Can “privacy as a service” work for banks?

A whistleblower has revealed that consumer data was gathered and shared in secret and objectionable ways, violating the personal privacy of more than 50 million people.

Should we really be shocked?

To those who follow consumer data issues, this kind of data privacy debacle seemed inevitable. It was a crisis waiting to happen.

Facebook CEO Mark Zuckerberg has publicly apologized for this “major breach of trust,” adding, “I promise to do better for you.”

The problem is there will surely be more violations of consumer trust by digital aggregators and third-parties exploiting how data is collected, managed, and shared for economic gain—if not at Facebook, then elsewhere. The way that consumer data is captured, managed, and used by companies worldwide is far too fast and loose. Consumers place their trust on those handling their data. They deserve better.

And they think they have “better”

Consumers are remarkably willing to share their personal data in exchange for speed, personalization, convenience, and connection. Before the Facebook story broke, few likely grasped just how vulnerable their trustful willingness can make them to the often complex and opaque practices of data aggregation and digital commerce.

A global community of active digital consumers who chat, browse, share, shop, and conduct commerce online has received a high-profile wake-up call.

In fact, my firm’s own research clearly shows that consumers are not aware of the privacy implications of their data-sharing habits.

A majority of the more than 7,000 banked U.S. consumers participating in our Q4 2017 Consumer Digital Behavior study believe they rightfully own any information they provide when they conduct digital purchases and should have control over how it is used.

Recent events are a harsh revelation that consumers often have no such control, and they are certain to resent it. Nearly two-thirds of the consumers in our study say that using their data without their permission is either an invasion of privacy (30%) or, at best, a necessary evil (32%).

In sum, even before the high-profile Facebook privacy breach came to light, there was significant consumer skepticism about companies mining, sharing, and exploiting their data. Everyone in business should be concerned that newly heightened consumer anxiety about data privacy and security will cast a problematic shadow on other digital behaviors—particularly online shopping, retail payments, and financial transactions.

Consumer skepticism extends to the data privacy regulations designed to protect them:

• A full one third of the consumers in our Q4 2017 study say they are not at all confident in current U.S. regulations to safeguard their data privacy.

• Another third are only somewhat confident.

• Only 16% of consumers are very confident.

Given the public outrage over the Facebook revelations, it is hard to imagine consumer trust and confidence rising anytime soon.  

In response to a question about regulation last week, Zuckerberg said, “I'm not sure we shouldn't be regulated,” in effect inviting Congress to weigh in on how Facebook and other digital players conduct business.

That could happen. However, the history of U.S. consumer data privacy regulation has been episodic, crisis-driven, and seldom forward-looking. As a result, U.S. consumer data protection policy is a patchwork of regulation across multiple federal agencies, with fragmented and overlapping enforcement authority. Prospective regulation is not the most promising source of increased consumer confidence and trust.

What this means for banks

While the Facebook revelations give consumers fresh reason to trust neither business nor government to protect their data privacy, there is at least one institution consumers do trust. Their bank.

Our Q4 2017 study asked consumers to identify which financial services and technology brands they trust to safeguard the security of their personal information. Banks led the way, with nearly two-thirds (62%) of consumers saying they trust their primary bank, far ahead of the trust consumers place in iconic digital brands such as Apple (37%), Google (33%), and Facebook (20%).

As this latest data privacy debacle casts a penetrating light on the data management and monetization practices of the digital brands and data aggregators, consumers are sure to clamor like never before for greater control over how their data is used. This historical moment creates an unparalleled strategic opportunity for banks.

While not without their own challenges, banks are viewed as consumers’ best ally on the data privacy front. Who is better positioned to address this urgent consumer need for enhanced data privacy control and protections?

Now is the moment for banks to apply their enduring strength in consumer trust to this new challenge. In doing so, banks can rejuvenate their historical trust franchise and gain increased relevance in the digital age.    

What your bank can do now

Actions banks should immediately consider include:

1. Invest in consumer education on data collection and data sharing.

This can help to raise awareness regarding good versus bad practices in social media and digital commerce, acting on the assumption that informed consumers will be the industry’s best customers.

2. Establish clear standards, policies, and disclosures regarding data-sharing and data ownership in your bank.

Leave no ambiguities regarding consumer data rights.

3. Implement new consumer data permissions tools that allow consumers to act on their data ownership rights.

Let your customers choose to share or not share data, as they see fit.

4. Innovate and deliver data-tracking and monitoring services that.

This should allow consumers to monitor with whom their data has been shared, and to “turn off” data sharing when they no longer view it as being in their best interests.

5. Continue to strengthen customer authentication capabilities.

At the same time, strive to keep digital experiences simple and frictionless.

6. Develop new frameworks and technology protocols for partnering with fintechs.

In such partnerships, banks can serve as the trusted custodians of their customers’ privacy, and fintechs as providers of the innovative technology consumers need to control and generate more value from their personal data—if they choose to do so.

7. Build programs that share more direct economic benefits with consumers.

These need to provide both incentives and appropriate compensation to opt in to data sharing.

Rethink privacy—make it a service

In short, banks can meet a growing consumer need and fill a strategic void by offering consumers privacy as a service. Such an offering, centered on the actions outlined above, would enable consumers to manage and safeguard their personal data in this era of digital connectivity and frictionless commerce.

There is reason to believe consumers will embrace such an offer. A majority of consumers in our Q4 2017 study want and expect the banking industry to take the lead on addressing data privacy concerns, ahead of government at 47%, and far more than digital services providers (18%). The banking industry seems to have a clear consumer mandate to take action.

Banks with the vision and courage to enter this new territory could rapidly build a strong branded position as consumers’ trusted data manager, blunt a consumer privacy backlash that would slow the growth of digital commerce, gain market share on the basis of their differentiated commitment to the consumers’ best interests and, as a result, develop a significant new source of revenue growth.

About the author

Bob Hedges is a partner and global leader of the Financial Institutions Practice at A.T. Kearney, a global strategy and management consulting firm. He can be reached at [email protected]