In recent years, the attention of the general public toward the subject of privacy and the major issues related to it has increased greatly, especially since tools and technologies that are capable of capturing data about various aspects of our lives have proliferated.
Around the world, there are different regulations and different degrees of protection of individual’s privacy, for example in the European Union, we find the General Data Protection Regulation (GDPR), which aims primarily at giving control to individuals over their personal data and at simplifying the regulatory environment for international business by unifying the regulation within the EU.
GDPR is considered the most notable of the latest regulatory developments around the world because, with it, all companies that handle EU consumer information must obtain, by consumers, express consent to collect their data, while at the same time companies must also promptly notify citizens of data breaches, or other problems and concerns related to their private data.
On the other hand, in the United States, there is not an all-encompassing rule like the GDPR, in fact, US federal regulations tend to be narrower in scope, more sector/industry-specific, or to protect only certain types of data.
In addition to regulatory uncertainty, it is becoming increasingly clear, as time goes, how fundamentally limited privacy protections that were conceived for the analog age are today. In fact, even the notion of privacy is being reshaped and modified by new technologies, it is therefore very important to rethink these measures and create rules that can best be applied to the current, constantly changing environment.
Table of Contents
Privacy and emerging technologies
As highlighted previously, due to the introduction of new technologies, companies will have to deal with a larger amount of data coming from different sources. In the case of financial institutions, they are expected, over the next few years, to increase their usage of those evolving technologies to serve their customers, with services like tapping virtual assistants, personal and commercial sensors, etc.
However, while in many cases, customers are aware of the fact that their private data is being collected, they may not be aware of more recently developed types of data collection and how such information is used, usually, because privacy policies tend to be written in a not so clear language, and because companies do not offer many details about what they are doing.
Financial institutions cannot focus on compliance alone, they need to ensure their data mining from an increasing number of sources does not alienate consumers or lawmakers, even if they meet all legal requirements.
It is important to note that, the threat level of potential privacy concerns varies considerably according to the type of technology adopted, in fact, an analysis conducted by Deloitte suggests that some technologies are more likely than others to create privacy concerns.
From their study, activities like monitoring of Web browsing and social media are most likely to raise objections, while the greatest causes for concern at this point in time are location and space, communications, thoughts and feelings, and association and group.
In the financial services industry, for example, a controversial topic is how data from different emerging technologies could be combined to make more precise and accurate assessments about customers. Biometric data from facial recognition software, for example, could be cross-referenced with social media posts to identify the risk profile of a loan applicant.
However, most times financial institutions do not need to go to extremes to gather the data they need to make a decision about a consumer. In fact, a simple activity like monitoring social media posts of possible customers, in order to understand what is their lifestyle and to find out whether they usually incur in risky activities or not, could provide a lender or an insurer key information about the risk profile of the applicant.
New York regulators recently gave life insurers the green light to use social media posts as well as other data sources to help determine premium charges, provided insurers can prove such data does not unfairly discriminate based on race, gender, color, or sexual orientation.
However, it could make a big difference if consumers were made aware of the potential value that the monitoring of their social media posts might provide for them. In fact, in many cases, even if consumers are generally not willing to share their web browsing activity if the source of the data and the reason why institutions collect it was fully disclosed, privacy concerns perhaps could be overcome. Indeed, a study found that about two-thirds of 18 to 34-year-old respondents, and one half of 35 to 54-year-olds, if it could lower their premiums, would be willing to allow insurers to sift through data from social media, smart homes, etc.
There are different approaches that are based on the idea that customers should be made aware of how their data could be used and the benefits that they could gain from letting financial services companies analyze their data. In fact, a possible approach could be the use, by financial companies, of a “portfolio approach” to privacy, by showing to their customers various scenarios that spell out the possible return they may receive from sharing various types of data, compared with the level of risk involved.
The current state of privacy policies
To have a reliable perspective about how financial services firms are currently set up to address the privacy challenges posed by emerging technologies, we rely on a study conducted by Deloitte, which analyzes privacy policies from a random sample of 12 large financial institutions that work in various sectors, specifically in banking, investment management, insurance, and real estate, in order to determine what kind of data they collect, how they process it, and how frequently they update their privacy policies.
Deloitte’s analysis found that all companies in their sample usually collect traditional identifiers (name, email, phone number, etc.), and they also tracked website analytics data, including browser type, IP address, and app usage. The most extensive data was collected by insurance firms, given that they use most of their data for risk selection and to make policy pricing.
They also noted that the primary data collection method used was via “voluntarily supplied or disclosed” consumer data, and most of the collected data was used to deliver quality services, such as account management, fraud prevention, and marketing.
One interesting finding of this research is that all sampled companies share data across business units to “enhance services”, or in some cases, they share it with third-party providers as required or permitted by law, however consumers cannot opt-out of this data sharing except when it is used for marketing or advertising purposes.
A second analysis focused on the formulation of privacy policies. Analysts found that they were arguably superficial, in fact, they found that privacy policies within financial services sectors were so alike that it was hard to differentiate between firms.
Moreover, most privacy policies analyzed were not forward-looking and were not taking into consideration advances in technology and new data. This is a problem since while traditional forms of consumer data tend to be covered under current financial privacy laws, data from the fusion of new technologies is not.
Thus, the current state of existing privacy policies may be giving consumers a false sense of comfort, which could be setting the stage for a rude awakening and, subsequently, the potential for a privacy backlash among consumers.
From the analysis just showed, it appears pretty clear that financial institutions should consider rethinking customer privacy in a more expansive, proactive, and strategic manner.
They could do it by, broaden their lens and become more proactive and deliberate, exploring how emerging data sources and privacy concerns will likely evolve over time. Moreover, they should review their current privacy policies, and use them to earn customer trust by providing enough transparency to demonstrate good faith.
Is also important that they improve the quality control, accuracy, and relevance of the data that they collect, as well as exploring new data science techniques in order to protect sensitive information.
Rather than assuming that customer perceptions of privacy are immutable, financial services firms can and should shape the perception customers have with respect to the value of their data, developing trust by clearly communicating what they are doing with consumer data and by giving something in exchange.
By adopting these measures financial institutions should be better prepared to manage privacy in an increasingly digital world, to more effectively serve their customers.