Data privacy: Growing expectations – and risk – for financial institutions
Article Synopsis :
Governments are talking tough on consumers’ data privacy and financial institutions (FIs) should not wait for the final regs to know how to behave but should be treating data privacy as a major risk and developing strategies to manage it today.
This paper says organisations should learn from very real lessons, such as the Equifax data breach and give it more attention. These breaches have increased the public scrutiny of data privacy and how commercial entities make use of data. Cambridge Analytica happened, and governments don’t want to see it happen again.
Europe is leading the charge with GDPR and North America is looking to catch up. Tensions in Congress have developments at an impasse, but at the state level, California’s Consumer Privacy Act has set a benchmark that many others are seeking to replicate in some form.
Data is essential to financial institutions and will be even more important after digital transformation if they are to exploit the benefits of big data, AI and machine learning. For this reason, the industry must become “proactive and preemptive” in its management of data privacy risk.
Being strong on data will become a selling point to consumers, which in time will increase customer engagement.
The paper says that financial institutions should target five objectives that should be considered “no regret steps”:
- increase awareness at the senior executive and board levels;
- understand how the organisation uses personal information (now and in the future);
- conduct data privacy risk identification exercises;
- determine the firm’s stance on data privacy; and
- increase transparency and disclosure for consumers.
Buy-in from management will allow consistent policy on tough decisions around the levels of transparency, access, and control given to individuals to be developed.
Once in place, the short term risk for data breaches can be reduced through increasing transparency and disclosure to consumers.
These steps will place data privacy higher on the agenda and treat it as a real strategic risk that must consider reputation risks while meeting best practice and consumer – and arguably regulators’ – expectations.
In essence, institutions should be seeking to set high standards for data privacy rather than waiting to meet those imposed upon them.
Link to Full Article:: click here
Digital Insurer's CommentsData privacy is the next big thing that regulators are going to use as a stick on what it considers to be businesses or sectors that play fast an loose with other people’s data.
The impact of this will have considerable repercussions if industry – and that very much includes insurers – doesn’t get on top of the potential threat this could cause to their plans for digital transformation.
Link to Source:: click here