Choose a Bank That Guards Your Data
Choosing a bank isn't just a chore; it's a crucial decision that impacts your financial security and personal privacy. We often pick a bank out of convenience or a false sense of trust, but that approach can leave your nonpublic personal information (NPI) vulnerable.
The Problem with Convenience
When selecting a bank, our choices are often driven by a few familiar factors:
- Location: For many, the closest branch or ATM is the primary concern, even in an age where physical banking is becoming less common.
- Brand Recognition: Large, well-known names like Chase or Wells Fargo feel inherently safe due to their massive marketing presence and established reputation.
- Existing Relationships: We often bank where our family or employer does, consolidating accounts for convenience.
These traditional selection methods, born from an era of brick-and-mortar banking, no longer serve our best interests. The digital age has transformed banking, making your data—not just your money—one of your most valuable assets.
Your Privacy Is at Risk
It's easy to overlook, but banks collect a vast amount of your NPI, including everything from your transaction history and account balances to your Social Security number and contact information. While some of this data is necessary for essential banking services, many banks collect and share far more than they should, often for marketing or with third-party partners. This practice puts your personal information at risk and can lead to unwanted solicitations and even identity theft. The key question you should be asking isn't just "What’s the interest rate?" but "How does this bank protect my privacy?" The answer is as close as the footer of the bank home page, a link titled “Privacy.”
The GLBA Privacy Notice: A Critical Document
The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law that requires financial institutions to protect the privacy of consumer financial information. A key component of this law is the GLBA privacy notice, which every financial institution must provide to its customers.
What the Notice Tells You
The GLBA privacy notice is a document that outlines a financial institution's privacy policies and practices. Its primary purpose is to inform you about:
- What NPI they collect: This includes details like names, addresses, Social Security numbers, account balances, and credit history.
- How they share it: The notice must specify what types of information the institution may share with other parties.
- Who they share it with: It distinguishes between affiliated and nonaffiliated third parties and may include examples like mortgage brokers, insurance companies, or direct marketing firms.
- Your right to opt out: The notice must clearly and conspicuously explain your right to direct the institution not to share your NPI with nonaffiliated third parties (with some exceptions).
- How they protect it: The notice must describe the institution's measures to safeguard the confidentiality and security of your data.
This notice must be provided when a customer relationship is established and then annually thereafter (though exceptions now exist under the FAST Act if certain conditions are met).
Understanding the Model Form
To make it easier for consumers to understand and compare privacy practices, federal regulators created a voluntary model privacy form. Financial institutions that use this form correctly are granted a "safe harbor" for complying with the GLBA's notice requirements. This standardized, two-page document is designed for clarity:
- Page One summarizes the notice by answering "Why?", "What?", and "How?". It includes a simple "Yes/No" disclosure table and a box for "opt-out" information, making it easy to find your choices.
- Page Two provides supplemental information and defines key terms like "nonpublic personal information," "affiliates," and "nonaffiliated third parties" in plain language.
The notice must be clear, conspicuous, and provided in a format that you can retain, whether in paper or electronic form.
Why a "Yes"-Filled Notice Is a Red Flag
When a bank's GLBA privacy notice is "full of 'yes' answers," it indicates a broader sharing of your nonpublic personal information (NPI) with third parties. This can raise several significant privacy dangers:
1. Increased Risk of Data Breaches
A "yes" response often means the bank shares your information with multiple third parties. The more entities that have access to your data, the higher the risk of a breach. Third parties may not have the same security standards as the bank, increasing the likelihood of unauthorized access.
2. Unwanted Marketing and Solicitations
If a bank says "yes" to sharing data for marketing, you can expect an influx of unsolicited calls, emails, or mail. The sharing of sensitive details (like your spending habits) can also lead to manipulative marketing practices tailored to exploit your financial behavior.
3. Limited Consumer Control Over Data
While GLBA allows you to opt out of some sharing, you can't opt out of all of it. If a bank shares data broadly, your control is diminished, especially if the sharing is with affiliates (where opt-out rights don’t apply) or the opt-out process is cumbersome.
4. Potential for Profiling and Discrimination
Extensive data sharing can lead to the creation of detailed consumer profiles by third parties. These profiles could be used to make decisions about you—like eligibility for loans or insurance—potentially leading to discriminatory practices.
5. Heightened Risk of Identity Theft
Sharing sensitive NPI (e.g., Social Security numbers, account numbers) with multiple parties increases the chances of that information being mishandled or stolen. This exposure heightens the risk of identity theft and fraud.
6. Lack of Transparency About Data Use
A notice with many "yes" answers often lacks specificity, making it hard to know how and with whom your data is being shared. This limits your ability to make informed decisions about your privacy.
7. Cross-Border Data Sharing Risks
If a bank shares data with international third parties, your information may be subject to different (and often weaker) privacy laws, leaving you with little recourse if it is mishandled.
Note: The GLBA allows certain sharing without opt-out rights (e.g., for fraud prevention). However, a bank that "mostly answers yes" may be engaging in optional sharing (e.g., for marketing), which significantly increases privacy risks. As we've seen in many data breaches over the last year, third parties often do not offer the same level of data protection.
Again, look for a bank with the fewest "yes" answers as possible!
Modern Banking Requirements
To say banking has changed substantially is an understatement. When people ask us which banks we use, they are often names they've never heard of because we're basing our choices on modern needs. A modern bank’s value is in a combination of privacy, security, and functionality. When choosing a bank, these are the other key features to consider:
1. Security Features
- Two-Factor Authentication (2FA): This is a critical security layer. Too many banks still rely on vulnerable SMS-based OTPs. Instead, look for:
- TOTP (Time-based One-Time Password): This is the gold standard for 2FA. It uses codes from an authenticator app (like Ente Auth or Proton Authenticator) that are not reliant on a cell phone network, making them resistant to SIM swap attacks.
- Hardware Security Keys (e.g., YubiKey): These physical devices offer the highest level of security. While less common, a bank that supports them is at the forefront of security.
- Passkeys: The next generation of authentication, passkeys replace passwords entirely with a cryptographic key. They are phishing-resistant by design and a sign of a bank’s commitment to cutting-edge security and a smoother user experience.
- Real-time Fraud Monitoring: Good systems use AI and machine learning to detect unusual activity and alert you immediately, often before the fraudulent transaction goes through.
- Customizable Account Alerts: Look for a bank that allows you to set up alerts for a wide range of activities, such as transactions over a certain amount, ATM withdrawals, or changes to your account information.
2. ATM/Debit Cards
- Card Lock/Unlock: This top-tier security feature lets you instantly "lock" your card via the mobile app, preventing new purchases or withdrawals. You can easily unlock it when you need it, which is perfect for preventing fraudulent use.
- Surcharge-Free ATM Networks: Few banks have their own large ATM network anymore. Look for one that partners with shared networks to provide free access, allowing for ultimate privacy while shopping and dining.
- ATM Fee Reimbursement: Some banks will reimburse you for fees you incur at out-of-network ATMs, which is an excellent feature if you travel frequently.
3. Fee Structure
- Monthly Maintenance Fees: Look for a bank with no monthly fees or a clear and easy way to waive them. Many modern banks have eliminated these entirely.
- Overdraft Fees: Look for a bank that offers a "no-overdraft-fee" policy or a free way to avoid them, such as linking your savings account to your checking account.
- Foreign Transaction Fees: If you travel internationally, a bank that does not charge foreign transaction fees is a huge money saver.
A New Way to Choose a Bank
When evaluating a bank, find one that allows you to answer "no" to as many of these questions as possible:
- Is this bank's privacy notice full of "yes" answers for sharing my data with affiliates for marketing?
- Does this bank only offer weak 2FA options like SMS codes?
- Does this bank not support more secure authentication methods like TOTP 2FA or Passkeys?
- Will I have to pay fees to use an ATM near me?
- Will I be charged a monthly maintenance fee?
- Will I be charged an overdraft fee if I make a mistake?
- Will I be charged a foreign transaction fee when I travel?
A bank that minimizes these "yes" answers will likely be more secure, more private, and more cost-effective.
Where to Find a Bank
You can begin your search using these government-run sites:
- BankFind Suite: https://banks.data.fdic.gov/bankfind-suite/bankfind
- Credit Union Locator: https://mapping.ncua.gov/
Sadly, neither provides a way to search by their privacy notice. You may want to search the internet for something like "Which US banks have the best privacy policies?" We have found several excellent options this way that we had never heard of before.
It’s important to remember that a wide range of financial institutions, including banks and credit unions, are covered by either the Federal Deposit Insurance Corporation (FDIC) or the National Credit Union Administration (NCUA), providing $250,000 of government-backed deposit insurance. So, it really comes down to privacy and security for us.
We hope this new way of thinking about banking will help you reconsider how you pick your next financial institution. Remember, we may not have anything to hide, but we have everything to protect.
