Compliance

02:15 PM
Rick Kam, President and Founder, ID Experts Corp. (Beaverton, Ore.)
Rick Kam, President and Founder, ID Experts Corp. (Beaverton, Ore.)
News
Connect Directly
RSS
E-Mail
50%
50%

Banks Spend in Wrong Privacy Areas

Information security depends on policies and procedures as much as technology.

Rick Kam
Massachusetts is self-imposing stricter privacy rules. Such measures to increase the protection of individuals' personally identifiable information (PII) are a good thing for customers, and states have been working on privacy regulations, with Massachusetts, Nevada, New Jersey and New York on the forefront.

However, when it comes to privacy regulation, a one-size-fits-all approach is not likely the best solution. And it's not desirable for government to set and enforce specific privacy technology requirements on private industry. Yet that seems to be where key lawmakers are headed, pushing to empower the government to define and enforce security technology requirements for private industry.

Customers' PII must be secured in a way that de-identifies personal data, such as obscuring Social Security numbers from database records and encrypting information systems. Often financial institutions think of IT-only security measures to protect personal data, but banks need to take a more comprehensive approach to securing PII. Most data breaches are linked to operational error -- a rogue employee or a stolen laptop.

Banks' policies and systems are very capable and mature, yet we see expenditures placed in the wrong areas. And with breach incidents on the rise, data breach preparedness is paramount. To better protect their customers' information, banks should do a PII-focused risk assessment; improve procedures around handling of PII inventory, including third-party risk and contracts; evaluate technologies for data breach detection; and have a breach-response plan in place. And many of these requirements are included in the Massachusetts Data Security Regulation.


Massachusetts Privacy Regulations Are Step in the Right Direction
Mass. Privacy Rule Doesn't Translate to National Standard
New Encryption, Vendor Privacy Requirements Good for Banks
Banks Spend in Wrong Privacy Areas

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio