Banking institutions were stunned to find themselves singled out as the bad guys this week in the regulatory battle over consumer privacy. Some in the industry predicted the latest round of legal action could lead to unacceptable increases in direct marketing costs for the entire financial services sector if pending legislation becomes law.
While debates have been focused on the online world and the inherent security risks associated with e-commerce, the matter exploded all over again after this month's accusation by Minnesota Attorney General Mike Hatch that a subsidiary of U.S. Bancorp, Minneapolis, violated federal law by selling private customer information to marketers.
That led to more fallout when UnionBanCal, San Francisco, terminated its contract with MemberWorks Inc., Stamford, CT, a provider of consumer membership programs that allegedly purchased personal information such as Social Security numbers and credit reporting data from U.S. Bancorp. Since then, numerous banks — including Bank of America, Wells Fargo and Citibank — have released statements clarifying how they handle customer information in relation to marketers.
Wayne Gattinella, senior vice president of marketing at MemberWorks, said the Minnesota attorney general merely “took exception to some of the information” that U.S. Bancorp provided. “It's important to note that our company was not named as a defendant in that suit, and we have since returned all the information to U.S. Bancorp.”
MemberWorks also released its own formal privacy guidelines this week, along with a vigorous denial that it used confidential customer information in marketing its programs with U.S. Bancorp. However, as direct marketers and database analysts well know, the truth is always in the details. And what one attorney general deems personal customer information, a marketing vendor may merely regard as aggregate demographic data.
“I'm not going to pretend to be the expert on that one,” Gattinella said. “There is a huge debate on what levels of database information are presumed to be personal and private [or otherwise], but we only keep information on customers that enroll in our programs.”
Gattinella's remarks capture the crux of what many financial companies are likely to be facing as competitive marketers using the latest in database technology. Mortgage lenders, credit card issuers and insurance brokers are especially concerned because they rely so heavily on database-driven programs to research and prospect new customers. And there are clear benefits for those who share prospect or existing customer lists between operating divisions within the same corporation.
Mark Budnitz, a professor of law at Georgia State University, said consumers have little understanding of what is really at stake.
“To them, it must appear like a losing battle because the situation keeps changing — banks merging with insurance companies,” he said. “Now they're planning to merge with brokerage houses. Consumers can't be expected to understand and read all the fine print on the back of every document.”
Indeed, the current concern over privacy in the banking industry seems to be centered on information associated with the mass marketing of financial services products and information to consumers with lower net worths. For perspective, at J.P. Morgan, New York, a bank with more than $70 billion under management, vice president Alexandra Trower said privacy concerns aren't an issue.
“We would never discuss or release anything about clients,” she said. “Privacy has always been part of our brand — and maintaining confidentiality is at the foundation of everything we do in serving our private clients.”
Of course, most of J.P. Morgan's clients have a net worth of at least $1 million, and the company clearly has more to protect than privacy. Such motivations aren't as widespread in the credit card or brokerage arena. Still, some bankers suggested privately that new privacy concerns may be nothing more than red-herring attempts to derail sweeping banking reform measures in Congress that would allow more seamless industry consolidation and increased opportunities for financial institutions to compete as heavyweight direct marketers.
“There is legislation that would permit a great deal of consolidation and sharing of third-party information,” said Mark Rotenberg, executive director of the Electronic Privacy and Information Center, Washington. “And in the background is looming the implementation of the European Union data directive. I think the pressure will continue to grow in the United States. There are going to be significant new rules in the financial service area that didn't previously exist.”
Jim Febeo, a spokesman at the Consumer Bankers Association, Washington, hinted that Rotenberg may be right.
“I would say at this point that there is likely to be some privacy oversight, some modernization of the current language being proposed [by lawmakers],” he said. “But the focus is on the House right now, and it is far too restrictive to be acceptable to the banking industry.”
Any attempt to prevent institutions from sharing customer information among divisions would result, Febeo said, in a “definite loss in efficiency for the industry, especially among affiliates within one corporate family. And that essentially will mean that the consumer loses.”
