Privacy Law and Policy Reporter
There are a number of trends in the financial services sectors in many countries, including Australia, which present broad challenges for privacy protection. In 1997 the Wallis report on the Australian financial systemprovided its view on the privacy protection required in the Australian financial services sector and more recently an inquiry into the Canadian financial system provided its recommendations. The outcomes of these reports are contrasted below.
There are several discernible trends across the financial services sector, comprising banks and other deposit taking institutions, insurers and funds managers:
1. The establishment of financial services conglomerates selling a range of financial services from funds management and insurance products to traditional bank services. Banks, including the new AMP Banking, are all claiming that the pathway to improved performance is through an increase in the organisation’s share of each customer’s wallet — jargon for the number of financial products (including accounts, credit cards, insurance contracts and loans) the bank provides to each customer. They believe that, through enhanced data base management and better product bundling, cross selling of their products to their customers will be more successful and thus increase their share of wallet or purse. This has obvious implications for the way in which information is going to be analysed and used across these corporate information merchants.
2. Further mergers and acquisitions are expected within the sector over the next two years and these will give further momentum to the trend to use data to cross sell products.
3. Deregulation has made many of the traditional competitors seek to transform their businesses in order to maintain profits and market share. The major change is the trend away from branch style banking and distribution towards electronic, non-cash alternatives such as ATMs, EFTPOS and the internet. In general, this will increase the collection, storage and use of personal data.
4. Supermarket banking offers the potential for the ultimate marriage of personal data between retail consumption patterns and financial services usage. This could lead to the matching and mining of personal data for a range of direct marketing initiatives. The recent announcement by the Commonwealth Bank and Woolworths of an alliance taking effect mid-way through 1999 is the first milestone. However Coles Myer is also set to announce its framework for supermarket banking early next year. Although the details of the approaches vary, Australia is following the US and UK lead in this area even though the profitability of such alliances for banks remains uncertain.
At a general level the MacKay report supports the Canadian government’s approach to implementing a comprehensive, legislative scheme for privacy protection with minimum standards, called basic minimum standards, being set down in it.
It also recommended that these minimum standards should include that:
In line with the development of the Canadian Standards Association Model Privacy Code, the report recommended that financial institutions, individually or through associations, develop an acceptable, legally binding privacy code. These would expand on the minimum legislative standards and be certifiable through the federal supervisory body for financial institutions, the OSFI. This body should also have the power to conduct privacy audits.
Medical information was regarded by the MacKay committee as demanding special attention. In particular, it was recommended that there be strict segregation between the information collected for insurance and credit purposes. Moreover, an insurance company should not be able to share medical data with a deposit taking institution, like a bank, whether it is affiliated or not and regardless of whether there is customer consent.
It was recommended that redress for privacy breaches be dealt with through the financial services sector ombudsman who would have the power to award civil remedies and punitive damages.
In summary, the MacKay report broadly supports a European style approach to privacy protection, acknowledging that a voluntary regime will no longer suffice.
By way of contrast, it will be recalled that the Wallis report did not take a position on the type of regime appropriate for Australia or the financial services sector specifically. It did recognise that any regime should be national and that it should be overseen by the federal Privacy Commissioner rather than the new supervisory body, the Australian Prudential Regulation Authority.
The report added little to the understanding of the issues relating to privacy in the financial services sector, merely indicating at a general level there needed to be a balancing between business efficiencies and privacy interests.
No complementarity was discussed between the promotion of electronic commerce, of which financial services form the base, and the need to protect customer privacy. Of course, as already stated, it is in the best interests of financial institutions to encourage customers to move from the more traditional forms of banking to the less expensive electronic varieties. Pro-active, rather than re-active, consideration of privacy issues by financial institutions is likely to lead to consumers embracing electronic commerce, in its various manifestations, sooner and with greater alacrity.
The report also recommended that:
The MacKay report took a much stronger view on privacy protection than its Australian counterpart and gave greater consideration in its report to some of the major issues confronting the sector in this regard. Despite the Wallis report’s obvious success with many of its other recommendations for the sector, it failed to advance the privacy debate materially despite it being a clear issue in the context of the advancement of electronic commerce and the established trends within the sector.
Associate Professor Greg Tucker, Monash University.