Lorilee Woods

Policy Analysis

Privacy Policy for Bank of America

 For my checking and credit accounts, I am currently using Bank of America in California .   Even though I still prefer to write my checks and receive paper transaction records, I use online banking because of its convenience.  However, I sometimes have a blind trust towards the security and confidentiality of my bank that I really do not know is true. 

 The privacy policy and security information are available online.  The content is easy to browse through but is not included in a printable format.  The main site for privacy and security can be found here:

 Bank of America . (2004) Privacy and Security.  Retrieved November 9, 2004 , from  http://www.bankofamerica.com/privacy/index.cfm?template=overview

SECURITY FEATURES:

Banking security occurs through both online transactions and off line.  Bank of America provides services free of charge to customers to enhance their security.  Customers can monitor accounts and pay bills online, directly deposit checks into accounts, set up automatic payments of bills, and security enhanced checks to thwart fraud.  There are also ways to protect credit and checking cards from fraud.  Photo IDs are placed on credit and banking cards (I have my picture on my checking card).  Cards are also secured using Bank of America’s “Total Security Protection” as a “defense against theft, loss or unauthorized use, even if you use your card online.”  The bank also supports “Verified by Visa” where customers can choose a password to be associated with their cards to enhance security.

Bank of America protects online security by using computer virus protection, firewalls, secure transmissions, secure email, and more features that are constantly advancing.  For Bank of America to guarantee (or almost guarantee) your privacy, they suggest customers should use Microsoft Internet Explorer or Netscape browsers to support their encryption technology.  They do not give any feedback or warnings of what might actually happen if a customer tries to use Mozilla for online banking.  Certainly, it may increase the likelihood of identity theft or other violations of personal privacy, but just how likely would that happen?

In addition to outlining the security tools they support, Bank of America provides information about how customers should be aware of and protect themselves against online fraud.  BoA lists the types of personal information that should be protected: “online IDs and passcodes, Social Security numbers and account numbers” and necessary precautions to prevent identity theft or fraud.  There is also information about how to report fraud after the fact. 

PRIVACY POLICY:

Privacy Policy for Consumers

Bank of America asserts that they go beyond what the law requires of them to provide personal privacy to its customers.  “This policy covers Customer Information, which means personally identifiable information about a consumer or a consumer's current or former relationship with Bank of America.”  They do not sell or share information, and customers have the right to choose whether they want to receive marketing calls from their “family” companies or not. The policy covers eight aspects:

1. Protecting information about you from marketers outside Bank of America
2. Making the security of information a priority
3. Collecting information
4. Managing information
5. Making sure information is accurate
6. Honoring your preferences
7. Actions you can take
8. Bank of America companies

In here Bank of America defines what customer information is, how BoA uses it, and what customers’ rights are.

Online Practices for Privacy Policy:       

Bank of America also assures certain rights to consumers specifically when they use online banking services.  These guidelines are for “general guidance and are subject to change.”  Browsing the use of the BoA website is anonymous, however, to use the services you need to sign up and submit your personal information.  Also, unless you disable your internet cookies, you will no longer have the option of browsing anonymously.  Even by submitting personal information BoA protects your privacy by only sharing customers’ information to companies that are associated or work for BoA.  They will not sell your information and will hold to these guidelines.

CRITERIA AND ANALYSIS:

The criteria used for analyzing this privacy policy were format, straightforwardness, thoroughness, and catalytic.

Format:  The privacy policy uses language and terms that are easy to understand and follow.

The privacy policy is in an easy to read format and uses easy to understand language.  Rather than putting all of the security and privacy information on one page, BoA uses multiple pages organized into relevant groupings: overview, your account security, reporting fraud, privacy policy, set your privacy preferences, and frequently asked questions.  Usually privacy policies and related documents are on one very long page that can be very daunting and hard to follow.  However, there are disadvantages to not having all of the information in one place.  The information is not easily printable and since the information is on multiple pages it is easier to overlook important items.  The privacy section should provide onlookers with an option to print one large PDF file if they so choose.  

The language also plays a role in making security issues easier to understand.  The BoA privacy policy does not use overly technical and/or legal language which makes it easier for anyone to comprehend.  When referring to encryption technology, BoA writes very simple and short terms such as: “Secure Socket Layer (SSL) technology secretly encodes information that is sent over the Internet between your computer and Bank of America, helping to ensure that the information remains confidential.”

Straightforwardness: The privacy policy is straightforward about the types of information shared and with whom it is shared.

For the most part, Bank of America is very straightforward when explaining where customers’ information is going and who is receiving it.  BoA prides itself by not sharing information to marketers outside of Bank of America, but they do give your information to other companies within BoA.  There are almost 45 companies that share customer information, and they are listed in the privacy policy.  I counted them they did not tell me exactly how many “family” companies there were.

BoA refers to “five categories of Customer Information,” and includes: Application Information, Consumer Report Information, Information from Outside Sources, Transaction and Experience Information, and Other General Information.  Customers have a choice in whether or not to share Application Information, Consumer Report Information, and Information from Outside Sources, but have no choice with their Transaction and Experience Information, and Other General Information.  They are straightforward in defining these categories and where the information it going.  They are also clear on how to stop sharing with and receiving information from BoA companies through the “Set Your Privacy Preferences” section.

Thoroughness:  The privacy policy should be complete in its descriptions of possible security issues.

Bank of America is thorough in its descriptions of what types of technology and procedures they use to protect customer privacy.  They use anti-virus software, firewalls, and encryption technology to protect transactions.  One downfall I see is that the encryption tools are only supported with Internet Explorer or Netscape.  I believe that they should also look to supporting other browsers.

Along with how BoA tries to protect privacy, the privacy policy is also thorough in explaining how customers can protect privacy.   Simple acts such as storing personal information in a safe place, being aware of surroundings at ATMs, and updating personal computer software are just a few of their suggestions.   

Catalytic:  The privacy policy should contain necessary information to promote education and change to prevent foul play and aid victims.

The Bank of America website provides sufficient information on how customers can better protect themselves from being violated.  They define what online and email fraud are: “Phony e-mail messages sent to you for the purpose of stealing personal and financial information are among the most common types of e-mail fraud.” They give an example of what one would look like; pointing out what customers should look for, such as misspelled words or messages to act with urgency.  BoA even provides advice for general security protection beyond their services by urging customers to use anti-virus protection, automatic upgrades, using caution with attachments, and being familiar with the specifications for your computer and network.

If a customer has been a victim of fraud, BoA provides useful steps and contacts to resolve these issues quickly.  They have their own contact information: abuse@bankofamerica.com, and Bank of America provides outside sources for customers to further research their rights.  These sources include: the Federal Trade Commission for identity theft and the National Consumer League for fraud.

Overall, Bank of America provides useful information to help educate and assist those who have experienced fraud.  However, there is something disconcerting with the fact that the privacy information urges customers to be very cautious with their personal identification, but still requires a SSN to change privacy preferences.  But that is just a personal opinion.