Cybersecurity Awareness Month Series [PART 2]: Data Compliance in a Digital Era
View Part 1 here: 5 Password Protection Fallacies
View Part 3 here: What is 'Privacy by Design' and Why Does it Matter?
View Part 4 here: 3 Tips to Build Consumer Trust on Data Security
According to the Pew Research Center, more than 80% of Americans go online daily. As a result, more and more frequently consumers are leveraging and relying on digital tools for online purchasing, customer service, and other transactions. But, to do that, data is required.
Businesses are increasingly moving online to provide services that are convenient and consumer-friendly. Often, these digital options are preferred over in-person interactions. This trend has included financial institutions as consumers demand increased online and mobile banking options.
As online demand continues to grow, this digital transformation has also heightened awareness around data accessibility and concerns on data vulnerability. It is not uncommon to hear about security breaches, cyberattacks, and unauthorized sharing of personal information. Recently, there has been more movement toward implementing data compliance regulations at a state, federal, and global level. Consumers are now more aware than ever that businesses, social media sites, and other websites collect and share their personal information in order to provide services.
In the United States, there is not a comprehensive regulation addressing data privacy and management. Instead, government agencies at the federal and state levels provide a patchwork of industry-specific laws and guidance. These agencies are tasked with regulating business activity to help keep consumer data private and protected.
To help protect consumers and stay in compliance with these data security and privacy laws, your institution should:
- Implement and maintain reasonable data security measures
- Provide sufficient security or disclose full use for personal data
- Avoid engaging in misleading advertising practices
For financial institutions it’s important to regularly review compliance protocols and regulations to determine what additional steps and disclosures may be needed to remain industry compliant and ensure best practices are followed to maintain data security.
Remain Educated on Changing Legislation
Recent legislation on data privacy requires consumer consent and disclosure notices to be shared, responding in part to heightened awareness of increased data being collected by organizations and privacy concerns associated with that collection, especially as data breaches continue to occur. There’s a growing trend in supporting consumers' rights to be informed of how their data and personal information is being collected and used. For example, the Gramm-Leach-Biley Act (1999) stipulates how financial institutions can collect, protect, and disclose consumer financial information.
More recent legislation on data privacy to be aware of includes:
- California Consumer Privacy Act of 2018 (CCPA)
- New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act
- Europe’s General Data Protection Regulation (GDPR)
Regularly Audit and Assess Risk
A comprehensive, independent risk audit can help identify and resolve data security weaknesses or threats for your vendors. An independent external audit helps give assurance proper security controls are in place and compliance is being met. This can include reviewing how collected personal data is collected, processed, and stored.
Establish Vendor Management Protocols
Help prevent data exposure that may originate from your vendors and your vendors’ vendors through an established set of protocols. This helps ensure sensitive business and member information remains protected and meets regulatory compliance requirements.
Some protocols to consider:
- Vendor data storage and accessibility practices
- Data policies and procedures in the event of a breach
- Regular security testing to evaluate vulnerabilities
Data compliance is a complicated patchwork of policies, guidelines, and regulations. Financial institutions need to remain vigilant in order to keep their consumer’s private information secure and protected. Visit the "Allied Trust Center" to learn more about what we are doing to protect our clients, vendors, and employees.
