Privacy is a hot potato in whoever's lap it lands as a policy issue-Washington regulators, Congress, the European Community, any enterprise that deals with sensitive personal information (that means every bank), and individual consumers. How hot? Some samples:
* In a 1995 Equifax-Harris poll, 80% of consumers agreed that "consumers have lost all control over how personal information about them is circulated and used by companies." The poll shows that 60% want to do business with companies that take steps to protect privacy.
* A 1997 Money magazine poll found that 83% said their greatest fear was loss of financial privacy. A federal "Privacy Bill of Rights" was favored by 88%, and almost as many, 80%, wanted a federal privacy czar.
* On the bright side, a Business Week-Harris poll last fall found that 78% of frequent Web users say they would use the Web more if privacy were assured.
The privacy hot potato has been flying across the Atlantic since last October 25, when the European Community's privacy directive officially took effect. The directive's superstrict requirements apply to all 15 EU member countries and also prohibit those members from sharing information with parties in countries that don't have equally strict privacy standards. Negotiators for the U.S. and EU have been working hard to resolve differences before their "privacy summit" meeting in Cologne later this month.
In the current U.S. Congress, the ABA reports sighting more than 80 bills that deal with some aspect of financial privacy. The one that carries the most weight is the Financial Information Privacy Act, S. 187, introduced by Senator Paul Sarbanes (D-Md.). It would let consumers prohibit passing their personal data on to affiliates in the same enterprise or to third parties. Consumers can "opt out" of sharing information within the enterprise. Specifically, they can take no action when presented with a notice of what information the firm intends to share and with whom. Getting permission to share personal information with third parties would be harder--a consumer would have to "opt in" to the sharing by explicitly approving it.
Considering the many pressures for strong privacy measures, it's likely that the U.S. will end up with policies that look a lot like the EU's. The biggest issue is whether guidelines will be imposed by government or emerge privately as enlightened self-regulation.
Either way, bankers can expect to be required to implement and enforce policies that give consumers a high order of control over what personal information can be shared and how. …