Most Americans, whether liberal or conservative, are probably equally concerned about how information about them is used, who has access to it, and what decisions may turn upon it.

The chief executives of giant financial services firms are probably no more eager than the rest of us to have their private data generally available.

It's all very nice to hear assurances that Congress, whoever is in the White House, and those to whom we have intentionally or inadvertently revealed our secrets will protect them. But for most people, the cat is already out of the bag.

So much information about them has already been gathered and stored that sorting out who disclosed it, who gathered it, or who may be using it may be impossible. It would be like tracing layered transactions in a money laundering investigation.

When it comes to collecting new information about them, such as our shopping habits on the Internet, most people would prefer to be asked first. That's the easy part, and seems an obvious requirement.

After all, such information is valuable, and they might want to be compensated for it. Taking it without even saying so - stealing it right off a PC's hard drive - just doesn't seem right.

But what about the mountains of data already out there?

Here's my thought: a cyber safe deposit box.

Like a brick-and-mortar safe deposit box, you would need two keys to open it. The owner of the information would have one key and could authorize another party to use the matching key. Without the owner's consent, no one else could access the information.


(There's another issue lurking here, which is that I should be compensated for your use of my information, but we can save that for another discussion.)

How would this work? Let's say a insurance company knew that a given customer was a youngish professional who owned a vacation home in addition to her primary residence. And knew that she own a couple of expensive cars.

And let's say this insurance company was affiliated with a brokerage firm that was targeting professionals in her age group who did not yet have a private banking relationship.

Before the insurance company could share information about this customer with its securities affiliate, it would have to get a key from her so that it could open up her "privacy box."

Let's be clear. That key could not be an indecipherable sentence buried in something that looks like junk mail. It would have to be more like the encryption mechanisms already available. But it could be inclusive of a variety of possible offerings, and could be good for a reasonable period, so as not to be overly onerous for either party.

The chief benefit of this approach would be to make it impossible to use private information without the individual's prior knowledge and consent. This, it would seem, should be the goal of privacy protection.

I have no idea how to build this machine. But I know there are plenty of technology geniuses out there who should develop a prototype.

Ms. Hoover heads Hoover Partners, a Washington law firm that specializes in the financial technology industry.

Note to Readers

"Viewpoints" is a regular feature in American Banker, appearing every Friday. It serves as a forum for discussion and debate on a wide range of issues in the financial services industry, including management approaches and strategies, legislative and regulatory matters, and public policy in general.
We invite contributions and encourage diversity of opinion, whether in the form of commentary articles or letter to the editor about any aspect of out coverage. Please send submissions toViewpoints/Editorial Department
c/o American Banker
One State Street Plaza
New York, NY 10004

or e-mail your submission to
[If you are supplying a photo of the writer by mail, or as an attached JPEG or TIFF file by email, American Banker's art department would prefer a head shot in color .]

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.