One-third of financial firms lack clear plan to address privacy risks

Published: Tuesday, 17 March 2020 14:02

One-third of financial services organizations lack a clear plan or the resources to address privacy risks related to customer data in the next 12 months, according to a new report by Accenture.

The report - 'Privacy in Financial Services: Stature and Sustainability in the Information Age' - is based on a survey of 100 privacy executives in the banking, insurance and capital markets sectors in North America and Europe. It focuses on how companies should rethink how they use, store and protect customer data as recently implemented regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), give consumers explicit privacy rights.

According to the report, seven in 10 respondents (70 percent) see privacy as a key risk for their firms, increasing the need for a clear privacy strategy. Noting that nearly three-quarters (72 percent) of respondents’ companies use consent to tailor customer-facing products and services, the report suggests that financial services firms incorporate privacy into the overall customer journey by giving customers more control over their data and deleting personal information upon request. 

“Given the renewed regulatory focus and threat of significant financial fines, it’s not surprising that financial services firms are making privacy a top priority,” said Ben Shorten, a managing director in Accenture’s Strategy & Consulting group. “But these institutions should think beyond the compliance risks and consider the broader opportunity to elevate the customer experience around privacy.”

When asked which privacy risks will require the most effort to remediate over the next year, respondents most often cited privacy risk monitoring (51 percent), the accuracy and maintenance of records processing/ information asset registers (44 percent), and records management and data retention/deletion (41 percent).

These risks are heightened by the ‘right to erasure’ requests under GDPR and CCPA, which empower consumers to ask companies to delete their personal data upon request, making proper records management critical. One way that firms can achieve this, according to the report, is by using automated tools to aid with data discovery.

More details.