About UsWhy Choose GCG?ServicesResourcesProfilesContact UsHome

FINANCIAL SERVICES

The Future of Privacy

April 2000

By Christopher C. Gallagher*
For Electronic Banking Law and Commerce Report

The privacy issue these days is hot, but it is not a fad. Indeed, it promises to occupy our collective attention for years to come for a simple reason. Privacy concerns as a social, political and economic issue are not merely a symptom of the new economic paradigm — they are its inevitable result. Privacy is, and will continue to be, a pressing and prominent issue because it sits squarely at the intersection where something very near and dear to each of us — our personal identity — collides with the operating efficiencies and economies relentlessly driving this new information age. The new technology is unfolding faster than we are able to adjust.

The neocortex in our human brain — what separates us from the rest of the animal kingdom and houses our personal and individual sensitivities — has been evolving for 400,000 years. Today we confront technologies evolving at warp speed, totally unrestrained by the physical constraints that have traditionally moderated the process of evolution. Some may view this as a benefit. Others mourn loss of security within their personal space. In any case, there is no turning back. The collection, utilization, manipulation and distribution of information about everything, including each of us, will continue. The technology enables it. The economics of the new age demand it. And nothing can contain it, because new and revolutionary laws and principles are driving this evolutionary change.

Moore's Law states that processing capacity doubles every 18 months with no increase in cost. Accordingly, the processing of information about everything, including each of us, will continue to be "cheaper, faster and better" — the mantra of the new economy. Metcalfe's Law, which repeals age-old economic laws of value, states that as the number of facilities connecting us with one another increases, their value increases as well. The more nodes on the network, the more valuable is each node. Consider the fax or the Internet itself. It is significant when multiplicity, not scarcity, creates value.

Now combine this exploding processing power and expanding connectivity with the transaction cost principles of economist Ronald Coase, who correctly theorized that as the costs of accessing needed information diminish, firms whose business model has been to fill that information gap (banks come to mind) will be bypassed, or as folks in the book-selling and travel agency businesses have learned, "middlemen" will be "Amazoned."

Bypassing intermediaries moves commercial focus to mass customization, with its granular targeting of individuals — one-to-one marketing. But successful and efficient execution of such marketing requires the collection and processing of information about you, information that you have controlled your whole life; that defining information by which we each identify ourselves in different ways to different people. Lots of people know a lot about us but only we know the complete picture. That's how we each control our own identities. Now, as the new economics of cheaper, faster and better technologies collapse the barriers of space and distance and simplify the monumental task of watching, accumulating and identifying patterns in everything we do, this personally-managed definition of ourselves is no longer safe within our exclusive grasp. In short, unless we choose to be a recluse, others can, and therefore will, know almost as much about us as we do ourselves. Are we ready for a world in which we are visible to anyone who wants to look?

Until very recently, a statistical majority, "privacy pragmatists" so-called, have been quite comfortable balancing their privacy with the personal information flow used to make life more convenient and shopping more efficient. Now polls show a new majority is "very concerned" that information gained while we are on-line will be used to give us unwanted information. And a whopping 87% of those who use the Internet are "worried" about that usage and their privacy. Trends toward personal discomfort are clearly on the rise and that rise will continue. Yes, we all share private information, even with strangers, but we do so face to face, where personal cues (emanating from our neocortex) give us confidence and control. But as our awareness elevates about today's distanced data-gathering, surveillance and profiling, and that awareness is intensified by the web itself, public concern and public clamor for protection will rise with it. The real benefits of data mining and surveillance, including lower costs, higher efficiencies, convenience and protection against fraud will be harder to see and even taken for granted. In that gap, the politicians will feel constrained to intervene. Now we have a serious problem.

It is by now very clear that the business model on the Internet is not to pay for content, but to get it free. We all enjoy this luxury, but someone has to pay for it. Like television, radio and magazines, that someone is the advertiser. If we expect this wealth of useful information to continue to expand, we must accept the notion that the advertising funding it will have to be cost effective. That will require personal targeting, which in turn requires the kind of information profiling people find uncomfortable.

On-line advertising (mostly banners that fund the web sites that we all enjoy) is ignored routinely 99% of the time. Two billion dollars in expenditures in 1998 became four billion last year. This exponential growth continues. But if this business model is to work, today's average click-through rate of 1% is not good enough. In short, "targeted" marketing isn't merely a convenience, it is a necessity. It must be employed by all retailers, especially providers of financial services, whose products clearly are commodities and whose customers are always just a click away from being someone else's.

In the years to come, expanding choice, competition and commodification will compress profit margins. Three percent of auto purchases are now made on the web, but more than 50% are preceded by the access to the web and its valuable information, commoditizing car buying while flattening profits. Similarly, not all banks are Internet banks, but no bank can reasonably expect to operate beyond the competitive and margin-compressing influence of pricing and product information now available. And so, financial services providers, with their commoditized products, will have no choice but to bundle services and products to attract and hold their customers.

Information is the key to efficient and effective execution of that strategy. Retention is possible only if you can know everything there is to know about your customer. But "there's the rub," as Hamlet said. How can financial services providers find and keep their customers, maintaining enough information to custom-serve them conveniently and cost effectively if their privacy concerns are not met? Worse, it is idiomatic that the key to maintaining any edge whatever in financial services competitive markets is to build on the "trust" banks now have as part of their brand. How can we manage all these conflicts? The successful and competitive operation of our banking system now hangs in the balance.

Should government intervene? The Federal Trade Commission's famous Fair Information Practices are still the basis for any sound response to the policy implications of the information-privacy dilemma. Notice, Choice, Access, Security and Enforcement are still the keys to managing this conflict. But even though any successful balancing of these issues requires that those elements be present, it is not essential that they be assured by statute. Indeed, each of them is legally in place now if one layers GLB over other laws already in effect. Whatever polls may say, the deluge of post-GLB privacy bills submitted in Congress and in state capitols tells us that legislators will act. Do we need more laws or should markets in this highly competitive industry be given time to work? The future of the new economy may also hang in the balance.

Let's review some of the choices.

A. What about doing nothing?

There are those who say that customer-focused data mining has been going on for years. Why all the fuss? The assertion that something has been going on for years and therefore should be allowed to continue, will not be effective if the process considered is abhorrent when discovered. Consider learning that the servers in your local restaurant never wash their hands, but that's been the case for years. I'll just have water, thanks!

B. How about fighting back? Why not use technology to protect us?

Encryption clashes with our national security. Digital certification can work and anonymity is possible on the Internet, but counter-surveillance technologies are expensive and complex. And anyway, folks whose VCRs are still blinking all night will not be confident about the use of privacy protection devices requiring competence to operate. So a privacy "arms race" pitting consumers against commercial interests cannot work, and will not resolve the privacy conflict.

C. What about self-regulation?

The FTC and now Title V have appropriately signaled the end of self-regulation as a solution. Industry trade groups, especially the ABA, have tried and they are making headway, but those efforts alone are not the answer. Self-regulation in this new competitive economy can't work unless it is practiced by everyone. It won't be.

D. What about Gramm-Leach-Bliley?

Significant change has happened. GLB requires that financial services providers preserve and protect our personal information, that they publish their privacy policies and practices. Transparency can, and I think will, have a profound impact on the financial services market. We now know, as DoubleClick has recently found out, that with privacy, public awareness results in political and public reaction. The harsh lessons of the DoubleClick affair will not be lost on those who want to keep their customers and maintain their market capitalization. Indeed, it will soon be clear that secure handling of personal information must be a part of any successful financial services provider's offering of products and services. In a world of commodities, the opportunity to brand with an issue like privacy will not be missed.

The lessons to be learned from DoubleClick have been noted. Customer choice and elasticity will force purveyors of financial services to offer them with privacy protection and security that will satisfy consumers newly-educated by the macro-impact of current publicity and the micro-impact of Title V. We need to give this "third way" process a chance to work, by using government to stimulate the operation of a competitive market that includes privacy policies as a means of differentiation and brand in a crowded commoditized field.

Adding 500,000,000 individual notices to today's deluge of articles will raise consumer consciousness. Even those who formerly were apathetic will be aroused. GLB's notice mechanisms will create demand for privacy, and in so doing, will make an offer the financial services industry will not refuse.

*Christopher Gallagher is admitted in New Hampshire.

 

Return to top of page

Return to HOT TOPIC: PRIVACY
Return to Financial Services Articles
Return to Firm Publications

 

 

 

 

 

 

 

See also:

Hot Topic:
Privacy

 

 

 

 

 

 

You may contact Christopher Gallagher at 800-528-1181.
About Us - Why Choose GCG? - Services - Resources - Professional Profiles - Contact Us - Home