I gag to think of the implications if no one is doing this, but so far I don’t get any feeling that, at least in Asia, anyone is. We need a banks’ charter to keep customers’ private data private and safe.
Why? Banks continue to be cavalier with our personal information, reflecting not only a lack of awareness of how the debate over privacy has advanced, but also a lack of awareness about how phishing and other account-emptying techniques thrive on the theft of sufficient data about identity making customers’ information more, rather than less, vulnerable than before.
I just noticed this on a banking website where customers are able to update their mailing address:
With the data collected above, we will send you useful information about our services. This may include special offers and promotions. You may, at any time, choose not to receive marketing literature by calling our Direct Financial Services on (xxx) xxxx xxxxx or email to us.
No email address is supplied. There is no opt out check box. There is, in short, no way to change one’s address without opting in to junk mail from third parties (and we know how securely they keep their data) without making a phone call (to the main switchboard, not to any direct line) or scrambling around the rest of the website trying to find an email address. Is there no law against this, I wonder? Who is going to contact me and how do I know that the information those third parties get does not include some detail about my financial health?)
(I called the number four times by the way: Twice it didn’t connect, the third time it connected long enough for me to hear half a bar of the bank’s theme muzak. The fourth time I got through, and after passing through four layers of voice menus, I was told that the bank was closed, and that I should call back during office hours. I’m going to keep going, and I’ll get back to you.)