is more profitable to mine the data than to protect confidentiality • Competitive pressures to use the available data • Customers benefit from one-to-one marketing • “Free flow of information” inevitable

  15. “Free flow of information” • A noble goal, but do we mean it? • Security -- free flow to hackers? • Intellectual property -- free flow to pirates? • Privacy -- free flow to intruders? • Moral: • Many wonderful flows • Not all flows are wonderful, or inevitable

  16. IV. Are there real privacy problems today? • U.S. Bank case • Information here from interrogatories -- public knowledge • U.S. Bank has made major commitments for the future • 600,000 checking account customers • name, home phone & address, SSN, DOB, product code, account number, routing & transit number

  17. U.S. Bank (continued) • 330,000 credit card customers • name, home address & phone, last purchase date, date opened, current balance, credit limit, YTD finance charges, last payment date, amount last payment, SSN, DOB, behavior score, bankruptcy score

  18. U.S. Bank (continued) • Notice: “Periodically we may share our cardholder lists with companies that supply products and services that we feel our customers will value.” • Apparently no opt-out • Apparently similar activities by other banks

  19. What problems from U.S. Bank? • Data released for unrelated purpose -- a dental plan • “Negative option” by Memberworks: • Postcard then have 30 days to cancel • If not, then billed annual fee ($59.95) • Lots of complaints once fee taken out of account

  20. How do bankers react to this? • From my discussions -- majority view, strong negative reaction • “That shouldn’t happen” • Minority view -- “Marketing is inevitable. Get used to this.”

  21. The challenge today: • Reinventing confidentiality in banking • How to take advantage of data mining and marketing opportunities, while maintaining customer trust? • What are new information and privacy best practices? • How, as a society, get those practices in place?

  22. V. The Administration’s main proposals: • Notice -- the bank’s policy • Choice -- customers can say no to “unrelated” uses • Enforcement -- examiner authority as with other consumer laws • Anti-fraud: fight pretext calling and identity theft, scrutinize risky data flows

  23. Reasons for Confidentiality Rules: • Reinforce strategic asset of trust -- like $50 rule for credit cards • Hard to resist competitive pressures • Hard to market to those who care about privacy -- they’re not on the lists • Truly sensitive data -- “every purchase ever”

  24. Why choice? Why opt-out? • Not “stopping all marketing”! • Do respect choices of individuals who do not want marketing or other transfers • The price of opening an account should not be undisclosed and unlimited data flows • Consumers’ ability to choose creates confidence, and less need for fear

  25. Is choice workable? • As stated before, not all flows that are technically possible are desirable -- security, and IP, and privacy • Direct Marketing Association -- notice and choice or else expelled from DMA

  26. Are the opt-out rules too broad? • Exceptions • extensive list in H.R. 10 • Gensler testimony -- more for affiliates • regulatory discretion in H.R. 10 • Administration will keep meeting with you • Within HCs -- “closely related to financial services,” and even “convenient” to that -- may include surprising businesses

  27. VI. Is confidentiality in banking outdated? • No -- we can’t waste such a strategic asset • Many new flows of information are good -- for customers and for profitability • Some new flows are not good • Identity theft and pretext calling -- SSNs and account numbers on the loose • Reasonable expectations of customers are violated

  28. What do bankers want?What does society want? • Bankers want to be proud of their industry’s practices -- give notice and live by those policies • Consumers want a sense of control and autonomy -- choice over their sensitive, personal information as it enters the database

  29. What should you do next? • If none exists, name a responsible person in your organization • Take a personal interest in how your organization is handling the data of your customers -- leadership counts. • Do you, as an experienced banker (like Ted Putney) feel comfortable with what you are doing?

  30. Next steps (continued) • Give notice of how you really handle customer information. • Give a choice to customers if you, or someone in your family, would want a choice.

  31. Finally: • If you, as an experienced and informed banker, are proud of your practices: • Your employees will be proud • The press and regulators will be (mostly) quiet • Your customers will trust you, and banks generally, as vital institutions for the information age.

More Related