As privacy concerns rise along with electronic commerce, bankers are treading lightly, in part because no firm guidelines are in place.
This week, when President Clinton unveiled his administration's generally laissez-faire policy toward electronic commerce, he included a specific directive to "ensure effective methods of protecting the privacy of Americans."
Last month the Federal Trade Commission held hearings on consumer privacy, and opinion polls show that Americans are increasingly wary of privacy invasions.
Bankers and others involved in electronic commerce worry that overregulation could stifle the growth of Internet-based business.
"We would prefer self-regulation to having the government enter an area that they are less familiar with than we are," said William M. Randle, senior vice president of Huntington Bancshares, Columbus, Ohio.
This year, the Internet is expected to handle consumer sales of more than $500 million, said Andy Blackburn, vice president of Boston Consulting Group and author of a study assessing consumer attitudes about revealing personal and demographic information to Internet-based businesses and organizations.
On-line commerce could grow to $14 billion by 2000, he said, but such growth would require a certain amount of competitive freedom, experts said.
Conversely, some degree of regulation could help Internet commerce by setting standards and expectations for the sharing of data about finances or purchasing habits.
"To a greater extent than in the physical world, privacy is a major concern on the Internet," Mr. Blackburn said. "The Internet presents opportunities to make greater use of personal information, making it more threatening to consumers."
In the Boston Consulting Group survey, 86% expressed a desire to control use of demographic data; 81% agreed that sites do not have the right to resell demographic information without permission; and 70% cited privacy concerns as the primary reason for not registering at Web sites.
But 78% of respondents said an assurance of privacy would increase their comfort in giving out information over the Internet. "We view an active disclosure and managed privacy policy as a competitive weapon," Mr. Blackburn said.
A survey of 100 popular Web sites conducted by the Electronic Privacy Information Center in Washington found that only 17 disclose their privacy policies to consumers.
Of the sites, 49 requested personal information and 23 used "cookies," a technique for identifying and tracking a user's habits by way of his browser software. Though cookies do not reveal users' identities, they do raise questions about intrusiveness.
To assuage those concerns, Netscape Communications Corp., Firefly Network Inc., and Verisign Inc. last month endorsed an Open Profiling Standard, and others followed. The system would let users decide which personal information would be presented or withheld from a given site.
TrustE, an offshoot of the CommerceNet consortium that was organized with the Electronic Freedom Foundation, has established a rating system and symbols that would convey a company's privacy status-no exchange, 1-to-1 exchange, or third-party exchange of information.
Tandem Computers, Coopers & Lybrand, Oracle, Land's End, Cybercash, IBM, KPMG Peat Marwick, and Wired Ventures are among the first TrustE licensees.
The Bankers Roundtable's Banking Industry Technology Secretariat-Bits-is working on a certification standard that could enhance consumer confidence in any banking service displaying the appropriate logo, Mr. Randle said.
Experts say consumers are beginning to recognize the sensitivity and value of personal information-though many do not object to releasing it if it benefits them.
Bankers increasingly must assure both consumers and regulators that personal data are being safeguarded.
"There is no inherent right to privacy ... as far as government access to records," said John Byrne, senior federal counsel and compliance manager for the American Bankers Association. "We have an obligation to report possible violations of law, and that obligation takes precedence."
But Mr. Byrne doubted that the government could handle reporting responsibilities more effectively than banks could.
"It should be up to the banking and other industries to craft their own principles, and customers can make their decision" with respect to standards for releasing personal information to third parties, he said.
The ABA is drafting industry guidelines for release in mid-July. Beyond saying the report would propose limiting access to customer information only to employees who "have a business reason" to need it, Mr. Byrne would not discuss details.
At a recent conference of the Electronic Funds Transfer Association, Citicorp vice president Peter J. Gray listed some privacy "myths": that people won't use the Internet without privacy laws, that all consumer information is sensitive, and that data mining is prohibited unless the customer gives consent.
"Privacy has a real cost to consumers and businesses, and it is both tangible and intangible," Mr. Gray said. For instance, when customers call a bank with a problem, they want the customer service representative to know them and appreciate their business.
Self-regulation might encourage reluctant customers to engage in electronic commerce, but "overreaction can deny delivery of valuable services," he said.
Bankers also need information in making basic decisions, such as on credit applications, and to prevent fraud. Some warn that overregulation could hurt these endeavors.
"Technology has driven fraud concerns through the roof," said Norman A. Willox Jr., chief executive officer of Trans Union National Fraud Center in Horsham, Pa.
"We are concerned that bankers have access to the data base tools, or we take a step backward as far as fraud prevention is concerned," Mr. Willox said.
