The protection of consumer privacy, both online and offline, is an increasingly common theme. In the US, both the Commerce Department and the Federal Trade Commission have sweeping proposals out for discussion, and similar movements are underway in Europe. This article points out the huge gap that remains to be closed within financial firms; they may understand data protection laws at a high level, but operationalizing compliance remains a nightmare.
IT vendor Informatica commissioned a study about data protection, and Finextra reports:
“The survey of 437 senior IT employees at financial services firms in the UK, carried out by the Ponemon Institute, shows 85% of data used during software development and testing is made up of customer information, yet 43% of respondents are not taking any steps to protect it.”
Of comparable concern, according to the study findings, is that real customer data apparently leaves the premises of UK financial firms, under dubious or inadequate safeguards, when development and testing of applications is outsourced, as “nearly 85% of respondents” reported. Similar risks are apparent when developers are using cloud-based applications.
According to Finextra: Informatica concludes that “With security, compliance and legal teams being sidestepped, decisions around data protection are being made by those who are more likely to be driven by the need to meet corporate targets, rather than addressing data security risks.”
Clearly, most organizations require closer collaboration among these teams.
While this survey covered only financial firms in the UK, we suspect the results in the US would not be dissimilar, especially when including smaller financial firms and smaller development partners. We like to think that the very biggest firms “get it” on privacy and consumer protection, but even there, we can’t be certain that privacy policies are effectively implemented all the way through the organization. Privacy and data protection will be an over-riding issue moving forward.