Recently, I received a detailed letter from a credit card company. This two-sided flyer looked very different than the small brochures that often accompany my credit card statements that infer, “We own all of your information – so don’t complain about it.” The two-sided fact sheet was from an internationally known bank and the title was “What does (name of bank) do with your personal information?”
As a security professional, I took a moment from my shredding to read the entire flyer. At the top of the flyer, the following sections were featured:
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information.
What? The types of personal information we collect and share depend on the product or service you have with us. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history.
How? All financial companies need to share customers’ personal information to run their everyday business.
Reasons we can share your personal information: for everyday business purposes, for marketing purposes, for joint marketing with other financial companies, for affiliates’ everyday business purposes, for affiliates to market to you, and for non-affiliates to market to you.
On the back of the flyer, the bank explained “What we do” to protect the customer’s personal information and why all information cannot be limited from sharing. Lastly, there was a toll-free number to call for further clarification.
I wondered if I had ever seen anything so detailed from any other credit card company, bank or financial institution, credit institution, etc., that resembled this detailed document. The truth was, despite all the privacy discussions in the mainstream media and tech media, I had never received anything similar to this fact sheet or flyer.
In this era of privacy concerns, privacy lawsuits, and admit it, loss of privacy, it was refreshing to see such effort expended by a bank to explain the why’s and how’s for information sharing. But the fact remains, knowing that so much information is being shared scares the hell out of me!
Allan Pratt, an infosec strategist, represents the alignment of technology, marketing, and management. With an MBA Degree and four CompTIA certs in computers, networks, servers, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. His expertise includes the installation and maintenance of all aspects of the PC and peripheral lifecycle and the planning and integration of end-to-end security solutions. Allan also teaches both the CompTIA A+ and the CompTIA Security+ certification courses, and has been quoted in industry publications. Follow Allan on Twitter and on Facebook.