A banking reform bill due for a vote in Congress this week will allow mergers among banks, insurance companies and securities firms, and so place Gargantuan reams of personal data at the fingertips of nosy auditors, marketing strategists and of course the dreaded "service consultants", as American sales people like to call themselves. The bill's sponsors claim it contains measures to prevent data-mining on a colossal scale by requiring financial institutions to inform their customers if they are selling information to third parties. But it does not address the extent to which any new financial conglomerates conceived under the measure may share information among their own divisions. Senator Richard Shelby (Republican, Ala.) called the protections "a sham". Shelby has been a vocal proponent of outlawing all but strictest 'opt-in' data-mining schemes in both business and government sectors alike. He has been instrumental in checking the power of state and local governments to sell information to commercial data buyers. The industry sees it as pure altruism. "Information sharing between affiliates is a convenience for customers," according to Charlotte Birch of the industry front group American Bankers Association. Data-mining is crucial as well for the marketing wings of financial corporations, so they might target customers with sales pitches tailored to their individual 'needs'. Consumer advocates are most concerned about a practice called 'red-lining', where negative information in one area may affect a customer's treatment in another. Say, for example, that one is applying for a mortgage through a bank affiliated with one's health insurer. The loan officer has a look at one's records, finds that one is an unlikely candidate for survival over the full mortgage period, and so charges a higher rate of interest. Industry reps counter by saying that the conglomerates will be chastened against such abuse by the customers' ability to "vote with their feet". But this is clearly a lot of talk -- such regulations are imposed at the state level, and industry will sink uniformly to the lowest form of consumer protection required under each state's privacy laws. And while some states do have fairly strict regulations in place, these govern only what industry may do with a given piece of information. Nothing can stop them having a peek on the sly, since the data will be readily available. And nothing can stop them being prejudiced by what they may find. The implications for European customers of the coming American financial mega-operations are interesting. There again, local regulations may prevent the active use of combined financial and personal data, but the information will be there, a deliciously tempting resource for actuaries, marketers and auditors, not to mention legions of bored, nosy employees. ®