Subscribe

Thomas Stoesser l Apr 14, 2020 l GDPR, Data Security, Data-Centric Security, CCPA

The Problem of Data Handling for Financial Services Firms

According to a recent report by Accenture, one in three financial services organisations lack either clear plans or resources to address customer data privacy risks in the next year. Based on a survey of 100 privacy executives across insurance, banking and capital markets industries in Europe and North America, the report highlights how enterprises need to rethink the way in which they handle customer data in light of new regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

It was revealed that 70 percent of respondents saw privacy as a key risk for their organisations, and nearly three-quarters (72 percent) of respondents’ corporations use consent to tailor customer-facing products and services. By giving customers control over their data and deleting personal information when requested, financial services firms incorporate privacy into their customer journey.

Customer Trust

The majority of respondents (51 percent) named privacy risk monitoring as the privacy risk which will require the most effort to remediate over the next year. This was closely followed by the accuracy and maintenance of records processing/ information asset registers (44 percent) and records management and data retention/ deletion (41 percent).

Due to the “right to erasure” elements of GDPR and CCPA, risks are heightened, and consumers are empowered by the right to ask companies to delete their personal data when they wish, making proper record management vital. According to the report, firms can achieve this by using automated tools to aid data discovery.

While over three quarters (76 percent) of respondents plan to increase their privacy investments over the next 12 months, companies without clear privacy strategies may fail to reap the benefits. Meanwhile, those with clear strategies and an inherent culture of privacy awareness will likely distinguish their organisation and enhance consumer trust.

Over the past few years, data privacy regulations like GDPR, HIPAA and CCPA have brought security concerns to the forefront, especially in the wake of digital transformation. Today, we see compliance as a core requirement of nearly every digital project. No matter if you’re a start-up with just a few hundred contacts or a tech giant managing a database of millions, it is of vital importance to gain and document consent from users whose data you collect or process.

This can be done by telling users in plain language how their data would be used, asking users to actively demonstrate consent through an action such as clicking a button or checkbox with a clear label, always making your privacy policy easy to find and, last but not least, keeping well-organised records of what kind of processing your contacts have opted into. We have to conclude that cybersecurity is not only about preventing breaches, but also about protecting customer privacy. In order to ensure this, enterprises should deploy data-centric security. This means protecting the data itself instead of just digital perimeters. If properly utilized, data-centric security means that information is secured from all eventualities, while helping enterprises comply with regulatory challenges. This means that organisations should be protecting the data and privacy of customers by securing data at the earliest possible stage.



Share this:  LinkedIn XING Email

Want to know how some of the world's largest banks and credit card companies secure data?

I'll give you a hint: it starts with a "T" and ends with "okenization." To learn more, click the button below to download a copy of our Enterprise Tokenization Solution Brief:

Read the Solution Brief

Related posts