Presentation on theme: "Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government."— Presentation transcript:
Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government
Overview: n Chief Counselor for Privacy n The Banking Heritage of Trust n Reasons for Data Transfers n U.S. Bank and Todays Real Problems n The Administrations Proposals n Is Confidentiality in Banking Outdated?
I. My Background: n Writings at n Represented banks and ABHC in 1980s n Taught banking reg 6 times in law schools n None of Your Business: World Data Flows, Electronic Commerce, and the European Privacy Directive -- first mention in print of several exceptions
Chief Counselor for Privacy n New Position announced by Vice President – In Office of Management and Budget – In Executive Office of the President n Public-sector data n Private-sector data n International point of contact
II. The Banking Heritage of Trust n My father-in-law, Ted Putney n Trust officer & manager in Albany, N.Y. n Proud to have the trust of his clients n Family rule -- no names n Not measured by opening his clients to offers by affiliates or outside parties
Two kinds of trust n Confidentiality and trust as great banking traditions n Safety and Soundness – Trust in financial stability – Laws and norms against undermining public confidence
Two Kinds of Trust (cont.) n Trust as confidentiality: – Customer as borrower – Customer as depositor – Customer who seeks advice from banker – Customer who uses a banks cash management services
Beyond Ted Putney: Privacy is everyones concern, and these principles confirm what we have been saying all along -- the banking industry is still the center of trust and confidentiality ABA Privacy Principles (including notice and opt-out for marketing)
Consumers of banking services have come to rely upon and, more importantly, expect that their financial information to which their institution is privy will be cautiously guarded. Wisconsin Bankers Association, 1999
As a consumer, I am personally concerned about my name, address, telephone number, and financial information being on thousands of lists targeting me and my family for the sale of products and services I may not want or need. Robert R. Davis, Americas Community Bankers, July 20, 1999
At the same time, there are legitimate -- even essential -- reasons for business to share information. Robert Davis The Administration agrees.
III. Reasons for Data Transfers n Technology -- laptops more powerful than mainframes n Geographic changes -- national banking n Product changes -- more lines of business n Electronic payments -- credit & debit cards, electronic deposit, Internet payments, electronic benefits
The vision for cross-marketing: n Marketing dream -- every purchase the customer ever makes n Economies of scope & scale n One-to-one marketing -- precisely the products the customer wants n One-to-one marketing -- pricing based on what consumer is willing to pay
Why data mining may maximize profits: n Perhaps it is more profitable to mine the data than to protect confidentiality n Competitive pressures to use the available data n Customers benefit from one-to-one marketing n Free flow of information inevitable
Free flow of information n A noble goal, but do we mean it? – Security -- free flow to hackers? – Intellectual property -- free flow to pirates? – Privacy -- free flow to intruders? n Moral: – Many wonderful flows – Not all flows are wonderful, or inevitable
IV. Are there real privacy problems today? n U.S. Bank case – Information here from interrogatories -- public knowledge – U.S. Bank has made major commitments for the future n 600,000 checking account customers n name, home phone & address, SSN, DOB, product code, account number, routing & transit number
U.S. Bank (continued) n 330,000 credit card customers n name, home address & phone, last purchase date, date opened, current balance, credit limit, YTD finance charges, last payment date, amount last payment, SSN, DOB, behavior score, bankruptcy score
U.S. Bank (continued) n Notice: Periodically we may share our cardholder lists with companies that supply products and services that we feel our customers will value. n Apparently no opt-out n Apparently similar activities by other banks
What problems from U.S. Bank? n Data released for unrelated purpose -- a dental plan n Negative option by Memberworks: – Postcard then have 30 days to cancel – If not, then billed annual fee ($59.95) – Lots of complaints once fee taken out of account
How do bankers react to this? n From my discussions -- majority view, strong negative reaction n That shouldnt happen n Minority view -- Marketing is inevitable. Get used to this.
The challenge today: n Reinventing confidentiality in banking n How to take advantage of data mining and marketing opportunities, while maintaining customer trust? n What are new information and privacy best practices? n How, as a society, get those practices in place?
V. The Administrations main proposals: n Notice -- the banks policy n Choice -- customers can say no to unrelated uses n Enforcement -- examiner authority as with other consumer laws n Anti-fraud: fight pretext calling and identity theft, scrutinize risky data flows
Reasons for Confidentiality Rules: n Reinforce strategic asset of trust -- like $50 rule for credit cards n Hard to resist competitive pressures n Hard to market to those who care about privacy -- theyre not on the lists n Truly sensitive data -- every purchase ever
Why choice? Why opt-out? n Not stopping all marketing! n Do respect choices of individuals who do not want marketing or other transfers n The price of opening an account should not be undisclosed and unlimited data flows n Consumers ability to choose creates confidence, and less need for fear
Is choice workable? n As stated before, not all flows that are technically possible are desirable -- security, and IP, and privacy n Direct Marketing Association -- notice and choice or else expelled from DMA
Are the opt-out rules too broad? n Exceptions – extensive list in H.R. 10 – Gensler testimony -- more for affiliates – regulatory discretion in H.R. 10 – Administration will keep meeting with you n Within HCs -- closely related to financial services, and even convenient to that -- may include surprising businesses
VI. Is confidentiality in banking outdated? n No -- we cant waste such a strategic asset n Many new flows of information are good -- for customers and for profitability n Some new flows are not good – Identity theft and pretext calling -- SSNs and account numbers on the loose – Reasonable expectations of customers are violated
What do bankers want? What does society want? n Bankers want to be proud of their industrys practices -- give notice and live by those policies n Consumers want a sense of control and autonomy -- choice over their sensitive, personal information as it enters the database
What should you do next? n If none exists, name a responsible person in your organization n Take a personal interest in how your organization is handling the data of your customers -- leadership counts. n Do you, as an experienced banker (like Ted Putney) feel comfortable with what you are doing?
Next steps (continued) n Give notice of how you really handle customer information. n Give a choice to customers if you, or someone in your family, would want a choice.
Finally: n If you, as an experienced and informed banker, are proud of your practices: – Your employees will be proud – The press and regulators will be (mostly) quiet – Your customers will trust you, and banks generally, as vital institutions for the information age.