Privacy policies are the consumers' bill of rights for how their information is protected by credit card companies. Too often, however, consumers aren't aware of what their card's policy is, or how they can request even greater privacy to safeguard their personal information.
Parts of Privacy Policies
When most consumers compare credit cards, examine interest rates, late payment penalties, and available rewards, they overlook what happens to the information they enter on their credit card application.
Fortunately, privacy policies are in place to protect consumers against unauthorized access and use of their personal data. Understanding what those policies describe is an important task for educated cardholders. Most privacy and data protection policies consist of two main parts: detailing information the credit card company will collect, and whom they will share that information with.
What Can Be Collected
Collecting personal information begins the moment a potential cardholder applies for a card. The different types of information that are collected are outlined in the card's privacy statement and typically include:
- Full name
- Date of birth
- Social security number
- Telephone number
- Email address
Once the credit card has been processed, the company begins to collect more detailed information about the new cardholder, such as:
- Transaction frequency
- Payment history
- Internet IP address for online transactions
- Favored merchants
- Computer cookies for online transactions
While all of the information may be innocuous by itself, together it provides a thorough picture of the cardholder's spending habits and financial predisposition that can be used for a number of purposes. Internally, the credit card company uses the information to generate billing statements, adjust interest rates, conduct internal marketing, and monitor credit limits. When that information is shared, however, many consumers become far more aware of what exactly their cards' privacy policies allow.
Whom Information Can Be Shared With
First and foremost, personal data collected by credit card companies is shared with whatever internal and external departments are needed to administer the card itself. Other financial institutions are also provided the information, such as the credit bureaus (Experian, TransUnion, and Equifax) that use it to generate a credit report and calculate an overall credit score. In addition to these informational databases, however, credit cards frequently share cardholders' information with:
- The Corporate Family: These businesses are related to one another under the same corporate umbrella, and the credit card issuer may share information with mortgage lenders, loan offices, or additional credit card issuers.
- Affiliate Companies: These are merchants that have exclusive contracts with certain card issuers to provide related services such as insurance, credit counseling, or financial planning. They may not be in the same corporate family, but they offer cardholders associated services.
- Third Party Merchants: These are generally retailers who will accept the credit card but are not exclusively affiliated with one specific card. They will often request cardholders' information to target special offers or new merchandise toward active consumers.
The precise terms of different privacy policies dictate with whom and how cardholders' personal information can be shared. Some companies are willing to send information directly to the requesting party but require them to adhere to the credit card's policy, while others will filter offers through their own security standards before passing them on to qualifying members. Consumers should be familiar with the policies affecting their card so they know what is being done with their information and how to limit its distribution to other parties.
Policy Changes and Canceled Accounts
As technologies change, privacy policies are adapted to better suit consumers' needs. Credit card companies are required to inform consumers of such changes, generally 30 days before the changes will take effect, thereby giving cardholders the option to change their privacy level if desired.
Many consumers fear that if they cancel accounts, the privacy requirements no longer apply and the card company is free to sell their information to any interested party. This is a myth, however; credit card companies are required to honor all privacy requirements even with canceled accounts so long as they maintain an information file on the consumer.
Opting Out of Shared Information
Many consumers choose to opt out of voluntarily shared information. This restricts whom the card company can share data with, effectively reducing the number of affiliate and third party offers that may be sent to the consumer. To opt out of such information sharing (consumers should note that the data will still be collected, but its use will be more restricted), it is necessary to call or write the credit card company with a formal request. Once the request is submitted, it may be several weeks before it takes full effect.
Opting out of information sharing does not mean that consumers will not receive any unsolicited offers. Certain information sharing is always permitted - within the card company's internal structure, for example - and other types of information must be shared regardless of the consumer's individual preferences. Court orders for financial documents in bankruptcy, divorce, child support, or other financial dealings, for example, must be obeyed.
Keeping Up With Privacy Policies
Consumers can protect their personal information by understanding their credit card privacy policies. These policies are always outlined with the credit card application and are often available on the card's website as well as by request. When the policies are changed, cardholders are informed via mail and email (if available), and savvy consumers will take heed of changes that may affect their decision to keep the credit card. An educated consumer, after all, can be a far more private one.