BankThink

Consumers have too little control over how their data is shared

Consumer data remains widely used in a majority of today’s businesses, from banks and lenders, to marketers and employers.

And while privacy concerns have led to the development of broad regulatory frameworks that seek to grant a modicum of control to the consumer over their personal data, it’s still widely trafficked with the consumer having very little control over their data flow.

This tangled web of data providers, privacy concerns and regulations results in an inefficient ecosystem that benefits no one. In addition to limitations for the consumer, banks and lenders only have access to the data that is available from providers. Despite the latest efforts to improve this, no good system exists that enables individuals and businesses to exchange data in a reliable and transparent way.

What’s needed is a new framework for consumer data sharing, based on two core principles.

First, the individual consumer should have full control over when and what data is shared, and with whom. Second, there needs to be a guarantee of the integrity and provenance of the shared data to the requesting bank or lender.

Fortunately, the digitization of data, on-demand software services and the emergence of application programing interfaces (APIs), create disruptive new opportunities to access and share consumer data. Thus, technology can be put to work in a way that allows the user to control their own data without sacrificing the integrity and provenance requirements of the requesting party.

This represents a new paradigm shift in the relationship between the consumer, their data and the requesting business. Rather than having a service provider consent to a broad “information request” by a bank for instance, the consumer provides explicit permission to a service provider working on their behalf to share a piece of their personal data, and only that data, with the requesting bank.

This permission-based approach relies on the consumer providing their explicit consent and authorization to access and share the specific item of data from the primary source of the data, and solely for the specific purpose. It ensures that the consumer is in complete control of their data, whom they are sharing it with and the granularity of that data being shared.

Examples include sharing income information directly from the payroll processor; transcript information directly from the academic institution; employment validation directly from the employer; or bank balance information directly from the financial institution.

In the case when an employer hires a background check provider to verify a candidate’s degree completion, the prospective employee provides consent to a service provider system working on their behalf to electronically access and retrieve the necessary information to complete the degree verification (like a college transcript) from the university system. The system extracts the data, establishes the degree verification and shares this information with the requesting business on behalf of the user.

The verification is based on original data from the university site, ensuring its integrity. On the other hand, no excess information is shared with the background check company, limiting the scope of the data sharing to necessary data only.

The enabling technology for such a consent-based approach is a platform that sits between the consumer and the requesting business and which manages the authorization, access and sharing of the data on behalf of the consumer.

A consent-based platform resets the relationship between the consumer, their personal data and the service providers and/or requesting businesses. The benefits of this approach extend well beyond privacy. With a consent-based approach, the data that can be shared is limited only by the consumer’s ability to provide access to it.

This vastly expands the shareable data universe, fueling innovation opportunities for product and services. Furthermore, by putting the consumer in control of their own data, more data can be made available, rather than less.

The net result of the consent-based approach provides better transparency, more accurate data and stronger privacy. That’s something both businesses, including banks/lenders, and consumers can get behind.

This article originally appeared in American Banker.
For reprint and licensing requests for this article, click here.
Data sharing Data privacy Data security Data management Data ownership Data privacy rules
MORE FROM AMERICAN BANKER