Weighing the cost and benefits of protecting consumer data

Muzammil Patel

Financial institutions have come to realise that data is the new oil. However, much like the inefficiencies in internal combustion engines that cause leakages and low efficiency, mechanisms for handling of data by financial institutions have often been prone to both leakage and an inability to use consumer data effectively. As financial institutions continue to weigh the mounting costs of information security and data protection, the elusive benefits of hoarding large amounts of consumer data including personally identifiable information, sensitive personal information, material non-public information and other forms of private information, expose organisations to significant reputational, regulatory, and legal risks. Consumer data in both digital and non-digital formats are prone to leakage while at the same time the inability to organise this data centrally and effectively has degraded its monetisation potential for financial institutions.

Holding and transmission of consumer data:

Multiple systems tend to hold customer information including personally identifiable information. Transmission of this information across systems and devices increases the surface of attack and points of leakage. This also means that there is no single source of truth making valuable consumer data hard to use for serving specific needs. Vaulting of customer data at a single source and using the single source for validation is critical as opposed to intentional or inadvertent transmission across systems. Securing the vault with appropriate encryption standards, ensuring payload encryption during transmission, and ensuring that the decryption keys are securely stored is critical to reducing points of leakage. Financial institutions tend to replicate consumer data including sensitive information across systems as they create multiple masters and replicate master data management in multiple places. Focusing on ensuring that the single source of truth is not aimlessly replicated across systems is a critical element of protecting consumer data.

Insider risk and need to know policies

Most data leakage tends to occur on account of insiders. Insiders tend to have access to consumer data on a non-need to know basis. Data access and confidentiality policies tend to be enforced in a manner that provide broader privileges than required to discharge a certain responsibility. Preventing data access to system administrators, third party outsourced providers, digital extensions to a financial institution’s ecosystem and in general operational staff is a necessary element of consumer data protection. Moving all sensitive consumer information to a pure need to know category is critical to reducing points of leakage.

Data labelling and data leakage prevention

Labelling every element of data in an organisation tends to be tedious but is a necessary element of data protection. The ability to prevent transmission of specifically labelled data through endpoints, communication channels like emails and other digital media is essential. Data leakage prevention systems working in conjunction with labelling mechanisms and policies are an important exit barrier for any data in the organisation.

Also Read | Why data privacy is need of the hour?

Monetisation without risk

Ultimately, creating barriers to data flow may seem counter-intuitive to the core objective of collecting data in the first place i.e., monetisation by the financial institution. Monetisation is best achieved by being able to customise offerings and more importantly make available offerings instantly. This may appear to be achievable by having access to customer specific data. However, specific monetisation is both costly and counterproductive. The ability to build patterns, segmentation and targeting algorithms without referencing specific but generalised data across a large number of people is both a far more effective marketing measure and safer method of monetisation. Scrubbing data without exception for analytics and behaviour driven targeting rather than static data-based actions are both safer and more effective.

Weighing the costs of compliance

Holding data that serves no purpose increases both costs of storage and costs of data protection. Financial institutions collect data for specific purposes and specific information should suffice. Yet, the excuse of erring on the side of caution has led institutions to collecting far more data and sensitive consumer information for KYC and similar purposes which has both slowed down speed of doing business and cost of data storage and handling. It has also dramatically escalated the risks of data protection. The role of regulators in reducing unnecessary data accumulation by financial institutions especially physical data is paramount in ensuring that costs of compliance don’t go out of hand. In this regard, creation of more central mutualised utilities for validation and expanding the scope of utilities to cover businesses as much as individuals is important to bring down both data risks and cost of compliance.

Protecting consumer data is of paramount importance to building confidence in the financial ecosystem. Porous data transmission without transparency in privacy and data usage policies makes it harder to engage consumers seeking financial products. It is in the best interest of financial institutions to value the data they hold to make sure they are capable of monetising it transparently and effectively.

Views expressed by Muzammil Patel, Global Head Strategy and Corporate Finance at Acies.

"Exciting news! Elets Banking & Finance Post is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest insights!" Click here!

Elets The Banking and Finance Post Magazine has carved out a niche for itself in the crowded market with exclusive & unique content. Get in-depth insights on trend-setting innovations & transformation in the BFSI sector. Best offers for Print + Digital issues! Subscribe here➔ www.eletsonline.com/subscription/

Get a chance to meet the Who's who of the Banking & Finance industry. Join Us for Upcoming Events and explore business opportunities. Like us on Facebook, connect with us on LinkedIn and follow us on Twitter, Instagram & Pinterest.