is confidentiality in banking outdated? peter p. swire chief counselor for privacy united states...
TRANSCRIPT
![Page 1: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/1.jpg)
Is Confidentiality in Banking Outdated?
Peter P. Swire
Chief Counselor for Privacy
United States Government
![Page 2: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/2.jpg)
Overview:
Chief Counselor for Privacy The Banking Heritage of Trust Reasons for Data Transfers U.S. Bank and Today’s Real Problems The Administration’s Proposals Is Confidentiality in Banking Outdated?
![Page 3: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/3.jpg)
I. My Background:
Writings at www.osu.edu/units/swire.htm Represented banks and ABHC in 1980s Taught banking reg 6 times in law schools “None of Your Business: World Data
Flows, Electronic Commerce, and the European Privacy Directive” -- first mention in print of several exceptions
![Page 4: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/4.jpg)
“Chief Counselor for Privacy”
New Position announced by Vice President– In Office of Management and Budget– In Executive Office of the President
Public-sector data Private-sector data International point of contact
![Page 5: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/5.jpg)
II. The Banking Heritage of Trust
My father-in-law, Ted Putney Trust officer & manager in Albany, N.Y. Proud to have the “trust” of his clients Family rule -- no names Not measured by opening his clients to
offers by affiliates or outside parties
![Page 6: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/6.jpg)
Two kinds of “trust”
Confidentiality and trust as great banking traditions
Safety and Soundness– “Trust” in financial stability– Laws and norms against undermining public
confidence
![Page 7: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/7.jpg)
Two Kinds of “Trust” (cont.)
“Trust” as confidentiality:– Customer as borrower– Customer as depositor– Customer who seeks advice from banker– Customer who uses a bank’s cash management
services
![Page 8: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/8.jpg)
Beyond Ted Putney:
“Privacy is everyone’s concern, and these principles confirm what we have been saying all along -- the banking industry is still the center of trust and confidentiality”
ABA Privacy Principles (including notice and opt-out for marketing)
![Page 9: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/9.jpg)
“Consumers of banking services have come to rely upon and, more importantly, expect that their financial information to which their institution is privy will be cautiously guarded.”
Wisconsin Bankers Association, 1999
![Page 10: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/10.jpg)
“As a consumer, I am personally concerned about my name, address, telephone number, and financial information being on thousands of lists targeting me and my family for the sale of products and services I may not want or need.” Robert R. Davis, America’s Community Bankers, July 20, 1999
![Page 11: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/11.jpg)
“At the same time, there are legitimate -- even essential -- reasons for business to share information.” Robert Davis
The Administration agrees.
![Page 12: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/12.jpg)
III. Reasons for Data Transfers
Technology -- laptops more powerful than mainframes
Geographic changes -- national banking Product changes -- more lines of business Electronic payments -- credit & debit cards,
electronic deposit, Internet payments, electronic benefits
![Page 13: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/13.jpg)
The vision for cross-marketing:
Marketing dream -- “every purchase the customer ever makes”
Economies of scope & scale One-to-one marketing -- precisely the
products the customer wants One-to-one marketing -- pricing based on
what consumer is willing to pay
![Page 14: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/14.jpg)
Why data mining may maximize profits: Perhaps it is more profitable to mine the
data than to protect confidentiality Competitive pressures to use the available
data Customers benefit from one-to-one
marketing “Free flow of information” inevitable
![Page 15: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/15.jpg)
“Free flow of information”
A noble goal, but do we mean it?– Security -- free flow to hackers?– Intellectual property -- free flow to pirates?– Privacy -- free flow to intruders?
Moral:– Many wonderful flows– Not all flows are wonderful, or inevitable
![Page 16: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/16.jpg)
IV. Are there real privacy problems today? U.S. Bank case
– Information here from interrogatories -- public knowledge
– U.S. Bank has made major commitments for the future
600,000 checking account customers name, home phone & address, SSN, DOB,
product code, account number, routing & transit number
![Page 17: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/17.jpg)
U.S. Bank (continued)
330,000 credit card customers name, home address & phone, last purchase
date, date opened, current balance, credit limit, YTD finance charges, last payment date, amount last payment, SSN, DOB, behavior score, bankruptcy score
![Page 18: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/18.jpg)
U.S. Bank (continued)
Notice: “Periodically we may share our cardholder lists with companies that supply products and services that we feel our customers will value.”
Apparently no opt-out Apparently similar activities by other banks
![Page 19: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/19.jpg)
What problems from U.S. Bank?
Data released for unrelated purpose -- a dental plan
“Negative option” by Memberworks:– Postcard then have 30 days to cancel– If not, then billed annual fee ($59.95)– Lots of complaints once fee taken out of
account
![Page 20: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/20.jpg)
How do bankers react to this?
From my discussions -- majority view, strong negative reaction
“That shouldn’t happen” Minority view -- “Marketing is inevitable.
Get used to this.”
![Page 21: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/21.jpg)
The challenge today:
Reinventing confidentiality in banking How to take advantage of data mining and
marketing opportunities, while maintaining customer trust?
What are new information and privacy best practices?
How, as a society, get those practices in place?
![Page 22: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/22.jpg)
V. The Administration’s main proposals: Notice -- the bank’s policy Choice -- customers can say no to
“unrelated” uses Enforcement -- examiner authority as with
other consumer laws Anti-fraud: fight pretext calling and identity
theft, scrutinize risky data flows
![Page 23: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/23.jpg)
Reasons for Confidentiality Rules: Reinforce strategic asset of trust -- like $50
rule for credit cards Hard to resist competitive pressures Hard to market to those who care about
privacy -- they’re not on the lists Truly sensitive data -- “every purchase
ever”
![Page 24: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/24.jpg)
Why choice? Why opt-out?
Not “stopping all marketing”! Do respect choices of individuals who do
not want marketing or other transfers The price of opening an account should not
be undisclosed and unlimited data flows Consumers’ ability to choose creates
confidence, and less need for fear
![Page 25: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/25.jpg)
Is choice workable?
As stated before, not all flows that are technically possible are desirable -- security, and IP, and privacy
Direct Marketing Association -- notice and choice or else expelled from DMA
![Page 26: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/26.jpg)
Are the opt-out rules too broad?
Exceptions – extensive list in H.R. 10– Gensler testimony -- more for affiliates – regulatory discretion in H.R. 10– Administration will keep meeting with you
Within HCs -- “closely related to financial services,” and even “convenient” to that -- may include surprising businesses
![Page 27: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/27.jpg)
VI. Is confidentiality in banking outdated?
No -- we can’t waste such a strategic asset Many new flows of information are good --
for customers and for profitability Some new flows are not good
– Identity theft and pretext calling -- SSNs and account numbers on the loose
– Reasonable expectations of customers are violated
![Page 28: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/28.jpg)
What do bankers want?What does society want? Bankers want to be proud of their industry’s
practices -- give notice and live by those policies
Consumers want a sense of control and autonomy -- choice over their sensitive, personal information as it enters the database
![Page 29: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/29.jpg)
What should you do next?
If none exists, name a responsible person in your organization
Take a personal interest in how your organization is handling the data of your customers -- leadership counts.
Do you, as an experienced banker (like Ted Putney) feel comfortable with what you are doing?
![Page 30: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/30.jpg)
Next steps (continued)
Give notice of how you really handle customer information.
Give a choice to customers if you, or someone in your family, would want a choice.
![Page 31: Is Confidentiality in Banking Outdated? Peter P. Swire Chief Counselor for Privacy United States Government](https://reader033.vdocuments.us/reader033/viewer/2022061306/55147e99550346d36e8b4867/html5/thumbnails/31.jpg)
Finally:
If you, as an experienced and informed banker, are proud of your practices:– Your employees will be proud– The press and regulators will be (mostly) quiet– Your customers will trust you, and banks
generally, as vital institutions for the information age.