Consumer sentiment around personal data privacy is changing. But most consumers, especially in the United States, lack a comprehensive understanding of how their information is used, stored, sold and managed. Consumer privacy will be a differentiator for financial services in 2021. This report looks at the unique attributes and behaviors of five different consumer groups, or “profiles,” based on their perspectives surrounding privacy. By understanding the behaviors and privacy practices of consumers, financial institutions can tailor products and services with privacy in mind. Institutions also can capitalize on consumers’ privacy behaviors to enhance security, by ensuring consumers are increasingly more comfortable with allowing their behaviors and devices to be tracked for stronger authentication. All of that provides a unique opportunity for cybersecurity teams, as they advance their roles in product development, privacy awareness and overall cybersecurity integration across all lines of business.

Key questions discussed in this report:

• How aware and comfortable are consumers with the ways financial institutions use their personal data?
• How do consumer sentiment and knowledge about data privacy affect behavior?
• What should cybersecurity teams do to influence other teams within their institutions to better leverage consumer behaviors around privacy?

The data in this report was collected from a random-sample survey conducted in June 2020 of 2,006 U.S. consumers. The margin of error is 2.19 percent. 

The privacy awareness score measured consumers’ awareness of how organizations track their data by aggregating and coding responses to four questions on a five-point scale. Respondents were asked to rate their levels of agreement with the following statements:

• The organizations I do business with cannot profile my behavior or track anything about me unless I give them permission.
• When I no longer want to do business with the company, all of my data is deleted, unless they are required to retain the information by law. 
• When I no longer want to use a company, my access is deleted to ensure no one else is able to take over the account.
• Companies are required to provide me a list of my information that they have on file based on how I have interacted with and/or used their products and services. 

Respondents’ comfort scores measure the degrees to which those respondents are comfortable with various types of non-essential data tracking. Responses were aggregated from eight questions using a five-point scale. Respondents were asked to rate their levels of comfort with the following statements:

• To monitor how you spend money in order to provide advice about new products or services that might be relevant for you (e.g., a faster way to earn rewards). 
• To monitor how you spend money in order to give advice about how to meet your financial goals (e.g., saving for a vacation).
• To monitor how you spend money in order to recommend products and services. 
• To generate customized instant discounts and offers by monitoring your purchase patterns. 
• To recommend products and services by monitoring your social media activity.
• To recommend products and services by monitoring the types of websites you visit and/or your search history. 
• To provide location-based offers for products and services that would be near your physical location.
• To generate customized instant discounts and offers by collecting your location information.

Companies Mentioned: Cash App (Square), Venmo, Zelle