The latest enterprise risk management news from around the world

One-third of financial firms lack clear plan to address privacy risks

One-third of financial services organizations lack a clear plan or the resources to address privacy risks related to customer data in the next 12 months, according to a new report by Accenture.

The report - 'Privacy in Financial Services: Stature and Sustainability in the Information Age' - is based on a survey of 100 privacy executives in the banking, insurance and capital markets sectors in North America and Europe. It focuses on how companies should rethink how they use, store and protect customer data as recently implemented regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), give consumers explicit privacy rights.

According to the report, seven in 10 respondents (70 percent) see privacy as a key risk for their firms, increasing the need for a clear privacy strategy. Noting that nearly three-quarters (72 percent) of respondents’ companies use consent to tailor customer-facing products and services, the report suggests that financial services firms incorporate privacy into the overall customer journey by giving customers more control over their data and deleting personal information upon request. 

“Given the renewed regulatory focus and threat of significant financial fines, it’s not surprising that financial services firms are making privacy a top priority,” said Ben Shorten, a managing director in Accenture’s Strategy & Consulting group. “But these institutions should think beyond the compliance risks and consider the broader opportunity to elevate the customer experience around privacy.”

When asked which privacy risks will require the most effort to remediate over the next year, respondents most often cited privacy risk monitoring (51 percent), the accuracy and maintenance of records processing/ information asset registers (44 percent), and records management and data retention/deletion (41 percent).

These risks are heightened by the ‘right to erasure’ requests under GDPR and CCPA, which empower consumers to ask companies to delete their personal data upon request, making proper records management critical. One way that firms can achieve this, according to the report, is by using automated tools to aid with data discovery.

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.