What's In Is What's Out: Invasion of Privacy
If you haven't gotten the message yet, the invasion of customer privacy by banks is out. In fact, protection of customer information privacy promises to be the biggest compliance issue for banks as we enter the new millennium.
Did this issue sneak up on us? Not exactly. Anyone paying the remotest attention should have seen this coming years ago. Privacy is not exactly a new concern. It is as old as banking. That's why the Swiss banks invented numbered accounts. People want privacy when it comes to their money. People want privacy when it comes to financial decisions.
Remember 1984? The book, not the year. That book presaged an era when individual privacy and self-determination would cease to exist. What we feared didn't happen quite that way at quite that time, but it sure is here now!
After almost a quarter century in the bank regulation/compliance business, I don't remember any issue getting as much attention as privacy is getting. Not even fair lending got this kind of intense attention from Congress, the public, the industry, and regulators at the same time.
We could theorize for hours or days about why privacy is getting attention now. But the practical issue is: privacy should be a top concern for all banks - right now. Whether or not you are on the Internet or still relying on the traditional methods of banking, customers expect you to protect and honor their privacy.
Congress has passed, and the President has signed, a law that will require and encourage banks to protect their customers' privacy. At this stage, there is a great deal of room to choose how to accomplish this. The new law contains some mandate for the regulatory agencies to take action. But there is room - and time - for banks to set their own stage and write their own script.
This is an opportunity that the financial industry doesn't usually get - the opportunity to decide how something will be done. Usually, Congress passes a detailed law, directs an agency such as the Fed to issue regulations, and then the industry must fall in with the requirements chosen by Congress and the regulators.
Now, however, there are few specifics. It is therefore up to banks and the banking industry as a whole to determine how this one takes shape. As with other issues, a few "bad actors" can bring down the entire industry. After all, only a few banks placed 30-day holds. Only a few banks paid interest on the investable balance without telling their customers that was the plan. Very few lenders made high cost loans.
One violation of privacy, one seriously inadequate privacy program, one breach of security that could have been prevented and the industry will lose this freedom of choice.
Violations of customer privacy get immediate negative attention - lots of it. The short-sighted profit motive underlying the sale of customer data to telemarketing firms has caught up with not just the banks that have done this, but with all banks. And it has given a powerful engine to the privacy lobbying machine. Never before has "an ounce of prevention" been so important.
Copyright © 1999 Compliance Action. Originally appeared in Compliance Action, Vol. 4, No. 13 & 14, 11/99
First published on 11/01/1999