Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:49 PM
Rusty Weston and Keith Dawson
Rusty Weston and Keith Dawson
News
Connect Directly
RSS
E-Mail

Shining Light On Privacy Policies

Business and consumer customers are both dissatisfied with and wary of offshore call centers, according to a new Managing Offshore and Call Center Magazine study. Managing Offshore editor Rusty Weston and Call Center editor Keith Dawson team up to analyze the implications of the data for global-sourcing companies.



If you read a few dozen corporate privacy policies, you may be excused for believing that the same guy who drafts the fine print in rental-car contracts wrote these while moonlighting. There is some truth to that notion: It's easy to find boilerplate privacy forms on the BBB OnLine site. These policies generally are so vague—and cookie-cutter in style—it appears that they exist to give attorneys wiggle room if the disclosure is ever challenged in court.

The premise of our review of privacy statements by companies engaged in outsourcing of various kinds (they don't in all cases offshore customer data to third parties) is to determine how these firms handle the concept of customer disclosure. What policy language is the state of the art? Which statements need a serious policy review?

E-Loan is the only U.S. site we could find that not only discloses the offshoring of customer data but actually gives consumers the choice to opt in or opt out. E-Loan's privacy statement features a section called: Does E-Loan Use An Overseas Service Provider?. The section states that "E-Loan may use trusted third-party service providers located overseas for processing of your loan. ... You may opt out of overseas third-party processing." With that simple disclosure statement, E-Loan vaults itself into the avant garde of "transparent" corporations (for more on this concept, read Don Tapscott and David Ticoll's book, The Naked Corporation). E-Loan's document is an informed-consent policy wholly unlike the vast majority of corporate privacy statements that imply, "We're a household name and we will never betray your trust."

Perhaps the nation's most highly regarded corporate privacy policy belongs to eBay, the billion-dollar online marketplace. In June, eBay scored highest for trust in a survey of 6,300 consumers conducted by TRUSTe and the Ponemon Institute. EBay's privacy statement is closely tied to an area on its Web site called Privacy Central, which does a fine job of explaining the company's core privacy principles to its community members. To our surprise, the privacy statement mentions the word "outsource" at one point in a section called "Internal service providers for our operations."

The section, located here, is one of the more transparent disclosures you will see. "We may use third parties that we refer to as internal service providers to facilitate or outsource one or more aspects of the business, product and service operations that we provide to you (e.g., search technology, discussion boards, bill collection, affiliate and rewards programs, co-branded credit cards) and therefore we may provide some of your personal information directly to these internal service providers." That's a comprehensive sentence and we applaud eBay in every way except one: It fails to mention that eBay taps captive and outsourced customer-service centers in Dublin, Ireland, and Vancouver, British Columbia.



Here is what we found on Hewlett-Packard's Web site, which has one of the most comprehensive privacy policies in corporate America and a thoughtful Chief Privacy Officer. "HP shares customer information across HP-owned business entities and companies working on our behalf ..." This line from HP's online privacy statement is one of the more transparent statements of its kind, but it still fails to explicitly disclose the offshoring of customer data to captive or outsourced offshore centers.

The policy further states that "suppliers and service providers are required to keep confidential the information received on behalf of HP and may not use it for any purpose other than to carry out the services they are performing for HP." But what it doesn't reveal, and undoubtedly should, is that HP's captive and outsourced call centers operate on a cost-effective, "follow-the-sunset" model, which helps the company remain competitive globally. Also, it is probably worth mentioning that the company's offshore workers are just as well trained and security sensitive as anyone in the United States.

For better or worse, Citibank's online consumer privacy policy is an easy read. This is what we believe privacy disclosure No. 7 really means to say: We keep our service suppliers in line, dear customer, so have no worries. But what it actually says is: "Whenever we hire other organizations to provide support services, we will require them to conform to our policy standards and to allow us to audit them for compliance." Further, while Citibank states that it may "disclose information about you to ... non-affiliated third parties" such as financial-services providers, it not only fails to define these services or what's disclosed, it doesn't hint where these providers might be located. Looked at a different way, Citibank is missing an opportunity to tout the fact that it has been a successful early adopter of globally delivered services, and that it has paved the way in setting best practices for security and privacy.

Bank of America, which has gone through enormous changes due to several recent mergers, maintains a fairly straightforward privacy policy, though it isn't as basic as Citibank's. BofA acknowledges that it shares five types of information about its customers within its own extensive family of companies and to "companies that work for us in order to provide marketing support and other services." These five things, it turns out, encompass personal data such as transaction and experience information including account balances and credit-card usage; information provided on applications that may include assets, income, and debt; consumer-report information; and so on.

In a section called "Managing information with companies that work for us," the bank states somewhat confusingly that "all companies that act on our behalf are contractually obligated to keep the information we provide to them confidential and to use the customer information we share only to provide the services we ask them to perform for you and us." (It's tempting to edit that for clarity, but then that would defeat the purpose of this exercise.)

GreenPoint Mortgage, now a subsidiary of North Fork Bank, is known to offshore data for purposes of prospect data mining, but you wouldn't know that from its apparently three-year-old Privacy Notice (it says the effective date is June 1, 2001). However, GreenPoint makes it easy for its customers to opt out of contacts from "nonaffiliated third parties." Oddly, we cannot say the same thing for North Fork Bank.



Is this disclosure line in Lands' End's privacy policy technically accurate? "Neither your name nor anything about you is sold or shared with any other non-affiliated company or agency." To our surprise, we learned that it's inaccurate, although not because the data is viewed by offshore service providers. A call to Lands' End's online phone support center in Wisconsin revealed to us that both "your name and address could be [shared] but not your phone or E-mail address." Lands' End exchanges the data with L.L. Bean, said the helpful agent: "That's the type of sharing we would do." Of course, Lands' End is a subsidiary of Sears, Roebuck & Co., a retailer betrothed to Kmart. When it comes to privacy, let it be said that what comes around, goes around.

On L.L. Bean's site, we found a fairly comforting policy acknowledging the fact that third-party providers may view its customer data. Of course, the policy doesn't reveal the name or location of these providers (with the exception of MBNA bank, which issues an L.L. Bean Visa card). What the policy says is simply this: "We contract with other companies to provide certain services, including credit-card processing, shipping, e-mail distribution, market research and promotions management. We provide these companies with only the information they need to perform their services and work closely with them to ensure that your privacy is respected and protected." Nicely put.

Copyright © 2018 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service