The convenience of online banking comes with a price, and we're not talking about another user fee. According to the Interagency Financial Institution Web Site Privacy Survey, conducted by the Federal Deposit Insurance Corporation (FDIC), all of the 50 largest financial institutions that are online collect three or more pieces of personal or demographic information about users. What concerns the FDIC is how banks are handling the data. The survey found that only eight of the 50 largest institutions meet all five principles of the "fair information practice," an Internet industry standard that explains what data is being collected, allows consumers to opt out, permits access to the information, provides secure storage for the data, and gives customers a way to contact the company regarding privacy issues.
Only three sites of the online top-50 are non-interactive, meaning they don't allow customers to bank online (access accounts, transfer funds, open new accounts, etc.). Interactive or not, all 50 sites gather personal details from users. The most commonly collected data are names and telephone numbers - all sites collect this information. Ninety-eight percent of the sites collect users' postal and e-mail addresses as well. More in-depth information is gathered less often. Sixty-eight percent of interactive sites ask users about their occupation, 49 percent about gender, 40 percent about marital status, and only 9 percent about race. Non-interactive sites ask none of these questions.
For consumers, knowing what's collected about them is only half the battle; the other half is being able to do something about it. Only 31 percent of banks with privacy disclosures allow customers to opt out of providing personal information for internal use. Of that group, 13 percent permit consumers to exercise that choice online. More banks (53 percent) say users can opt out when their personal data could be shared with third parties, but only 4 percent let consumers take this course online. These numbers are bound to rise, however. The passage late last year of the Gramm-Leach-Bliley Act, also known as the Financial Modernization Act, requires that banks give their customers the opportunity to opt out of marketing solicitations from third parties. More consumers might take them up on the offer if they knew that 38 of the 50 sites state somewhere in their privacy policies that the bank can use a customer's personal information to contact them for marketing purposes. And all but one provide a statement informing consumers that their data could also be passed along to third parties.
"Some banks do nothing with the information they collect," says Sonia Barbara, spokesperson for the American Bankers Association (ABA) in Washington, D.C. "Others provide limited information to third parties who offer products that their customers may be interested in. If you're not interested in a product, then by all means you should be able to opt out, but many customers do want that information." Barbara adds that data shared with third parties is very basic, limited for the most part to a name, phone number, and address. The ABA also encourages financial institutions to require third-party marketers to adhere to the same strict security standards that the banks themselves enforce.
Still, most financial institutions refuse their own customers access to even the most basic information they collect. Just 13 of the top 50 banks online inform consumers that they can ask questions about the information they provide, and 12 sites explain how users can correct errors in their personal data. How consumers could know there are errors remains a mystery, though, since only one site allows customers to review the information collected about them. Think you might like to contact your bank about now? Good luck. Only 11 banks tell their users online how to submit a question about privacy.
While admitting that there is room for improvement, the banking industry is not entirely displeased with its performance in the FDIC survey. "Trust is the cornerstone of any good business," says Barbara. As a result of the continued focus on privacy, she expects that "bankers will be looking at all areas and reevaluating their policies."