ADOTAS – In the mail the other day I received a “Privacy and Opt-Out Notice” from my bank. Usually, like you, I throw these things away. But since the Do-Not-Track and Android\iPhone location tracking issues have raised their ugly heads I have been paying more attention. I read the notice front and back.
What an eye opener. It says “Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing.”
They are saying, “We choose what to do with your information not you and federal law says we can and protects us in doing so. You can change some — a little, actually almost nothing — about what we do with your information … and we love this. Again, it’s all according to federal law so if you don’t like it complain to them.”
Then it gets worse. The notice tells me the information they collect and share. Account balances, payment history, and credit history and scores. Sure of course. They’re a bank. But here is the killer – they collect my Social Security number and transaction history.
Whoa! Aren’t Social Security numbers a step-one for thieves who want my identity? My transaction history — really? They give or sell the details of every purchase, the type, the quantity, the amount, the time and the place? The data-mining genius who racks and stacks my data may conclude something disturbing about my buying habits when I just am just buying for an old dog with a skin condition.
The bank notice gives me a table listing the reasons they can share my personal information – it looks like this;
Of the seven reasons listed, the bank shares my information on six of them and I can only restrict two – all under the law of course.
The notice goes onto to describe who they share with — affiliates and joint marketing partners. If my bank shares with 10 other companies who then share with 10 each beyond that and they share with 10 each beyond that… Well, you get the picture.
Now using what I learned from my bank what can I conclude about the privacy debate in the ad world?
I think the ad industry would accept an easier to use and more comprehensive opt-out mechanism in exchange for two things: killing opt-in/“do-not-track” and the legal protections afforded in the proposed Kerry-McCain legislation. This arrangement will work fine until it doesn’t.
My bank shares my data widely with third parties without telling me how far and wide that information is spread — I suspect because they don’t know. In the mortgage-backed securities world this is called “counter-party risk and assessment.”
The main cause of the housing and financial markets meltdown in 2008 was that investors simply didn’t know how risky mortgage securities were. So much data had been shared and packaged that you could no longer tell what was good from bad.
So the ad world should be careful what it wishes for. A legal challenge to make opt-in the law of the land will stand a much better chance if opt-out fails on the wings of a couple of bad industry actors that we can’t find or trace — when all we know is that when someone’s privacy was lost, real harm was done.