To help identify trends in privacy representations, Bryan Cave Leighton Paisner LLP reviewed the websites and privacy notices of Fortune 500 companies identified as primarily engaged in the banking and financial service sectors.
The following summarizes current industry trends:
- The vast majority of companies updated their privacy notices to account for the California Consumer Privacy Act (CCPA).
- Financial institutions are complying with some, but not all, of the enumerated category disclosures required by the CCPA.
- While only one financial institution stated that they sold personal information, one in five financial institutions failed to clearly articulate whether they did, or did not, sell data.
- The vast majority of bank and financial institution websites do not include a “Do Not Sell” option.
- The single financial institution that disclosed that it sold information did comply with the CCPA’s requirement to provide a “Do Not Sell” option.
- Most banks and financial service companies offered access and deletion rights.
- The average quantity of behavioral advertising cookies on a bank / financial service company homepage is 10.6.
- Only one in twelve banks and financial institutions are deploying a cookie notice that seeks opt-in consent.
- Increased use of adtech cookies negatively correlates to the deployment of an opt-in cookie notice.