Firms struggle to heed clients’ plea: Keep our data safe

Register now

Increasing regulation demands more and more disclosure around the use of data, but firms are skeptical clients want it.

Consumers just want their financial firms to “do right by me,” said Lowell Putnam, head of partnerships for the leading fintech data aggregator Plaid, whose clients include Betterment and Venmo. And that leaves the ball largely in the firms’ court, he and other experts told attendees during a panel discussion on privacy and client data at the SourceMedia In|Vest Conference.

There’s only so much disclosure information that clients realistically want to receive, U.S. Bank’s Chief Privacy Officer Timothy Nagle agreed.

Recently, the bank adopted a new privacy policy in line with a new European law, the General Data Protection Regulation, which took effect last year. It protects the privacy of customers in Europe and also extends that protection to the export of their data beyond the borders of the European Union.

So what’s the problem? After implementing the policy, Nagle says, one of U.S. Bank’s privacy notices now runs to 26 pages.

“Who’s going to read that?” he asked.

Plaid is trying to thread this needle by differentiating between honesty and transparency, Lowell explained. While transparency discloses all the information possible and inundating clients with information, Plaid defines honesty as showing consumers what means most to them.

As the definition of privacy expands to include insights gleaned from analyzing customer data (their physical locations, for example, or shopping preferences), Plaid is looking into how to give customers more control over the insights themselves. This could mean giving clients the option of electing what data to share, specifying how any insights are used and determining how long that permission lasts for.

“We’re probably making the biggest investment in consumer consent,” Putnam said.

Putting privacy policies into place should be a top priority for firms not just for ethical reasons, but given the “inevitability” that the United States will pass some form of its own legislation in response to Europe’s new law, says Bob Miller, CEO of Private Client Resources. His firm provides data aggregation and wealth information management to high-net-worth families, private banks and financial advisors.

But Miller is skeptical that there’s any consumer demand for regulation. They just expect companies to be responsible for protecting their data.

“If consumers really cared, we’d probably be having a conversation about the 28th Amendment of the Constitution for privacy,” Miller said.

In the meantime, Citibank, the consumer division of multinational bank Citigroup, implemented policies that are compliant with GDPR, the EU’s new law.

“We chose to adhere to GDPR on a global level,” said Philip Watson, head of Citibank’s global investment lab and chief innovation officer.

Regardless of the complexity that comes with regulations and giving full disclosure, Watson says, “at its most simple, clients want their data to be safe.”

For reprint and licensing requests for this article, click here.
Investment insights Fintech Cyber security Client communications Citigroup U.S. Bank Plaid Technologies In|Vest Conference