Recently, I received a detailed letter from a credit card company.
This two-sided flyer looked very different than the small brochures that often accompany my credit card statements that infer, “We own all of your information – so don’t complain about it.”
The two-sided fact sheet was from an internationally known bank and the title was “What does (name of bank) do with your personal information?”
As a security professional, I took a moment from my shredding to read the flyer. At the top of the flyer, the following sections were featured:
Why? Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information.
What? The types of personal information we collect and share depend on the product or service you have with us. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history.
How? All financial companies need to share customers’ personal information to run their everyday business.
Reasons we can share your personal information: for everyday business purposes, for marketing purposes, for joint marketing with other financial companies, for affiliates’ everyday business purposes, for affiliates to market to you, and for non-affiliates to market to you.
On the back of the flyer, the bank explained “What we do” to protect the customer’s personal information and why all information cannot be limited from sharing. Lastly, there was a toll-free number to call for further clarification.
I had to think long and hard to remember if I had ever seen anything so detailed from any other credit card company, bank or financial institution, credit institution, etc., that resembled this detailed document.
The truth was, despite all the privacy discussions in the mainstream media and tech media, I had never received anything similar to this fact sheet or flyer.
In this era of privacy concerns, privacy lawsuits, and admit it, loss of privacy, it was actually refreshing to see such effort expended by a bank to explain the why’s and how’s for information sharing.
But the reality still remains, the fact that so much information is being shared scares the hell out of me.
Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter (http://www.twitter.com/Tips4Tech) and on Facebook (http://www.facebook.com/Tips4Tech).
Cross-Posted from Tips4Tech