Customers'data fair game for some banks

Privacy: Many financial conglomerates are following a policy of share and share alike.

May 22, 2000|By Dan Gillmor | Dan Gillmor,Knight Ridder/Tribune

I'm looking for a special partner in my life: a financial institution that pays more than lip service to my privacy. My bank, which has provided good service in some other ways, isn't in the running.

It was bad enough that the bank insisted on using my Social Security number as the log-on identifier for Web-based banking. "But you still need a password," said an oblivious customer-service agent when I noted the incredible foolishness of this policy. It's frighteningly simple to get individuals' Social Security numbers, and people tend to use easy-to-guess passwords, so the potential for security and privacy breaches seems high.

Then, in the wake of a recently passed financial-services law, the bank enclosed with a monthly statement a small brochure detailing policies about what affiliates or third parties would get to see my personal information. My strong preference was none at all.

But this wasn't an option for my bank -- let's call it "Mega Bancshares," because many of the big institutions have roughly equivalent policies, as far as I can tell -- because it had a different agenda. It would allow me, as the law required, to opt out of having certain data shared with nonaffiliated third parties. (Notice, of course, that I would have to opt out, when the honorable procedure would be to ask me if I'd like to opt in.)

When it came to affiliated businesses, opting out wasn't an option for some data, no matter what I wanted. Here's a quote from the privacy statement: "We are lawfully allowed to share some information with our affiliated banks and companies even if you request us to limit the sharing of information. It is our policy to share this information among our affiliated banks and companies to the fullest extent permitted by law."

In this age of consolidation and mergers among financial services companies, the ability of these conglomerates to create minutely detailed dossiers on customers is unprecedented and alarming. Never has there been so much to share. Mortgage lenders routinely require applicants to fork over tax returns, for example. And insurance companies typically have access to medical records.

With all kinds of financial institutions now under a single roof, ask yourself some questions: Do you want your tax return to be seen by your credit-card issuer? Do you want your medical records to be available to your mortgage company?

Not to worry, say the financial barons, the advantages to customers outweigh any possible problems. Only by being able to collect, massage and use the data they have about customers will banks be able to offer tailored financial services, the industry insists.

All this comes courtesy of last year's "Financial Services Modernization Act," which basically repealed old laws prohibiting some kinds of financial institutions from being in the same business as other kinds of institutions. The bill's legislative backers touted benefits to consumers.

There were a few new privacy protections written into the legislation, though they were so weak as to be essentially meaningless. Naturally, even the modest privacy provisions have proved so awful to the industry that it has requested and received an extension of the time before it would have to comply.

In self-defense, I've developed a strategy to ensure my privacy -- assuming that's even possible -- even though it will make my life more complicated.

I'm planning to move my accounts to several different financial institutions that are not affiliated with each other. For example, I'll keep a checking account with a bank that is not part of a giant conglomerate, though I'll keep an account with Mega Bancshares so I can use its multistate network of automated teller machines. I'll be sure that I don't have insurance with any company that's in a holding company with any other financial institution with which I do business.

I'm also looking for the names of financial institutions that do not share information with anyone else, even other parts of their corporate empires. I'll publish the names of these institutions, assuming any exist, when I verify their pro-privacy policies.

I recognize that, for now, I'll have to pay extra for privacy -- by spending time or money. And I'm outraged that this should be necessary.

But I'm afraid it'll be necessary for some time to come, even though the issue is finally being taken seriously in Washington, D.C., and the state capitals. The people who buy, sell and massage other people's personal data are powerful and well-financed, however, and they won't allow privacy protections to be enacted without a huge fight.

The latest gambit is a proposal for a bipartisan congressional commission to examine the issue and report back in 18 months. As blatant stalling tactics go, this one doesn't even reach the level of creative.

President Clinton, a master at spotting what voters care about and then getting in front of a wave, has been moving to the right side of the privacy debate. We haven't heard much from Al Gore or George W. Bush on this. The candidate who grasps people's unease about our increasingly transparent lives will win some extra votes in November.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.