Bank insurers and privacy 

Data processing in financial conglomerates

In chapters 4 to 8 a number of conclusions have already become apparent. One general conclusion from the fact-finding is that bank insurers (with regard to the character of their products and services) sell 'trust' to their clients. Evidence of this can be found in policy statements which focus on social responsibility and solidarity and emphasize attributes such as carefulness and confidentiality. The banking sector also refers to 'the duty to care' for the client's needs. Trust and this 'duty to care' can be regarded as privacy-enhancing mechanisms. Privacy as an individual need is therefore an integral part of bank insurers' corporate policy. Further down in the organization, however, the situation becomes significantly more subtle. When banks say 'we as bank insurers abide by the law and the mutually agreed codes of conduct', they are in fact seeing how far they can go within the boundaries of the law, for organizational reasons. Privacy is not a selling point in the struggle to win the consumer's favour, as all conglomerates closely adhere to the applicable codes of conduct, including those governing the description of purpose.

pdf documentread the summary of this background study (13 KB)

The descriptions of purpose in the privacy regulations are formulated to refer to all corporate activities, not only to the purpose for which the client first gave the insurer the data, namely the acquisition of a certain product or service. Some bank insurers market themselves as 'all-round financial advisors'. The question remains whether the client is aware of this or just sees himself as a purchaser of a single product. In view of the extreme complexity of offerors and products, the practice of describing the purpose in such broad terms should be given renewed attention with the aim of providing the client with more transparency. In addition to the information in general conditions, privacy regulations and notifications to the Dutch Data Protection Authority, bank insurers will also have to take greater account of how to apply the tightened rules on the duty to provide information under Articles 33 and 34 of the Dutch Data Protection Act (Wet Bescherming Persoonsgegevens - Wbp). This study has revealed that insufficient attention is currently given to the promotion of transparency in the handling of personal data within financial conglomerates.

Citation
Buitenhuis, dr. R., Campen, drs. N.G.M. van, Helden, drs. W.J. van, Vries, dr. H.H. de, Bankverzekeraars en privacy. Gegevensverwerking in financiƫle conglomeraten [Bank insurers and privacy, Data processing in financial conglomerates] Dutch DPA, November 2000. Backgroundstudies and Investigations 20.