Only transactions in which currency is the medium of payment can be accomplished with some degree of anonymity. Even then, evidence of financial responsibility often is required in order to obtain a service. For example, it may be virtually impossible to rent a car without presenting a credit card even if payment will be in cash.
When checks are used for payment, a record is created of the payor, the payee, the zdate, and the amount. In addition, documented identification often is required and various identifying numbers (e.g., telephone number, driver’s license, credit card number, employee identification number) may be written on the check by the recipient. The person making payment provides this information willingly in order to have the payment accepted and to enjoy the convenience offered by a checking account. But checks are handled by human tellers and accountants, and the recipient of a check may sign it over to a third party in another transaction.
In order to obtain the further convenience of a credit card, customers are willing to provide additional personal information, such as place of employment, income level, and past financial history. As long as the information is used by the recipient only for the limited purpose for which it was intended, privacy is not usually considered to have been invaded because the information was provided by the subject in order to gain some benefit.
Financial institutions are compelled by law to keep some personal data. The Bank Secrecy Act requires that financial institutions keep copies of all checks over $100 and records of large cash transactions to protect the users of the system. In the same way, the Electronic Funds Transfer Act of 1978, and the Federal Reserve System’s Regulation E that implements it, require that receipts issued by EFT terminals and periodic EFT bank statements indicate the date, time, and location from which a transaction was initiated.
Personal financial data are not found only within financial institutions and service systems. Employers have records of income, and personnel files may contain other information as well. Tax collectors receive reports of wages, interest, and dividends. Social service agencies have records of benefits paid to recipients. Furthermore, people are aware that credit-granting organizations, check and credit authorization services, debt collection agencies, and others collect information about an individual’s financial history, both from the individuals and from a variety of other sources not always known to the subject or acknowledged by the collecting organization. People are less aware of the extent to which this information is shared among such organizations or sold to third parties for a variety of purposes, such as compiling mailing lists.
Generally people accept (not always without some irritation and concern) many acknowledged limitations on their privacy, not only because they may have no choice, but because they recognize that they derive substantial benefits thereby. For example, the increased acceptability of one’s checks and the ability to obtain credit are benefits that depend on willingness to provide personal and financial information. The aggregation of data about many individuals provides other indirect benefits. Such data are useful for the efficient distribution of goods and services and the management of inventories.
Market research may make it possible to design products to meet customer needs and wishes and to identify products that would be rejected in the marketplace, before resources are committed to production. Usually anonymity for individuals can be assured when data are aggregated. However, when data are collected under the expectation that they will be aggregated and then are used on a disaggregated basis (e.g., when survey data become the basis for direct telephone solicitation or lists sold to direct mail advertisers), this may well be considered a violation of privacy, if indeed the individual even becomes aware of the source of the solicitation.
Violation of Financial Privacy Edit
In payment systems, privacy is violated when data are, without the subject’s consent, made available to and used by those not a party to the transaction, for purposes other than those necessary to accomplish the transaction. Those other purposes could range from organized market campaigns to government surveillance to blackmail. If a person has neither explicitly nor implicitly consented to disclosure and use of information for a given purpose, personal privacy is considered to have been violated even if the same information was willingly provided by that person, either to another party or to the same party for a different purpose.
There is a second but closely related issue, which is the obverse of unauthorized disclosure of information to third parties; namely, the ability of the individual to know what personal information has been collected and how it is being used. Just as the use of financial data for authorizing the acceptance of payments and the extension of credit is advantageous to the customer, the denial of such services because of erroneous or incomplete data represents a significant disadvantage. Thus, customers need to know what information is recorded about them and how they can correct inaccuracies.
In 1974, Congress passed the Privacy Act of 1974 to safeguard the privacy of individuals from the misuse of federal records, to provide individuals access to their records maintained by federal agencies, and to establish a Privacy Protection Study Commission. In this Act, Congress explicitly recognized that:
|“|| the increasing use of computers and sophisticated information technology . . . has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use or dissemination of personal information,
the opportunities of an individual to secure employment, insurance, and credit, and his right to due process, and other legal protections are endangered by the misuse of certain information systems, (and)
The Privacy Protection Study Commission was instructed to:
|“|| make a study of the data banks, automated data processing programs, and information systems of governmental, regional, and private organizations, in order to determine the standards and procedures in force for the collection of personal information; and
recommend to the President and Congress the extent, if any, to which the requirements and principles of section 552a of title 5, United States Code, should be applied to the information practices of those organizations by legislation, administrative action, or voluntary adoption of such requirements and principles, and report on such other legislative recommendations as it may determine to be necessary to protect the privacy of individuals while meeting the legitimate needs of government and society for information.
- data should be used only for purposes for which they are collected;
- subjects should be aware of the uses to which data will be put;
- there should be a proper balance between what an individual is expected to divulge (in connection with financial services) and what that individual seeks in return;
- recordkeeping should be monitored and open to scrutiny by the subject in order to minimize the extent to which information about an individual is a source of unfairness in any decision affecting him/her; and
- obligations with respect to the uses and disclosure that will be made of information about an individual must be established and defined.
EFT and Privacy Edit
In many ways EFT can enhance the privacy of financial transactions. An automated teller machine (ATM) transaction is clearly more impersonal and anonymous than one conducted through a human teller. Electronic transactions cannot be signed over to a third party by the recipient as a check may be. Fewer people are involved in processing EFT information than in check processing, thus minimizing disclosures due to curiosity or carelessness. The coding of information as electronic signals minimizes the possibility of casual or accidental perusal of information.
EFT includes a number of information-handling services. In some systems the information consists of orders to transfer funds from one account to another; in others the information is somewhat more diverse, and serves as a basis for deciding whether checks should be accepted or credit extended. In each case there is a collector, a conveyor, and a recipient/archiver of the data. The parties or systems filling each of these roles have specific and different needs with regard to the content and form of information, and different potentials for affecting privacy.
The collector obtains information, usually from the customer, and makes an interim record that is retained to provide the beginning of an audit trail to ensure system integrity. The emphasis is on accurate recording. The data may be used not only to initiate a payment transaction, but also to support internal accounting functions such as inventory control and computation of commissions for salespeople.
Data are passed from the collector to the conveyor or communication link. The conveyor has little, if any, interest in the content of the data; the emphasis is on addressing and routing. However, the message content will be checked to ensure that it has been transmitted accurately. Copies of the data usually are retained for a time to add to the audit trail and ensure system integrity. Copies of data or audit trails sometimes are known as “data puddles;” that is, data that are collected to make the recordkeeping system work and to maintain accurate and secure records. The same controls and protections should be applied to these collateral data as to the records themselves.
Finally, the recipient or archiver receives and processes the data, and implements the transfer of funds or advises on the acceptability of payment or credit, Here the emphasis is on the substantive content of the message.
The collector, conveyor, and recipient/archiver need not be separate. When a retail store uses an electronic cash register connected to a computer to process a charge on the store’s own account, it plays all three roles. When a customer uses a bank credit card at the same store, the store acts as the collector, the bank card association operating the communication network is the conveyor, and the bank and/or its processing agent is the recipient/archiver. Each operates under a different set of regulatory constraints that limit the services to be offered and the conditions under which they are offered. The points at which privacy may beat risk are basically the same (collection points, transmission points, and storage points), but the nature and extent of the risk may differ.
- EFT makes it easier to collect, organize, store, and access larger amounts of data.
- More data are machine-readable and machine-processable, making them easier to manipulate and aggregate.
- EFT requires less time to record and to extract data; thus it is possible, in principle, to know the physical location of an individual as soon as he/she uses an ATM, or to know details of a transaction as soon as it is completed.
- Some EFT systems use keys such as account numbers, driver’s license numbers, or social security numbers that might make it possible to find and integrate many sources of information about the individual.
- Compared to check processing, relatively few people would need to cooperate or conspire in order to violate privacy.
- The number of points at which data are retained may be larger in order to create a useful audit trail.
- Individual data can be organized and analyzed from multiple perspectives to obtain the maximum amount of intelligence.
- The inner workings of EFT systems are invisible to customers who have no way of knowing what information they contain, who is using it, and for what purposes.