Is Internet Banking Private?
By Gail Rickards
This is the second of a two-part article on privacy in online banking.
The controversy surrounding Web privacy centers on the use of personal information that is collected by all sites, including I-banking, as you click from site to site and page to page.
As this controversy grows, two principal issues have emerged. The first is disclosing what information is being collected and how the information is being used. The second is the granting of permission to use or share the information.
For online banking, there are laws and regulations already in place that cover some disclosure and permission issues–The Fair Credit Reporting Act and Reg. B for credit reporting, and Reg. E for electronic transactions. As helpful as these are, they don’t specifically address I-banking privacy concerns.
New Privacy Legislation for Banks
The Gramm-Leach-Bliley Act, which goes into effect November 2000, modernizes much of the financial system. According to its provisions, banks are directed to formulate privacy rules and disclose their policies regarding the use of personal data.
However, the Act doesn’t specifically discuss online privacy or outline how banks can reach compliance, and therefore leaves it to consumers to determine whether policies are actually followed.
New York and California State legislatures have alternative bills of their own that go further with respect to requirements of particular importance to online banking.
One bill would require written notification of privacy policies to customers. The other would give customers the choice to “opt-in”–to give the bank permission to mine the data that it collects–rather than “opt-out” after the mining has already taken place.
The Privacy Statement Emerges
If you’ve had a chance to look at such a policy, you may have found the amount of information both daunting and under-whelming. Yet, its very presence is a step in the right direction, ahead of legislation.
- What information is being collected?
- What is it used for?
- Is information shared with any of the site’s affiliates that offer related services?
- Is information ever shared with or sold to outside third parties? Why?
- Is information accessible by departments or employees inside the bank? How secure is the site?
- Does an objective entity, such as an outside auditor, review how well the bank adheres to its policy?
- Can you protect your personal information by “opting-out” of data mining? How?
- Whom do you contact with questions or complaints?
If the policy is vague, contact the bank for specifics.
Take the Next Step: Cookie Control
Right now, you can increase your privacy protection by taking charge of “cookies”–small data files planted on your computer hard drive by every site you visit, including I-banking.
Clear the disk cache each time you exit your online banking site.
Whether you use Microsoft’s Internet Explorer or Netscape Navigator, go to the main menu on the top of the screen and click on “Edit.” Choose “Preferences,” scroll to the category “Advanced,” and click on “Cache.” You’ll find a button called either “Empty Now” or “Clear Disk Cache Now.” Click on that button, and the traces of your I-banking session have been erased.
Cookies pile up as you use the Internet. When you clear the disk cache, you remove all cookies–those that make navigating through a specific site easier and those used to collect information for others.
If you want to selectively control cookies, you can find a variety of software programs. Two of the best are made by ZDNet and Symantec.
Can Online Banking Be Private?
Banks are very privacy conscious, and they want our trust. Being vigilant and informed, we can add to their efforts and take active steps to protect ourselves. My overall answer, therefore, is yes; online banking can afford adequate privacy.
Ultimately, though, it’s up to you to decide. After all, it’s your money, your information, and your peace of mind.
Click here to read part one of Is Internet Banking Private?
Do you have questions, comments, or topic requests?
E-mail me at: firstname.lastname@example.org