Surprisingly, a lot of it comes from your bank, which thinks of your private financial history as a commodity to share or sell without asking your permission.
But, as 60 Minutes II first reported last April, there's someone who's trying to give you control over your own financial information. Correspondent Scott Pelley reports.
Mike Nevin is just a local politician in California, but what he's doing has bankers hanging on his every word.
“I had no knowledge or idea that they were selling that information to not just another party, but various parties -- my DNA, my financial DNA. My life’s not for sale,” says Nevin.
As a county supervisor in San Mateo County, Calif., Nevin got the attention of the biggest banks when his county passed an ordinance forcing banks to get permission from their customers before sharing or selling their personal financial information.
“Have you ever gone to a bank and borrowed $25,000, and a week later got a notice in the mail or a phone call from another bank saying, ‘We’ll offer you that same amount of money at some specific rate?’ It happens to all of us,” says Nevin.
How did they know?
“It’s immediately disseminated to these people,” says Nevin. “What the transaction, that personal, private transaction that I had with my financial adviser is out the window. It’s out the window five seconds after I walk out of the bank.”
Here’s how it works. The nation’s big banks no longer just do banking. They own stock brokerage companies, credit card companies, and insurance companies. And once you’ve done business with any of these firms, your financial information is distributed to the rest of their affiliates.
Citigroup, for instance, owns more than 1,500 different companies, all of which can use your financial information to market their products.
The banks take that information you provide and they improve it, enrich it and enlarge it at places like InfoUSA, in Omaha, Neb. Known as “data” companies, they try to predict everything from your buying habits to your reading habits. InfoUSA is the nation's biggest data company. Its CEO is
“We have a database of about 200 million people,” says Gupta. “We would know their name, their address. If they have a listed phone number, we will know the phone number. We will know where do they live? Is it a single-family household, or multiple family household? What is the value of the house, and how much did they pay for it?”
Gupta revealed what the company knew about Pelley, including his wife’s name, his address, the value of his home, and the price he paid when he bought it.
“I think it goes to the heart of people’s rights in this country to know what’s being disseminated, what’s being said about them,” says Nevin.
When you fill out that form for the checking account, the credit card, the bank loan, and the bank puts all that information in its computer, who owns that?
The bank does, says Nevin.
“They have to be able to make a judgment about my record, track record, ability to pay, or otherwise,” he adds. “What I’m doubting, and what I question, what I’m angry about, is the fact that they’re selling, they’re making a profit on me.”
But Phil Anderson, the chief lobbyist for 40,000 financial institutions, argues that profits made from selling information can help pay for other banking services.
“There are lots of people in whose name this privacy debate is being carried forward who enjoy getting offered products and services at low prices,” says Anderson.
But if your financial information is given to a major financial conglomerate, they can and will share all that information with all of their affiliate companies - maybe hundreds of affiliate companies. And there is nothing the consumer can do about it.
“I would argue that for the vast majority of these individuals, the anticipation of that sharing, and the anticipation of those price breaks, synergies, better products, is the very reason they join those institutions,” says Anderson.
“But for those who didn’t, they have every ability to say no by not taking advantage of the product.”
Gupta says that many of his clients, including financial institutions, have asked his company to enhance the data they already have: “They will come to us and they’ll say ‘OK, can you add more information to our files, so we can derive potential income?’”
InfoUSA gets most of its information from public records, where daily publications like the “Commercial Recorder” list not only home values, but also divorces, deaths, liens, and bankruptcies. It’s all grist for Gupta’s information mill.
“Just about every list is available,” says Gupta. “If you want left-handed golfers or left-handed fisherman, or fly fisherman, or dog owners, all those lists are available.”
Eventually, the data goes to the telemarketers. Using computer-generated lists the financial institutions supply, a single operator can place hundreds of calls a day, relentlessly pushing products you haven’t asked for.
If you buy, the telemarketer gets a percentage of the profits, which explains why the bombardment never ends. But to Anderson, it’s all just part of doing business.
“The bottom line is that people who play by the rules, good guys who work hard, who want credit, who want access to product at good prices are rewarded by the free flow of information,” says Anderson.
So what’s the problem with banks simply asking for permission to use this information?
Anderson says the cost of asking every consumer for permission would be so expensive that it would force banks to raise fees and cut services.
“That they can’t get to their ATM 24 hours a day, or get a preferred rate on a loan, or get a benefit for having their homeowner’s insurance with someone who might want to give them a loan. Or even go to the gas station and get gas,” says Anderson.
Nevin, however, doesn’t buy this doomsday scenario. The sole purpose of his law, he says, is to give consumers, not the banks, control over their personal financial information - even if it means that some of those services may be diminished.
“What I hope this law leads to, financial privacy, is people’s personal privacy in general,” says Nevin.
Is it too late? He hopes not, but he’s standing up to what seems like a stampede.
The direct marketing industry is huge, and hugely successful, racking up sales of $270 billion dollars a year for the financial industry and its affiliated companies. Potential riches are just a phone call - or maybe a million phone calls - away.
“All I’m asking you to do and all the county of San Mateo is asking you to do is before you market, before you sell my information to a third party, before you give me up for financial purpose or otherwise, get my permission first,” says Nevin.
It's a simple idea that bankers are willing to spend millions to crush. Just ask California state Sen. Jackie Speier.
During her five-year term, Speier has introduced two privacy bills in the California Senate. They would have given consumers the option to prevent financial institutions from sharing their information with affiliated companies.
But then the financial lobby stepped in. “There was a phalanx of Brooks Brothers suits that were lined up in the hallways, that were trying to wrestle members to the ground to get them to oppose the bill,” says Speier.
“The bankers, the insurance companies, the stock brokerage firms, the credit card companies. They were pigeonholing members everywhere and anywhere they could. They were passing out campaign contributions to legislators. It was an unprecedented amount of money spent lobbying on this measure.”
Lobbying efforts to kill the bill cost about $20 million during the last legislative session.
But Speier is trying again. Her new statewide bill would give California consumers more protection than they have now. But even she doesn’t think it goes far enough.
“My preference would be that you can’t share my financial information unless you get my express permission,” says Speier, who doesn’t believe that’s possible.
But in San Mateo County, Nevin slipped his tougher, local ordinance through before the banks knew what hit them.
There’s so much at stake for the banks that they’ve gone on the offensive, even in San Mateo County. Two of the banks doing business here – Wells Fargo and Bank of America – sued the county and Nevin, temporarily blocking his ordinance. Nevin fired back by urging every county in California to follow his lead.
His idea has caught on in other neighboring counties, including San Francisco County, Alameda County, Contra Costa County, Solano County and Santa Cruz County.
The ordinances passed by those counties would be nullified if Speier's privacy bill passes the legislature this time. Nevin thinks of his local ordinance as a start, a way of regaining at least a little of the power that information has over our lives and over our phones. But the banks believe they can't afford to lose this fight even in one little county in California. So they will see Nevin in court next month.
“I’m ready for the fight,” says Nevin, who has landed the first punch.
Last week, a federal judge ruled that San Mateo County has the right to prevent its banks from sharing their customers' personal financial information with third parties.
Also, a new national "do not call" registry has opened. The National Do Not Call Registry stops telemarketers from making your phone ring off the hook.