By Kaitlin Asrow, Financial Health Network
Data breaches have become inevitable in our increasingly digital lives, but unlike other global events — from terrorism to the 2008 economic crisis — they have not yet become a catalyst for market-wide changes to business practices in industries that center on consumer data.
But that may be changing. Recent events, from the Equifax data breach to the misuse of customer data by Facebook and Cambridge Analytica, have initiated a growing outcry from consumers about the risks and opacity associated with current collection practices and use of the consumers’ data. This shift in public consciousness may finally create the sense of urgency needed to develop the inclusive and secure data ecosystem that the Financial Health Network and its partners have been advocating since 2015.
In the United States, the financial services industry is uniquely positioned to respond to this challenge and provide leadership in a national discussion. Financial services providers are already familiar with existing data privacy and liability regulations. Significant work has already been done to develop solutions for consumer financial data portability and control. And the impact data access has on the financial health of Americans is demonstrable.
Through the Financial Solutions Lab, an ongoing partnership with JPMorgan Chase & Co. that supports innovative technology startups working to improve the financial lives of Americans, Financial Health Network has seen first-hand the power that data have to support new tools and opportunities for consumers. Lab companies successfully leverage data from other consumer accounts, including financial accounts, government benefit accounts, utility accounts and more, to provide new products, services and increased value to users. To date, consumers have saved more than $1 billion using Lab products, thousands have improved their credit scores, and thousands more are getting out of debt faster.
The Lab successes highlight the two necessary preconditions required to foster safe data portability. Consumer protections must be in place to safeguard the security and privacy of information; and consumers must be given clear rights to access and share their account data.
Financial Health Network calls on all financial services providers, financial data aggregation firms, financial technology companies, consumer advocates, regulators and legislators to join us in considering the design of a United States data portability system grounded in four key consumer rights:
- Access: Consumers are able to port and access their information to the trusted service providers of their choice.
- Information: Consumers have digestible, accessible information about their rights, risks and responsibilities related to data porting.
- Control: Consumers have insight into, and control over the information they chose to share.
- Protection: Consumers are protected from unwanted access to, or use of, their information.
The United States is not the only country currently wrestling with the challenge of both open and secure data portability. From Estonia to Australia governments and citizens are discussing how to leverage digitization to both empower and protect consumers.
Europe has been the clear leader, as evidenced by the complementary forces of the EU’s PSD2 directive, and GDPR regulation to require data access while also ensuring consumer protection.
While challenges remain in the design and implementation of open data systems, and the efficacy of GDPR will not be known until after it goes into effect on May 25, 2018, these European systems can serve as useful models for efforts in United States.
The efforts in Europe and elsewhere overseas have been primarily led by government action. Similar intervention in the United States may take place, but it should be forged in consensus among industry stakeholders on what the safeguards and governance of a future consumer data ecosystem should look like. Financial Health Network believes that consensus should be built on the following principles:
- To preserve consumer rights to data access, we cannot deny consumers the opportunity to use innovative technologies and new service providers in the name of undefined security concerns.
- Consumers should receive consistent communications from all companies, so that they can have dependable expectations about how their permission will be obtained for data sharing, how permissions can be reversed, and what disclosures to expect.
- The data portability system should enable participants to minimize the volume, and therefore the risk, of unnecessary data in the ecosystem, and hold data users accountable for capturing and using information in excess of what was consented to.
- The system should assign potential liability for data breaches and data misuse among participants in a way that incentivizes exemplary security and privacy controls. But assignment of risk should be made in ways that enable the participation of trusted actors of all sizes.
Fortunately, new technologies and solutions are already being explored that hold the potential to advance the state of identity verification and secure data storage in ways that meet these principles. By combining the potential of technology with well-considered governance structures that protect consumer rights, the United States can develop the data portability system that we need to drive both individual financial health and broader economic stability and growth, and minimize the need for government intervention.
Get Involved: Join the conversation about consumer data access rights. Register and attend our EMERGE session, Prove Who You Are: The Future of Identify Verification on Friday, June 8 in Los Angeles.