Bankers have been slow to react to their customers' growing privacy concerns, a report says, and they could be risking regulatory intervention.
"If U.S. banks fail to heed their customers' genuine privacy concerns, a call for detailed privacy regulation of bank marketing and on-line commerce operations by state or federal authorities is likely," said the report in the March/April edition of the newsletter Privacy & American Business.
While few people doubt the seriousness of a regulatory threat, sources close to the credit card industry, where much of the concern lies, believe banks are responding to privacy issues even if they haven't adopted formal policies.
"We shouldn't mistake a lack of public discourse on the issue (for) a lack of importance to our members," said Susan Murdy, vice president of public affairs at Visa.
Similarly, Richard Jones, MasterCard's vice president for consumer and merchant satisfaction, defended banks. The card association itself only adopted privacy principles last November, he said.
Since then, Mr. Jones said, momentum among card issuers is building to adopt such policies. Visa issued privacy principles last May.
Most of the privacy concern is centered on information gathered about consumers' buying habits from credit or charge cards. The handful of financial institutions that have privacy policies, with the exception of American Express Co., apply them solely to their card customers.
Alan F. Westin, editor of the privacy newsletter, which is published by the Center for Social and Legal Research, said he believes the credit card approach is not enough.
"Banks need to have policies that cover their full range of services," he said, "because more and more banks have one big customer data base that is feeding all of these marketing activities."
Citicorp, which has had credit card privacy policies since 1991, is working on such a broad set of principles.
"We are determined to become a global company and recognize that data protection" is imperative to this expansion, said Duncan MacDonald, group general counsel for card products, Europe and North America, at the Citibank unit.
Citibank will apply its principles to all consumer products and information, said Mr. MacDonald.
The Hackensack, N.J.-based newsletter said only a dozen or so of the 6,000 U.S. banks that issue credit cards have card member privacy policies.
Mr. Westin attributed this reluctance to address privacy issues to a new kind of banker who is driven by profits gained through gathering a plethora of consumer data.
"People that ran banks in the '60s and '70s paid a lot of attention to privacy policies," said Mr. Westin. "They knew that you didn't blurt out customer account information. The majority of (today's) data base managers have not been pinched by privacy - yet."
Those executives are primarily interested in building consumer data bases that delineate current and prospective customers' behavior.
The most privacy-oriented bank marketing executives, said Mr. Westin, are those concerned with developing smart cards. But smart card experts have been unable to convince senior bank managers to develop overall card- issuer policies.
Senior managers are most concerned about complying with the law, and they are not now violating any specific privacy law, said Mr. Westin.
But that could change as the Federal Trade Commission weighs in. The agency expects to issue voluntary privacy principles in April for on-line transactions.
The commission has also served notice that it wants Internet users to adopt voluntary guidelines aimed at protecting consumer privacy.
"The FTC is finding that it is harder to regulate information because technology is constantly changing," said Martin E. Abrams, director of privacy and consumer policy at TRW Information Systems and Services.
A new alliance among 17 major U.S. corporations, industry associations, and legal experts met last week to discuss privacy issues. Financial services companies were the largest subgroup.
Privacy & American Business sponsored the forum, which included such heavyweights as the three major credit bureaus, Citicorp, America Online, MCI, Microsoft, and American Express.
The participants concluded that industries should adopt voluntary dispute resolution procedures to use when consumers believe their right to privacy has been violated.