Banking your Data

October Marks Cybersecurity Awareness Month

There is no doubt that digital advances have changed the manner in which financial institutions interact with their employees and customers. We have moved towards a digital environment, which is aided by the migration of data towards the cloud, and that gives financial institutions with the opportunity of modernizing their current applications and create new ones armed with the goals of staying competitive, driving IT agility, and business efficiency.

New research has already shown that 92% of financial institutions are already using cloud services currently or are planning on using them in the near future. If we take a closer look at the financial industry, it shows us an incredible rate of adoption. In 2012, 60% of banks claimed that they were adopting, planning, or testing the cloud. That number today stands at more than 80%, representing 17% of total cloud expenditures globally, and nearly $100 billion in spending annually and it’s expected that they will double workloads that are cloud-enabled annually.

In spite of the impressive rate of adoption, the cloud could be leveraged more effectively by the financial industry if privacy and cybersecurity were their foremost concerns. The race to keep up with a digital environment that is ever-evolving along with emerging technologies has meant that fundamental steps can’t be skipped at all.

The key step they must figure out is to build a strong foundation that is capable of taking their company through a digital revolution, which includes infrastructure, the capacity to evolve seamlessly, and digital leadership values and skills. However, establishing this changing foundation can have a substantial impact on compliance, risk, and not to mention legal functions.

For securing a digital transformation that is successful, your organization needs to consider implementing changes across all the areas, which include your organizational structure, people, plans for growth and innovation, strategy, supply chain, customer experience, finance, technology, cybersecurity, risk, legal, and tax.

As organizations start transforming major portions of their operations, they must pay special attention to data privacy and protection, which includes:

• Establishing a program for cybersecurity
• Understanding newer technologies with broader risks
• Keeping pace with the increased number of cyber-attacks
• Managing cyber risk, compliance, and data as the business is transforming

Banking  Data Privacy and Cybersecurity

With ever-increasing risks to conducting business in an economy that is globally connected and the rapidly evolving related threats, it’s vital that financial institutions don’t overlook cybersecurity when they start their digital transformation journeys. It would be meaningless to invest in technologies that are transformative if you can’t protect sensitive data, customers, and other critical assets.

Any single organization can possess millions of customers’ personal information, which is data that must be kept private, to ensure the identities of customers stay protected and safe, and the reputation of the company remains unblemished.

The financial ecosystem today of people, entities, and data that are digitally connected increases the chances of being exposed to cyberattacks. Also, data protection and privacy laws are changing continually on the global level.

The ultimate goal of data privacy is properly handling and protecting (PII) personally identifiable information and meeting the privacy expectations of the public. It addresses the concerns related to whether you can share data with third parties taking permission from data subjects, along with the manner in which it is shared. That addresses how data will be stored, deleted, collected, and processed.

A lengthy data privacy laws list indicates an accelerating change for how individuals and companies recognize the importance and value of protecting the data of a user. That has forced several companies to establish road maps to chart future data protection and data privacy strategies.

With no effective controls and processes for cybersecurity in place, most organizations aren’t only risking their intellectual property and data, but they have also placed consumers and employees at risk. Data privacy and cybersecurity requirements can’t be an afterthought or an add-on. They need to be part of the digital transformation’s core designs so that you can address potential threats and risks and prevent rework measures that are costly. That will also help in satisfying compliance with different regulatory necessities.

Consumer Perspective, Data Protection, and Data Classification

Organizing data into definitive categories to effectively protect it is known as data classification. This process has the aim of allowing data to be accessible to authorized users when and as required for use in pre-defined formats. Data classification also involves describing the data type, its confidentiality, its integrity, and its custodian assignment.

For example, a company may categorize data as public, restricted, or private. In such cases, restricted data represents the data that is most sensitive and will have the highest requirements for security. On the other hand, public data represents the data that is least, and its security requirements will show that.

As consumers are becoming more careful and aware of data sharing, and regulators continue evolving privacy requirements, businesses have learned that data privacy and data protection can be used to create business advantages.

With more consumers adopting digital technology, they are generating data that helps in creating both an opening for companies to enhance their consumer engagements as well as responsibility for keeping the data of consumers safe and secure. The data, which includes all PII data forms and location tracking, is immeasurably valuable to businesses: for example, many companies are using it to understand the unmet needs and pain points of their consumers. These insights are helpful in developing new services and products and personalized marketing and advertising.

A common myth that most consumers have regarding the cloud mentions that there are more chances of their data falling into the wrong hands if it is “up there.” That’s a serious concern for the financial industry, especially for a very good reason, when you consider how little the public trusts in the ability of the industry to protect sensitive data (about 45% of people surveyed showed any faith in the approach of the financial industry towards digital security.)

Understanding how the financial industry uses the cloud and, most importantly, the policies in place will be just the tonic to winning consumers’ trust. The stakes could not be higher for businesses that handle consumer data because even customers who aren’t affected directly by the breaches pay close attention to how businesses respond to threats.

Building a Privacy Foundation

Despite the challenges it has faced, digital transformation is still an extremely beneficial and compelling venture and is one that is necessary to the finance industry. A prospect could be using cutting-edge technology for accelerating competitive advantage and growth, which is extremely attractive. However, attempting to overhaul your company’s operations and dealing with security precautions later will generally result in major issues in the future. Financial institutions can take several actions and be proactive in addressing data protection and data privacy requirements.

First, they would need to take the step of deciding on a sequence of practices for project oversight and ensure that the project has been vetted by legal or privacy experts. Apart from that, clear documentation must be produced related to governing and recording the data’s storage, use, and collection. Most of the collected data won’t be required in the future, which is why companies in the financial industry should only collect data they require for serving their customers to mitigate their risks.

Another step that will be necessary is revising or writing data security and data storage practices. As different data categories need various storage policies, the best practice would be to account for all the numerous categories. Financial institutions need to develop clear and standardized procedures for governing requests to transfer or remove that data. These will ensure compliance is expedited with the regulations and will cover requests made by consumers for the transfer, identification, and removal of data.

Conclusion

How Do You Effectively Implement These Steps? Part of the company’s framework for data protection must include a privacy officer, who is someone with expertise in both technology and privacy. A privacy officer assesses the legislation that you must comply with and the business objectives. When you don’t understand privacy law, new risks can be created by technology projects for your financial company.

It’s too late to start thinking about privacy strategies after the occurrence of a breach, and the cost for the business can be substantial. There are long and short-term consequences, which need to be considered whenever you manage data breaches.  The short-term consequences can have investigation costs, remediation efforts costs, and direct fees and fines.

The long-term consequences can have reputation damage to the organization and losing customer trust. Financial institutions can spend many years meticulously creating a brand that is trusted to work continuously in maintaining its integrity, and all of that can be diminished instantly in a few seconds. It takes several years to rebuild the reputation you have lost, and you can lose customer trust forever.

Marc-Roger Gagné MAPP
@ottlegalrebels