Data privacy is an increasingly complex and contentious topic. The appropriate use of data and transparency to the potential uses of the data are at the center of debate amongst the largest Big Tech companies.
The protection and controls around data become increasingly complex when used in the context of banking and insurance activities. Personal and confidential information carries heightened sensitivity in the light of financial, health and insurance activities. Security and controls around such data is critical as any breach or misuse can ultimately impact the well-being – financial and reputational – of an individual or business. As digital transformation initiatives move forward, many fast-forwarded by the pandemic, digital data footprints are expanding. The care and protection of such data remains a top priority as evidenced by the March 2nd approval of the Virginia (US) Consumer Data Protection Act (CDPA).
As the second state in the US to approve such regulation, the Virginia law is similar to the California Consumer Privacy Act (CCPA), with rules on access rights, correction, and use of data including transparency about how data is used. Virginia’s law will go into effect on January 1, 2023. And so we’re off and running in the US with a de-segregated approach to data privacy, at least so far, and numerous states moving forward with similar regulatory proposals. This will surely cause headaches for organizations with operations in multiple states, each with their own data privacy regulations.
Australia was a forerunner in privacy with the introduction of The Privacy Act in 1988. Probably more well known, the EU’s GDPR serves as a model for much of the new data privacy legislation coming forward. The General Data Protection Law in Brazil leveraged the EU GDPR framework and additional Latam countries are underway with plans to revise and update privacy laws. The APEC Framework (Asia-Pacific Economic Cooperation) seeks to protect privacy of information flows across the region. Overall, the experience with implementing GDPR may help global organizations address new changes being introduced but all organizations, big and small will be impacted.
Breaking down Silos
As we know, financial institutions and insurers maintain a myriad of legacy systems by lines of business which have a transactional database and related archival databases / warehouses. Now, the purpose and approved use of that data will be under greater scrutiny at a time when the potential use of that data is in high demand. It won’t matter if you can collect social media data or geo location data, images, etc. if you cannot properly secure that data. Reporting on the Virginia CDPA, a recent American Banker article highlights that the introduction of the state privacy laws may force banks to break down the silos.
Will the data privacy controls ultimately help create an enterprise approach to data? Data lies at the heart of knowing the customer and enabling a better customer experience. Risk management can be optimized by the improved use of data and analytics to run models, account for more variables and scrutinize probable outcomes. Machine learning is proven to help in the fight against fraud. Financial institutions and insurers understand the benefits of more data. It’s just not easy.
While totally removing the silos may not be possible, a strategy that gets to a streamlined approach to data warehousing and a consistent, enterprise approach to data governance will yield measurable results – regulatory compliance related to privacy laws and improved operating results. With a strategy and enterprise wide approach to governance in place, compliance becomes a side benefit of becoming a more data-driven organization.
Here are two examples of Cloudera customers that have realized these benefits:
Privacy Compliance – The benefits of privacy regulation compliance are self-evident. However, this case study illustrates how a comprehensive compliance approach undertaken by a Consumer Credit company was a critical component to their database rationalization strategy that leverage both on-premises and public cloud environments.
Improved Operations – The benefits of breaking down silos and embracing an enterprise data approach are illustrated by United Overseas Bank. They have realized the synergy of an enterprise approach across different business functions including compliance, retail banking asset management, and wholesale banking data to optimize their business processes, to design distinctive customer experiences, and to improve detection of financial crimes.
Necessity is the Mother of Invention
The saying is “Necessity is the mother of invention.” In this case, regulation could be the mother of enterprise data governance. And while enterprise data governance is not really a new innovation, it is a sort of utopia for mature industries and companies with complex infrastructures.
Before the data privacy regulations overtake your business strategy and goals, advance and solidify your enterprise data strategy. To learn more about Cloudera’s approach to data governance, visit SDX-Shared Data Experience. For more information about how we enable customers to leverage their data, visit our Financial Services and Insurance pages.