2021. What an interesting year. With the world turned upside down by a pandemic that seemingly had its sights set on...
Data Privacy a big headache for Financial Services Firms
[… running HPE NonStop systems or not!]
comforte
DanAccording to a recent report by Accenture, one in three financial services organizations lacks either a clear plan or sufficient resources to deal with customer data privacy risks in the next year.
Based on a survey of 100 privacy executives across insurance, banking and capital markets industries in Europe and North America, the report highlights how enterprises need to rethink how they handle customer data in light of new regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
It was revealed that 70 percent of respondents saw privacy as a key risk for their organizations, and nearly three-quarters (72 percent) of respondents’ corporations use consent to tailor customer-facing products and services. By giving customers control over their data and deleting personal information when requested, financial services firms incorporate privacy into their customer journey.
While this report focusses on financial services organizations like banks and insurances, these findings are also valid and relevant for the payments industry and healthcare, for example, where a lot of personal data is created and processed – very often on HPE NonStop systems.
Customer Trust
The majority of respondents (51 percent) named privacy risk monitoring as the privacy risk, which will require the most effort to remediate over the next year. This was closely followed by the accuracy and maintenance of records processing/ information asset registers (44 percent) and records management and data retention/ deletion (41 percent).
Due to the “right to erasure” elements of GDPR and CCPA, risks are heightened, and consumers are empowered by the right to ask companies to delete their personal data when they wish, making proper record management vital. According to the report, firms can achieve this by using automated tools to aid data discovery.
While over three quarters (76 percent) of respondents plan to increase their privacy investments over the next 12 months, companies without clear privacy strategies may fail to reap the benefits. Meanwhile, those with a clear strategy and an inherent culture of privacy awareness will likely distinguish their organization and enhance consumer trust.
Over the past few years, data privacy regulations like GDPR, HIPAA and CCPA have brought security concerns to the forefront, especially in the wake of digital transformation. Today, compliance is a core requirement of nearly every digital project. No matter if you’re a start-up with just a few hundred contacts or a tech giant managing a database of millions, it is of vital importance to gain and document consent from users whose data you collect or process.
This can be done by telling users in plain language how their data will be used, asking users to actively give their consent by clicking a button or checkbox with a clear label. Always make your privacy policy easy to find and, finally yet importantly, keep well-organized records of what kind of processing your contacts have opted in to.
It can be concluded that cybersecurity is not only about preventing breaches, but also about protecting customer privacy. In order to ensure this, enterprises should deploy data-centric security protecting the data itself instead of just digital perimeters. If properly utilized, data-centric security means that information is protected from all eventualities, while helping enterprises comply with regulatory challenges. To achieve that, organizations should protect the data and privacy of customers by securing data at the earliest possible stage.
Some of the world’s largest banks and credit card companies implemented a data-centric security strategy deploying tokenization as the vital data protection method.
To learn more about the concepts of tokenization, click the button below to download a copy of our Enterprise Tokenization Solution Brief: