The data privacy debate has taken great importance and occupied a central position in the regulatory world; and, especially in the financial services industry, given the large amount of personal data processed by banks / financial services organizations and their IT solutions for third-party IT solutions. Maintaining the confidentiality of customer information is essential to any company that collects or maintains anonymous personal data. Such information may be ordinary but sensitive such as names, addresses, and social security numbers; or it could be important and sensitive financial data such as a credit card, debit card or bank account numbers. Banks and other financial institutions have a large volume of sensitive information about their customers, and violations of such data could have serious consequences.
IMPORTANCE OF DATA PRIVACY
- Security Concerns - employees, security officials, and others tasked with protecting sensitive information fails to provide adequate security protocols.
- Entities may sell personal data to advertisers or other outside parties without user consent
- Criminals can use personal data to defraud or harass users.
- Not understanding the line of consent- Consumers might not realize what rights they’re signing away in a contract or other agreement with a bank or financial institution. They might not fully understand the sensitive nature of the data they’re providing.
For individuals, any of these outcomes can be harmful. For a business, these outcomes can irreparably harm it's reputation, as well as result in fines, sanctions, and other legal consequences.
CHALLENGES TO DATA BREACH PREVENTION IN THE SECTOR:
Due to increasing scrutiny from regulators and the media, financial services institutions continue to face pressure to maintain high standards of data security.
- Third-party risks: Financial services institutions need to provide flexible access to sensitive customer data to clients, employees, and external partners. Such high flow of information exchange can make it difficult to protect data.
- Increased communication forums: Social networking sites are widely used for purposes such as building a brand and establishing customer relationships. While the communication platform provides an inexpensive way to market financial products/services as well as better communication with customers, it also offers challenges in maintaining data security.
- Complex external hackers: Cyber criminals are increasingly using sophisticated viruses, malware, and other technologies designed to override common security intelligence.
- Educating employees about data protection: Despite firms with automated data loss prevention (DLP) solutions, employees still play an important role in preventing data leaks and handling sensitive data. As a result, it can be challenging to keep educating both new and existing employees about a variety of safety issues.
HIGH-PROFILE DATA BREACHES IN THE FINANCE SECTOR
LAWS THAT GOVERN DATA PRIVACY
General Data Protection Regulation (GDPR):
The most important data protection legislation enacted to date is the General Data Protection Regulation (GDPR). It governs the collection, use, transmission, and security of data collected from residents of any of the 28 member countries of the European Union. The law applies to all EU residents, regardless of the entity's location that collects the personal data and subjects;
- Requirements for consent provided by consumers
- Making data collected on individuals anonymous to prevent identification
- Notifying of any breaches of consumer information
- Transferring data across different borders
- Requirements around appointing someone responsible for enforcing GDPR regulations
The California Consumer Privacy Act (CCPA):
The most comprehensive state data privacy legislation to date is the California Consumer Privacy Act (CCPA). The CCPA is cross-sector legislation that introduces important definitions and broad individual consumer rights and imposes substantial duties on entities or persons that collect personal information about or from a California resident. These duties include informing data subjects when and how data is collected and giving them the ability to access, correct, and delete such information.
- consumers be made aware of what personal data is collected
- gives consumers control over their personal data
- allowing for consent to be withdrawn at any time.