-
Cybercriminals understand psychology just as much as they do technology. Here are steps your bank employees must take to mitigate the risk of phishing and other attacks.
June 14 -
U.S. banks are under pressure to do more with their data to understand their customers' needs and make the best offer. But the rub is that global privacy rules are getting tougher, and consumers are starting to want to own their data.
May 10 -
The Cybersecurity Information Sharing Act, which has advanced far on Capitol Hill, promises to help businesses and government thwart cybercriminal attacks. But privacy advocates say the bill would make misuse of consumer data even easier.
November 17
In the debate over how consumers' data can be used by retailers and marketers, banks seem largely paralyzed on the issue, letting others argue the merits of more or less data access. Yet with the push for data privacy possibly leading to costly new regulations, now is the time for banks to weigh in. If they don't, they run the risk that the public policy debate could eventually hurt their historical "trusted agent" position.
The current data privacy debate is contentious and unproductive. At one extreme are powerful digital aggregators and fintech players arguing that they must be free to mine and use consumer data without restrictions in order to bring consumers convenience, choice and better service. At the other extreme, consumer advocates contend that data mining and sharing is a fundamental violation of consumer privacy. As the two camps go on arguing in circles, digital commerce is rapidly expanding — online shopping accounted for 39% of 2015 U.S.
Banks may be cautious about wading into the debate since the two extremes seem impractical. They would not want to be seen calling for unfettered freedom for businesses to use and share consumer data, nor are they likely to support making all consumer data off limits. But there is an alternative solution in between: putting consumers in the driver's seat of deciding how their data can be used and by whom.
The financial services industry's voice in the data privacy policy debate would carry considerable weight.
The U.S. has a history of enacting regulations in reaction to "data privacy" crises. Nixon-era abuses triggered the creation of a special Senate committee led by Frank Church to look into government spying on civilians, which in turn led to the 1978 Right to Financial Privacy Act. More recently, the 2015 Cybersecurity Information Sharing Act was in part a response to the 2013 Target data breach, and some of Facebook's practices have triggered a call for congressional hearings. And so it goes.
There has been a strong call for privacy protections in the wake of the Edward Snowden revelations about government snooping. But how might U.S. lawmakers and regulators react to a private-sector version of that story: a company using consumer data in highly invasive and objectionable ways? The consequence could be painful restrictions on how companies, including banks, access and use data.
One template for how government policymakers could respond in such an event is the onerous restrictions of the
As tech aggregators and consumer advocates continue to approach the issue from opposite ends, banks could take a high road that calls for neither unlimited access by businesses to consumer data nor a complete clampdown.
Specifically, banks could support empowering consumers to take charge of their own data exposure by allowing them to set their own risk tolerances regarding data sharing. There are already multiple precedents for this type of path. The Truth in Lending Act helps consumers make informed choices about the release of their information during the credit process. The Health Insurance Portability and Accountability Act empowers individuals to decide how much of their medical history to reveal and to whom.
As the institutions consumers trust most with their personal information, banks seem well positioned to have a lead voice in the debate over privacy policy. In arguing for a middle ground approach, the financial services industry could collaboratively advocate for public policy while backing consumers' "data rights." This would position banks as dedicated protectors of consumer interests in the digital age.
Banks could also take an active role in building data aggregation platforms that help consumers strike a balance between sharing and privacy, thereby creating new revenue streams and differentiating the financial services sector from other players in digital commerce.
Taking a more proactive role in the privacy debate might require banks to step outside of their comfort zone. But doing so now is preferable to letting other voices and events determine the eventual policy.
Bob Hedges is a partner and global leader of the Financial Institutions Practice at A.T. Kearney, a global strategy and management consulting firm. He can be reached at
