It’s time to embrace customer data privacy and security

Share this post:

Customer data is the modern enterprise’s most valuable asset. For years, enterprises have collected and stored it without giving it a second thought. Now, new technology, business and regulatory challenges are forcing them to rethink how they collect and manage that data.

Customer data drives innovations like artificial intelligence and blockchain solutions. For most companies, it fuels increases in their share of existing markets, and it’s the key to unlocking new ones.

But for companies that don’t master privacy and security, data can be toxic. If they don’t protect their customers’ data, they face potential financial and legal repercussions. Enterprises must learn how to use data responsibly and transparently — not only to comply with stricter regulations, but also to build relationships with their customers.

Companies that don’t properly protect and account for data risk abusing it unwittingly, which can damage a company’s reputation and erode its relationships with its customers. As described in a report from the GAO, some experts worry about the potential data abuses, such as the exclusion of potential customers from products and services like insurance and bank loans based on alternative credit data. Others point to the potential for automated AI systems to introduce bias and discrimination based on misuse of customer data.

A shifting regulatory landscape

These potential data abuses are drawing interest from policymakers. Stricter regulations are changing the compliance landscape. Data protection is more than a perk; it’s a strategic imperative.

For example, automated profiling and decision-making is a danger that the European Union’s General Data Protection Regulation tries to protect its data subjects from. Organizations holding such data face penalties that could reach 4 percent or 20 million euro of their global revenues, whichever is higher, if they do not meet its strict requirements. Some companies have already been hit with multi-million euro fines for violating the GDPR.

There’s a mounting movement for similar data protection across the globe, including in the U.S. The California Consumer Privacy Act will require companies who collect data from California residents to be transparent about what they will do with that information and who gets to see it. More than 10 other U.S. states are also mulling strict privacy legislation.

At the federal level, congressional leaders have introduced several bills targeting the privacy of data and data security, such as the Privacy Bill of Rights Act from U.S. Sen. Ed Markey, a Democrat from Massachusetts.

Even in the absence of cohesive federal legislation, individual agencies are nonetheless toeing a harder line. For example, the Federal Trade Commission investigates potential privacy violations and issues penalties where necessary. We expect this wave to continue and think that regulations at a state and federal level in the U.S. may tighten over the next three to five years as lawmakers pay more attention to consumer concerns about data privacy.

Embracing data privacy

These challenges need not be negative for enterprises. If handled correctly, they present significant opportunities.

A proactive approach to privacy can put you in front of compliance challenges and become a useful tool in international expansion. A company without a coherent privacy framework might face unexpected data sovereignty challenges as they try to move and store customer data in other countries. By understanding these issues and preparing legal and technical structures to support your plans, you can better optimize and maximize data use within your established risk tolerance and get ahead of this challenge.

Similarly, a company might develop a product that uses sensitive data. These products and services are common, such as insurance contracts, connected home devices and more. Without the right data privacy review process, the vendor may run into regulatory challenges. By preparing these processes ahead of time, it can help address concerns early and even potentially speed up time to market.

The time to examine your approach to data privacy and security is now. The value of a comprehensive privacy framework will become clear as data becomes an increasingly critical asset.

Learn more about IBM’s data security services and the privacy and data protection practice of Promontory Financial Group, an IBM company.

Partner, Global Business Services, Financial Services

H. Leigh Feldman

Managing Director, Privacy & Data Protection, Promontory Financial Group, an IBM Company

Alan Schienberg

Senior Vice President, Promontory Financial Group, an IBM Company

More Banking stories

The challenge of managing hundreds of daily GRC alerts

Today we are inundated with alerts, breaking news, celebrity scandals and what their neighbor had for lunch.  The feeds are not limited to one medium; your computer, your television, your phone, your tablet and now even the watch you wear on your wrist. The flood of data that comes in can bury a person. How […]

Continue reading

GRC is everyone’s business

In my May 2019 blog, “Has GRC Reached Its Tipping Point? Observations From The Front Lines”, I described a set of common patterns that are driving business initiatives in Governance, Risk & Compliance. These highlighted that: Organizations are transforming their GRC frameworks, They are driving to realize greater benefits from already significant GRC investments, and […]

Continue reading

Is your sales performance management mid-year correction strategy effective?

Building a strategy and doing the right planning in order to achieve corporate objectives is the key to any business, and no doubt, planning sales compensation plays a crucial role in meeting those goals. A lot of time and effort goes into planning these at the beginning of the year, but sudden changes in the […]

Continue reading