Twenty years ago, this week Deluxe created the foundation of its privacy program by establishing core privacy principles that would embody the spirit of our commitment to privacy. The evolution of privacy since 1997 made me wonder how to compare our perceptions and perspectives on privacy in today’s market landscape: THEN and NOW.
What’s changed in 20 years? What has stayed the same?
The vast access to information on the Internet made researching going back in time for this comparison much easier and it was astonishing that we are facing some of the same challenges, opportunities, and competing viewpoints today in the era of ePrivacy as we faced in the late 1990’s Dot.Com era.
Privacy and emerging technology viewpoints
Time magazine ran a cover story in August 1997, “The Death of Privacy” to convey concerns on the rapid growth of technology, the internet, and our “wired planet” within an under-regulated framework. Monitoring and surveillance were concerns given the limited adoption and infrastructure for the internet. The ATM and Voice Response system was the emerging technology for banking delivery channels – and online banking was in its infancy.
The internet was perceived as the wild wild west due to the lack of consistent frameworks, standards, and the entrance of new disruptors of technology companies taking advantage of the eCommerce or Dot.Com boom. Monitoring of transactions and the lack of security of confidential data were paramount. Web searches could easily locate Social Security Numbers – since many states still used the SSN as a driver’s license number, and it was routine to print personally identifiable information like an SSN on a check. The bulk of the search engines that existed then, don’t exist today.
Compare the concerns on search engines then, who could locate you via your name/address and find written directions to an address with today’s digital tracking with online maps, drones, and digital identities. One of the first privacy books I read, “The Right to Privacy” by Caroline Kennedy and Ellen Alderman set a foundation for an analysis of the legal and ethical dilemmas on privacy in 1997. As technology advanced, it has been difficult for the regulatory frameworks to adapt and modernize.
Today our digital footprint has changed, but can still be tracked and located – online behavioral advertising, cookies, monetization, and digital marketing have created the digital channel, replacing the direct mail or snail mail marketing tactics of the 90’s. Today privacy settings must cross devices, a concept that was not even anticipated in the early days of the internet when the biggest challenge was to figure out a baseline for authentication. Today, multi-factor authentication and the hacking of credentials have shifted our controls to manage secure access, while preserving privacy preferences.
Financial services perspectives
20 years ago, the concept of internet banking was nascent, and banking organizations were striving to develop the business cases to stay competitive and move their services to an internet based or virtual environment. Concerns over privacy, including the accuracy and fairness of sensitive personal information, became the foundation for several competing privacy acts. We would close out the decade with the establishment of Gramm-Leach-Bliley or GLBA to set a foundation for privacy in financial services for consumer financial information.
Today, we are facing new disruptors and a technology shift towards mobile, virtual currency, paying by phone, and taking faster payments to a new level to give consumers the ability to pay simply, automated, and streamlined. The concept of real-time payments triggers changes between participants in the payment stream to address fraud prevention while balancing information sharing to mitigate risk. Privacy concerns are interpreted differently based on generational differences – but cyber security threats have influenced all sectors to develop and transform payment while ensuring security and safeguarding information. Today, privacy “Opt Outs” are not the focus, but overall privacy transparency is the cornerstone to customer trust.
In 1997, the FTC was concerned about the credit reporting agencies and direct marketers and their usage of credit information, creating concerns on the need for consumer protection regulation to prevent the abuse of personal privacy. New obligations to obtain permission before obtaining a copy of a job applicant’s credit report changed HR practices across the board. Amendments to the Fair Credit Reporting Act (FCRA) increased consumer protection on the accuracy of information provided in credit reports. The concept of adverse action vs. simply a denial notices changed the ways that credit decisions were made, and the processes needed to handle disputes. Today, the CFPB has taken a proactive role in the oversight of consumer reporting agencies and continues to focus on accuracy, model governance, data usage, and permissible use, but has an enforcement mechanism in their examination role.
Healthcare battles & the intersection of privacy
Healthcare has often been at the crossroads of privacy and transformation – the ethical dilemmas of using sensitive personal data compared to leveraging technology to advance science. 20 years ago, the debate was on fighting the AIDS battle and the usage and disclosure of healthcare data: the private citizen vs. public safety.
Today, your DNA is not only your identity but can be used to identify your potential for future medical issues creating a new suite of ethical challenges. The recent dialog sparked about Henrietta Lacks and the usage of her DNA from the 1950’s that is still in use today keeps health care privacy at the forefront perspectives for standards to balance the intersection of privacy and health protection.
The security of healthcare information is even more paramount today given the mandate for electronic health records. Recent cyber-attacks that targeted health care vectors brought to light how global healthcare privacy has become. The GDPR will advance that dialog even further with debates on cloud providers and the security and privacy of sensitive personal data.
Privacy & the press perspectives
In the late 1990’s electronic communications privacy was focused on telephone records and access to information. Fast forward 20 years and our smart phones, which drive phone, email, text, internet access, are driven by the same electronic communications regulations. Technology has outpaced our ability to keep regulatory frameworks for email privacy both relevant and transparent. This week, updated proposals will be put forth in D.C. to modernize the balancing act of email privacy and surveillance given the current landscape.
Princess Diana and her right to privacy were top of the media headlines in August 1997, first with the continued onslaught she faced and in the worldwide reaction to her death. Celebrity and privacy are words that may sound at odds, but even in 1997, the invasion of privacy of a public person was questioned as to what was going too far. Back then social media was email and chat and the press focus was on interviews, photographs, and mob press. Today we deal with privacy on the web, social media, streaming content, virtual reality, and determining what content is accurate vs. fake. The Sony hacks took privacy and celebrity to new levels – cyber-attacks were no longer just about stealing traditional personally identifiable information or financial information.
So, in the end, how different is 2017 from 1997?
Technology has changed; Banking has changed; Consumers have changed. Regulations and privacy advocates are still balancing the right of the person with the right of protection. Consumer protection oversight is still evolving, and technology disruptors are having an impact on payments. Breach notification obligations have evolved but are still not consistent across state and federal domains.
From a privacy perspective, I’d say that the key principle that is the same is that privacy is all about trust and transparency.