By Caroline O’Rourke | 03 February 2017 05:13:38The financial services industry has been embroiled in a bitter row over its data collection practices.
In response to a Guardian investigation into banks’ use of data to track its customers, more than 80 banks have signed up to the Data Protection Act, a set of rules designed to protect consumer privacy.
Some of the most prominent firms include American Express, Bank of America, Citigroup, Chase, Citibank, Deutsche Bank, HSBC, JP Morgan Chase, UBS, Wells Fargo and Bank of New York Mellon.
They’re joined by a host of smaller players in the industry, including Experian, Wealthfront, Wealthsimple, Zoho and Equifax.
Many of the banks’ privacy policies and practices are the subject of intense scrutiny from consumer rights groups, and the latest sign of the industry’s growing willingness to comply with government demands for data.
However, the data that banks collect about its customers is often far from accurate and incomplete, leading to concerns that banks are using data to identify customers who might be vulnerable to identity theft.
“There are some pretty glaring holes in the information banks have to offer their customers,” said Rachel Riggs, an associate professor of consumer law at the University of California, Berkeley.
“The banks aren’t necessarily using it to target advertisements, they’re using it as a tool to target people in the financial services field.”
Banks are not obliged to share information about their customers, but a handful of large banks have been found to be using information about them to target their own ads.
One of the largest banks to sign up to DPA is JP Morgan, which last year reported that it collected data on its customers via a third-party analytics service called Zoho.
According to the terms of service, Zoauth is “licensed to provide analytics and marketing services to businesses.”
“Zoho has been licensed by JP Morgan to provide these types of services for years,” a spokesperson told Business Insider.
“We have always been committed to protecting the personal information we collect from third parties, and are committed to working with our customers to improve privacy and data security.”
But many of the companies that have signed on to the data protection act are still reluctant to share that information.
In a statement, a spokesperson for JP Morgan told Business Insights that the company is committed to data protection, but said it was “confident” that it was doing enough to “ensure that the information it collects about its clients is accurate and complete.”
“Equifax believes the privacy of our customers is fundamental to our business and our business practices,” a statement read.
“We regularly review our policies to ensure that they reflect the most current standards and have been in place for over a decade.
We are committed, in this regard, to the privacy and security of our users and we will continue to strive to do so.”
It’s not the first time that Equifax has come under fire over its privacy practices.
In 2014, Equifax disclosed that it had secretly collected information on about 2 million people, which it said was in response to customers asking for more detail on how they could protect their data.
“This was the most sensitive and personally sensitive of our privacy practices,” the company’s then CEO, Richard Smith, said at the time.
“It was also the most widely publicized.
And we’ve been working to address it since then.”
In March, Equivox, a company that makes financial services apps, released a statement saying it would begin providing users with more transparency about its data practices, as well as how it would use it to help clients avoid identity theft and fraud.
“The privacy of your personal information is critical to Equivolve,” the release reads.
“As we become more connected and interconnected, we want to give you the ability to better understand and manage your data so that you can take appropriate action when it is used in ways that you feel are appropriate.”