Data privacy concerns are paramount for businesses in the financial sector, which rely on large volumes of data from clients demanding ever greater levels of personalization. With penalties for data breaches a constant threat, how should banks and other financial institutions manage sensitive information about their customers, asks NGDATA's Ian Matthews.
Data privacy has become a hot topic in the news thanks to failures in security and concerns about how companies are using the personal data they collect about their customers or users. Facebook, for instance, has faced scrutiny over its handling of consumer data both in the UK and in the US.
Data privacy concerns are particularly paramount for companies in the financial sector. Banks and other financial institutions manage a large volume of sensitive information about their customers, and the breach of such data can have dire consequences. This not only applies to those in financial roles, but across the organizations.
Customer service often needs certain information to verify the identities of those accessing an account belonging to a client. Financial advisers require certain client data to enter into a transaction on the behalf of those holding an account with them. Employees in another area may also need this information for other functions within a bank or financial firm. As we increasingly depend on the cloud to store information and conduct financial transactions online, data privacy concerns continue to grow.
For a business, failure to adequately protect customer data can not only result in loss of face, but can negatively impact customer trust and brand perception. These ramifications can last far longer than the initial headlines of a breach or leak, and hit the bottom line harder than fines by bodies such as the Information Commissioner’s Office (ICO) in the UK.
Security concerns
Problems arise with data security when employees, security officials and others tasked with protecting sensitive information fail to provide adequate security protocols. They may become careless about leaving their credentials around at home or in public places. This lapse allows hackers an easy way to access their company’s internal systems. Other issues arise when networks and web applications provided by institutions don’t have enough safeguards to keep out hackers looking to steal data. And because hackers are developing increasingly sophisticated attack methods by the day, ensuring that a company’s data security measures are adequate is an ongoing and complex task.
Customers use their bank cards and online banking websites and apps for transactions, trusting that their banking institution has proper security in place to prevent their information from being stolen. They’re also putting confidence in the fact that your institution won’t abuse that information by selling it for other purposes without their explicit permission.
High-profile security breaches have made things even more complex for financial institutions. A number of high-profile data breaches over the past few years have made customers feel acutely aware of how vulnerable their data is, and this in turn has spurred on regulatory updates – leaving the industry playing catch up. Meanwhile, hackers have been innovating, introducing technologies like automation and AI to add brute force to their attacks.
Keeping consent
While financial organizations are facing hackers’ attempts to illegitimately obtain data, they also now face requests from customers. The issue of consent gets blurred in this age of digital exchange. Consumers might not realize what rights they’re signing away in a contract or other agreement with a bank or financial institution. They might not fully understand the sensitive nature of the data they’re providing, or the consents they’re granting, when they utilize banking websites or apps. Communicating consent clearly and in a way that suits the individual customer is therefore of paramount importance. Otherwise, organizations risk revealing a lack of understanding of their customers and might even be seen as pestering them against their wishes.
Consumers aren’t always clearly informed about how their data will be used or with what other entities their information may be shared
Many marketing firms will pay top dollar to learn about the habits of individuals as a way of finding better ways to target advertising efforts their way. Selling user or customer data isn’t a practice that all organizations engage in, but some do, and consumers aren’t always clearly informed about how their data will be used or with what other entities their information may be shared.
With data-driven innovations such as Open Banking transforming the customer experience, banks and other financial institutions may struggle with finding the balance between maximizing the customer experience and ensuring adequate security for sensitive data. The crux of the matter is that banks need to leverage big data in order to keep pace in today’s highly competitive landscape, yet one misstep with sensitive consumer data can have lasting damage on an institution’s reputation – and consumer trust.
Security meets privacy
Data security and data privacy often go hand-in-hand. Without proper security protocols in place, it’s impossible for organizations to guard against threats from outside and within. Banks and financial institutions need to make sure they’re implementing smart policies designed to educate and train employees on common standards when it comes to data privacy.
Hackers have become more sophisticated about different methods used to gain access to information. That’s why it’s up to companies to not rely on outdated software or other archaic practices when handling customer data, and instead focus on following current best practices and leveraging the latest security techniques. Using unsecured networks for passing financial transactions should be considered unacceptable at any banking or financial institution.
It’s a good idea for banks to perform periodic audits of their security practices and how well they’re being enforced. Any shortcomings should be addressed immediately through educational reinforcement and possible punitive actions for more serious oversight lapses.
The future of customer experience
Banking and financial institutions need to remain diligent about tracking how laws affect their business operations in different states. They should also remain aware of the progression being made by proposed legislation at all levels of government. Failing to make policy and technological adjustments for these changes could result in huge fines, a loss of public trust, and other punishments as laid out in different laws.
The key takeaway is that permission today does not necessarily equal permission tomorrow. Organizations need to get smart about contacting customers in a consistent way that works for the individual. In reality, increasing data regulation is a further symptom of increasing customer expectations. Therefore, by addressing their customers wants, businesses can get ahead of the legal curve. However, this all rests on the need for a more holistic view of each individual customer. Whereas companies have more data than ever before, the key to successful marketing is curating and driving insight from this data to enhance the customer experience.