June 28, 2022

Financial Institutions And Their Need For Data Privacy

Harshita Garg
Aishwarya Saxena
Law

The data privacy debate has taken great importance and occupied a central position in the regulatory world; and, especially in the financial services industry, given the large amount of personal data processed by banks / financial services organizations and their IT solutions for third-party IT solutions. Maintaining the confidentiality of customer information is essential to any company that collects or maintains anonymous personal data. Such information may be ordinary but sensitive such as names, addresses, and social security numbers; or it could be important and sensitive financial data such as a credit card, debit card or bank account numbers. Banks and other financial institutions have a large volume of sensitive information about their customers, and violations of such data could have serious consequences.

IMPORTANCE OF DATA PRIVACY

  • Security Concerns - employees, security officials, and others tasked with protecting sensitive information fails to provide adequate security protocols. 
  • Entities may sell personal data to advertisers or other outside parties without user consent
  • Criminals can use personal data to defraud or harass users.
  • Not understanding the line of consent- Consumers might not realize what rights they’re signing away in a contract or other agreement with a bank or financial institution. They might not fully understand the sensitive nature of the data they’re providing.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can irreparably harm it's reputation, as well as result in fines, sanctions, and other legal consequences.


CHALLENGES TO DATA BREACH PREVENTION IN THE SECTOR:

Due to increasing scrutiny from regulators and the media, financial services institutions continue to face pressure to maintain high standards of data security.  

  • Third-party risks: Financial services institutions need to provide flexible access to sensitive customer data to clients, employees, and external partners. Such high flow of information exchange can make it difficult to protect data.
  • Increased communication forums: Social networking sites are widely used for purposes such as building a brand and establishing customer relationships. While the communication platform provides an inexpensive way to market financial products/services as well as better communication with customers, it also offers challenges in maintaining data security.
  • Complex external hackers: Cyber ​​criminals are increasingly using sophisticated viruses, malware, and other technologies designed to override common security intelligence.
  • Educating employees about data protection: Despite firms with automated data loss prevention (DLP) solutions, employees still play an important role in preventing data leaks and handling sensitive data. As a result, it can be challenging to keep educating both new and existing employees about a variety of safety issues.

HIGH-PROFILE DATA BREACHES IN THE FINANCE SECTOR

Dates Breach event Compromised Records
May 2019 First American Financial Corp 885 million credit card applications
Sep 2017 Equifax 147 million customers
January 2008 Heartland Payment System 130 million debit and credit card numbers
March 2019 Capital One 100 million credit card applications
October 2014 JPMorgan Chase 83 million accounts
August 2020 Experian 24 million customers

Source: https://www.upguard.com/blog/biggest-data-breaches-financial-services

LAWS THAT GOVERN DATA PRIVACY 


General Data Protection Regulation (GDPR):

The most important data protection legislation enacted to date is the General Data Protection Regulation (GDPR). It governs the collection, use, transmission, and security of data collected from residents of any of the 28 member countries of the European Union. The law applies to all EU residents, regardless of the entity's location that collects the personal data and subjects;

  • Requirements for consent provided by consumers
  • Making data collected on individuals anonymous to prevent identification
  • Notifying of any breaches of consumer information
  • Transferring data across different borders
  • Requirements around appointing someone responsible for enforcing GDPR regulations

 

The California Consumer Privacy Act (CCPA):

The most comprehensive state data privacy legislation to date is the California Consumer Privacy Act (CCPA). The CCPA is cross-sector legislation that introduces important definitions and broad individual consumer rights and imposes substantial duties on entities or persons that collect personal information about or from a California resident. These duties include informing data subjects when and how data is collected and giving them the ability to access, correct, and delete such information. 

  • consumers be made aware of what personal data is collected
  • gives consumers control over their personal data
  • allowing for consent to be withdrawn at any time. 
Blog
>
Law
Law
5 min read

Financial Institutions And Their Need For Data Privacy

Published on
Jun 28, 2022
Contributors
Harshita Garg
Legal Associate at SpeedLegal
Aishwarya Saxena
Head of Legal at SpeedLegal
By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share

The data privacy debate has taken great importance and occupied a central position in the regulatory world; and, especially in the financial services industry, given the large amount of personal data processed by banks / financial services organizations and their IT solutions for third-party IT solutions. Maintaining the confidentiality of customer information is essential to any company that collects or maintains anonymous personal data. Such information may be ordinary but sensitive such as names, addresses, and social security numbers; or it could be important and sensitive financial data such as a credit card, debit card or bank account numbers. Banks and other financial institutions have a large volume of sensitive information about their customers, and violations of such data could have serious consequences.

IMPORTANCE OF DATA PRIVACY

  • Security Concerns - employees, security officials, and others tasked with protecting sensitive information fails to provide adequate security protocols. 
  • Entities may sell personal data to advertisers or other outside parties without user consent
  • Criminals can use personal data to defraud or harass users.
  • Not understanding the line of consent- Consumers might not realize what rights they’re signing away in a contract or other agreement with a bank or financial institution. They might not fully understand the sensitive nature of the data they’re providing.

For individuals, any of these outcomes can be harmful. For a business, these outcomes can irreparably harm it's reputation, as well as result in fines, sanctions, and other legal consequences.


CHALLENGES TO DATA BREACH PREVENTION IN THE SECTOR:

Due to increasing scrutiny from regulators and the media, financial services institutions continue to face pressure to maintain high standards of data security.  

  • Third-party risks: Financial services institutions need to provide flexible access to sensitive customer data to clients, employees, and external partners. Such high flow of information exchange can make it difficult to protect data.
  • Increased communication forums: Social networking sites are widely used for purposes such as building a brand and establishing customer relationships. While the communication platform provides an inexpensive way to market financial products/services as well as better communication with customers, it also offers challenges in maintaining data security.
  • Complex external hackers: Cyber ​​criminals are increasingly using sophisticated viruses, malware, and other technologies designed to override common security intelligence.
  • Educating employees about data protection: Despite firms with automated data loss prevention (DLP) solutions, employees still play an important role in preventing data leaks and handling sensitive data. As a result, it can be challenging to keep educating both new and existing employees about a variety of safety issues.

HIGH-PROFILE DATA BREACHES IN THE FINANCE SECTOR

Dates Breach event Compromised Records
May 2019 First American Financial Corp 885 million credit card applications
Sep 2017 Equifax 147 million customers
January 2008 Heartland Payment System 130 million debit and credit card numbers
March 2019 Capital One 100 million credit card applications
October 2014 JPMorgan Chase 83 million accounts
August 2020 Experian 24 million customers

Source: https://www.upguard.com/blog/biggest-data-breaches-financial-services

LAWS THAT GOVERN DATA PRIVACY 


General Data Protection Regulation (GDPR):

The most important data protection legislation enacted to date is the General Data Protection Regulation (GDPR). It governs the collection, use, transmission, and security of data collected from residents of any of the 28 member countries of the European Union. The law applies to all EU residents, regardless of the entity's location that collects the personal data and subjects;

  • Requirements for consent provided by consumers
  • Making data collected on individuals anonymous to prevent identification
  • Notifying of any breaches of consumer information
  • Transferring data across different borders
  • Requirements around appointing someone responsible for enforcing GDPR regulations

 

The California Consumer Privacy Act (CCPA):

The most comprehensive state data privacy legislation to date is the California Consumer Privacy Act (CCPA). The CCPA is cross-sector legislation that introduces important definitions and broad individual consumer rights and imposes substantial duties on entities or persons that collect personal information about or from a California resident. These duties include informing data subjects when and how data is collected and giving them the ability to access, correct, and delete such information. 

  • consumers be made aware of what personal data is collected
  • gives consumers control over their personal data
  • allowing for consent to be withdrawn at any time. 

Related Blogs

About SL
Platform
Compare
Support
Legal
Copyright © 2019-2024 SpeedLegal, Inc. All rights reserved.