10:44 AM
Protecting Customer Privacy
Responding to the privacy regulations contained within the Gramm-Leach-Bliley Act, Bank of America, based in Charlotte, N.C., appointed Robin Warren to the new role of privacy executive in early 2000. An attorney who formerly worked in Bank of America's legal department, Warren has handled numerous issues across the bank's consumer lines of business.
Now, she has mastered the complexities of the Gramm-Leach Bliley Act and guides the bank through the thickets of what's permissible for moving customer information within the $642 billion institution.
Warren spoke with BS&T senior associate editor Ivan Schneider about her responsibilities at Bank of America.
BS&T:What led Bank of America to create your job?
WARREN: We'd had folks involved full-time with privacy prior to that, but at the time my role was created, the company had been thinking for some time that the issue was growing both in terms of being a public issue and a consumer issue. With changes in technology and the way consumers interact with financial institutions, it was really necessary to elevate it and make sure that we as a company were giving it the right focus.
My function is to make sure that all of our business units throughout the company not only understand what our privacy policy is and comply with it, but also to make sure that they're sensitive to what consumers' expectations and concerns are in this arena.
BS&T: What's unique about Bank of America's privacy policy?
WARREN: We don't sell or share customer information with third-party marketers for them to market their products and services. That means we don't give customers an opt-out from our selling those lists to third-party marketers because we don't do it at all.
We might offer products and services to our customers, but we do it in a way where we're making the customers aware of whatever the products are, rather than giving some outsider a list of who our customers are.
BS&T: Do you share the information with "insiders" (i.e., bank employees)?
WARREN: Well, it's our information. We might do a mailing to our own customer, saying, "Here's a product that you might be interested in, and if you are, you can reply and get in touch with whoever the company is." But the company would never have any information about the identity of our customer, unless the customer initiated that contact. Editor's Note: Bank of America categorizes customer information according to five types: information provided on applications; transaction and account information; information from a consumer report; information regarding employment, credit history, etc.; and other general information.
BS&T: Can customers opt-out from those contacts?
WARREN: We offer customers choices even when it comes to direct marketing whether it's our own product or other people's products. We maintain a central database of customers and give them an easy way to tell us, "I don't want to get direct marketing solicitations from you, I don't want to receive telemarketing or I don't want to get solicitations via e-mail." We honor those preferences, even though the law doesn't require us to do that. It's a thing that we do voluntarily because we know that some consumers feel strongly about it.
BS&T: What's an example of the way customer information might be used?
WARREN: We may have credit card customers who don't have a deposit relationship with us. The bank may get the credit card bank information-the names and addresses of folks who live in the market where we have banking centers and don't currently bank with us-and may send them a solicitation for banking services.
BS&T: How did the bank systematize compliance processes?
WARREN: Some of the things were in place and we've enhanced others. We give our customers the opportunity to opt-out of receiving direct marketing, and we've had a central database to collect that information for some time.
We've enhanced the database over the last couple of years and we've also built mechanisms to make sure that wherever communications are going on in the company, that every line of business understands that this database is out there.
Any sort of marketing communications with customers needs to be run through that database to determine which customers would prefer not to hear from us.
It's a combination of having the right technology and the human processes to accomplish that.