The Bank Privacy site collects together financial institutions’ privacy notices and allows the user to search & compare them.
Traditionally, companies have provided privacy notices to consumers in freeform “legalese” that make these notices difficult for average consumers to understand. Furthermore, it is difficult or impossible to use these unstructured privacy notices to compare different companies’ privacy practices. Per the 1999 Gramm-Leach-Bliley Act, U.S. financial institutions must send annual privacy notices to their customers, yet these privacy notices for many years suffered from these same issues.
In 2009, however, eight federal agencies jointly released a model privacy notice in a standardized format. Such a standardized privacy notice lets consumers directly compare companies’ privacy practices and also enables the first automated, large-scale comparison of privacy practices across an entire industry. This website reflects an ongoing project at Carnegie Mellon University in which we are automatically collecting and analyzing these standardized privacy notices.
We wrote computer programs to automatically search the web for privacy notices that follow the standardized format and to automatically parse these notices and extract the information that is most relevant for consumers. Since this process is completely automated and based on heuristics we developed from examining the specification of the document, our data likely contains errors. We are working on an update to this website that will enable you to report inaccurate data and suggest corrections. Although this website provides the first large-scale look at privacy practices across the financial industry, our automated data-collection procedures similarly mean that we likely have missed some institutions that use the standardized notice.
For more details about the project and data sources, please refer to a technical paper we presented at the 2013 Workshop on the Economics of Information Security. In summer 2014, we will release an updated version of this paper as a CMU technical report.