Home About Us Services Speaking Blog Insights Contact Us
 

 

Gathering Data and Privacy

By Joseph Sullivan

The Value of Information

The value of information has rocketed to the stratosphere. With technology that allows the transmission of profile-based advertising, Web site owners are particularly driven to obtaining information. Banks simply need to step cautiously in this area.

The bank has traditionally been viewed as a secure and safe place to keep personal and valuable information. Bankers must use this to their advantage when planning their Internet strategies. Self-regulation still rules as the primary form of online restraint. Laws protecting consumer privacy are becoming more common. The "Financial Services Modernization Act of 1999" generally states that banks must give notice to customers to opt out of providing that information. Pursuant to this legislation, the bank may not provide account number or access numbers of any type to third parties, except where noted.

Community banks can use five keys to protect themselves against complaints based on these guidelines:

  1. Adopt and implement a privacy policy. The bank should adopt its own policy and take steps to insure that businesses, which interact with it, do the same. One way is to share best practice guidelines with business partners.
  2. Provide notice and disclosure. The bank's privacy policy should be easily located and accessed by its online customers. The policy must states clearly: what information is being collected; the use of that information; possible third party distribution of that information; the choices available to an individual regarding collection, use and distribution of the collected information; a statement of the organization's commitment to data security; and what steps the organization takes to ensure data quality and access. The policy should disclose the consequences, if any, of an individual's refusal to provide informaiton. The policy should also include a clear statement of what accountability mechanism the organization uses, including how to contact the organization.
  3. Give customers choice and consent. Banks should provide a mechanism that allows customers to choose what nonessential information they want to provide. And, customers should know about any outside entities that may receive the personal information from the bank.
  4. Insure data security. The banks need to protect its customer data from loss, misuse, or alteration. A more difficult task is taking steps to insure that the third parties being provided with customer information are also taking these protective steps. This will probably be a growing concern and road to increased liability in the future.
  5. Data quality and access. The bank should insure that its data is accurate and complete for the purpose that it was intended. The system should provide an easy, functional way for inaccuracies to be corrected, and prevent against unauthorized access or use of customer information.

With all of these options at the bank's disposal comes the job of marketing responsibly. People's privacy should weight heavily on all decisions about online marketing.

A Recipe for Cookies

Cookies are files that share information between a bank site's server and a user's Web browser. They are sometimes perceived as a violation of privacy, in reality, though, they are not quite so menacing. Community banks can collect information from site visitors with cookies. These files can provide the following information:

  • IP address
  • Geographic location - national or local
  • Browser used
  • Date and time of request
  • Computer platform (Mac or Windows and version)

That information alone is relatively innocuous to obtain. Cookies work most effectively in conjunction with a database. With a backend database, cookies can record each action on site. If an Internet user (assuming he or she is using the same computer each time) fills out a questionnaire, clicks on a link, or takes any other action on the bank's Web site, that information is recorded in a database. The bank can determine the identify of the Internet user only if the person voluntarily filled out a questionnaire with a name or other identifying information.

Questionnaires

Questionnaires, like cookies, require a balance between utilization and discretion. The upside to them is that user voluntarily provide information. The bank must ensure that is provides full disclosure about how it will use the information.

Generally, people will only provide optional personal information to receive a benefit. If a bank want to use questionnaires and surveys, it needs to offer something to users like a subscription to a newsletter or product information. To generate response to a more comprehensive survey, a bank can sponsor a contest that encourages input. When constructing the questionnaire, banks should make sure that they ask nothing that cannot be used. Questionnaire results provide a mountain of information that a bank can use to specifically target within its community and directly to customers who have been receptive in the past.

This article was written for the convenience of our financial services clients and friends, and, is in no way created to replace legal advice pertaining to security or privacy issues. We suggest contacting your legal advisor for further details.