Companies of all stripes should eye Facebook’s ongoing public relations catastrophe with worry — and financial institutions are no exception.
Given the nature of the data they possess, banks and credit unions are at particularly high risk of a crippling backlash to any such errors, the likes of which Facebook is now facing over its sharing of user data with political firm Cambridge Analytica.
However, FIs are increasingly becoming digital businesses — and that necessitates collecting, storing and sharing customer data in order to understand and fulfill customer needs. This is pushing banks and credit unions to develop partner ecosystems to help them offer more digital solutions that improve customer engagement and satisfaction. That, in turn, is leading to more data sharing through application programming interfaces and other tools, enabling the proliferation of online payments and account aggregation tools like Mint. In Europe, such sharing of customer data with third parties is increasingly being mandated through open banking regulations aimed at fostering innovation.
While it’s unlikely such regulations will be implemented soon in the U.S., competitive pressures will force many U.S. banks and CUs to share more customer data with third parties to offer more compelling and differentiated products and services. Financial institutions will need to ensure that any information shared with third parties is kept secure and does not violate an individual’s privacy, while also educating customers about everything that entails.
That starts with being selective about what data is shared and why. Banks need to be strategic in targeting specific use cases and applications for data shared with partners, and only share the data that is absolutely necessary for that function. Then FIs have to do their utmost to ensure that data is properly anonymized and protected from falling into the hands of unintended parties. That means properly vetting partners and their solutions, and using tokenization and identity protection tools to keep customers’ critical information safe, which U.K. banks and regulators are implementing as part of the country’s open banking mandate.
However, communication with customers will be just as critical when it comes to reassuring them of the safety of their private information. It isn’t enough for FIs to just take action on customer data privacy — customers should know about it. Information about banks' and credit unions' privacy policies and data security measures is often hidden in the fine print when consumers opt in to services that require sharing their data. Some financial institutions offer online resources to help customers understand how their data is being secured — but these resources are rarely displayed prominently where customers are likely to find them.
In the end, safeguarding against a Facebook-like public relations disaster can only be achieved if customers are aware of when their data is being shared, how it benefits them in the form of new products and services and how their identity and personal information are being secured.
That information needs to be readily available in any interaction between the bank and customer, regardless of the channel that interaction takes place in. That means putting online information where customers can easily access it and training call center and branch staff on how to inform clients about these topics. U.K. banks have faced a public outcry over the sharing of data through the country’s open-banking initiative, even though many banks had already been sharing customer data with partners for years. Consumers just weren’t aware of it and didn’t understand how it impacted them.
If banks can effectively educate their customers about these topics — and earn their trust when it comes to online privacy and security — they’ll be succeeding where tech giants like Facebook and Google have clearly failed. That would position banks as trusted guardians and brokers of customer’s personal information, helping financial institutions cement customer relationships for the long term.