TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

""

""

“We are committed to providing a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals and provide education and guidance on opportunities in the field of information privacy.”

That's the IAPP's mission statement. 

Privacy professionals accept responsibility not only for their own conduct, but also for the education of consumers in adhering to good privacy practices. This is the context for noting the logical disconnect between what consumers say about how much they value their privacy and the apparently low rate of participation in the opt-out responses to financial institution privacy notices.

Typically, when asked whether they value their privacy, most consumers will respond that it’s important to them. But their conduct tells a very different story. Whether it’s postings on social media, participation in loyalty programs that track purchases, accepting cookies on the internet, or responding to privacy notices from financial institutions, in fact, they demonstrate their apathy. Consumers just seem to accept the “inevitable” collection, distribution, and even abuse of their most personal information.

One pattern of this behavior can be considered a “proxy” for analyzing this disconnect. Not surprisingly, it comes from a federal government initiative that has proven ineffective over nearly 15 years.

The “privacy notices” sent out regularly from all financial institutions to all customers give them the opportunity to reply and limit the scope of sharing of sensitive personal information with third parties.

Since the Gramm-Leach-Bliley Act, enacted in 1999, required banks and other financial institutions to give this option to account holders, the perceived urgency appears to have waned. During the same 15+ years, the author has taught a multitude of identity theft courses, both as community education and for CE credit for attorneys, real estate licensees, funeral directors, and many more disciplines.

In these courses, one of the standard questions is whether the participants value their privacy. Nearly everyone raises a hand to indicate that they do. Then, upon showing a typical mailing from a financial institution, the question is posed as to whether anyone has, even once, filed out and returned the opt-out form. Nearly no-one has.

And that's the disconnect.

To be clear, this experience is only supported by anecdotal analysis. A search for indications from the responsible federal bank regulatory agencies (FDIC, Federal Reserve, etc.) to determine whether anyone has carried out a statistical analysis of participation in the opt-out or restrictive choices offered by G-L-B shows no current results.

Surveys carried out a few years after the requirement was levied showed a very low participation rate: 

According to the trade publication American Banker, industry estimates of the number of consumers who have opted out “hover around 5 percent.” One survey of savings banks showed that more than half were experiencing an opt-out rate of one percent or less.

There is no indication of any significant increase in this abysmal participation rate. With a record of such an apathetic response, a possible “strengthening” of the statutory and regulatory framework is due for a fresh look.

To carry out the stated purposes of amending legislation in late 2015, the Consumer Financial Protection Bureau recently promulgated an amendment to Regulation P, to modify the means of notification and implement certain exemptions. However, this still does not address the low consumer response rate.

One other solution that has been floated from time to time is to change the default setting. In effect this would restrict the sharing of information, unless the consumer chose to opt-in to wider distribution of account information. However, as might be expected, industry opposition has prevailed.

The question remains: what can privacy professionals do?

There is no doubt that it's time for a review and update of consumer participation in limiting the proliferation of the distribution of sensitive personal information, as part of an educational initiative to help consumers and the privacy professionals who work with them. Although the financial institution opt-out capability is an indicator of consumer attitudes, any privacy pro would tell you much broader effort is required.

It will be a long road to modify consumer behavior in disclosing vacation plans on social media (including the news that “our dogs will be at the kennel while we’re gone.”). Targeted advertising based on purchases logged in through loyalty programs and internet searches can lead to clever identity thieves making online purchases to fit the buying patterns of the victim cardholder. This list is limited only by the imagination of the reader.

As privacy professionals conduct our core work, we carry the message to consumers the importance not only of saying they value their privacy, but also taking steps to protect it. Education in every available forum supports the value proposition of IAPP members, and serves our various communities to avoid the pitfalls of poor privacy practices.

Privacy, like charity, begins at home, with our own individual practices. Beyond that, by teaching the mutual benefits of educating consumers and creating an atmosphere of support for what privacy professionals do, the active participation by consumers will influence the businesses we serve to adopt and implement appropriate privacy practices.

Comments

If you want to comment on this post, you need to login.