Data privacy and security has been getting a lot of press as the industry looks ahead to when the California Consumer Privacy Act takes effect January 1.
Financial institutions are well-prepared for this sweeping new law which will give Californians—and by extension Americans—the right to know what personal data is being collected and sold and request that a company delete that data. It’s been compared to GDPR in the EU.
But what exactly is the difference between data privacy and data security? Read on to find out.
What is Data Privacy?
Privacy is defined as “the state or condition of being observed or disturbed by other people,” but I like to think of it as your secrets. It’s the personal things about yourself that you don’t want others to know. This may include financial information, health information, or even information you just might not want to share publicly, like the fact that you’re really excited about the upcoming theatrical release of CATS.
When it comes to banking, your customers and members are trusting your financial institution with their secrets. And unlike when you told your high school best friend about your crush on Karen Smith, the bank is legally required to keep your secrets.
What is Data Security?
Security is defined as “the state of being free from danger or threat,” or in the case of data security at your bank, it’s customers and members being confident that your FI is keeping those secrets safe. It’s the policies, procedures, and controls your FI uses to ensure data isn’t leaked or breached.
In response to CCPA, FIs have revisited policies and procedures regarding data privacy and security, re-examining what data is collected and how it is shared, including in relationships with third-party vendors. Having operated under GLBA regulation and its requirements for protecting non-public personal information (NPI) for years, they should be well-positioned to adapt to these changes—both internally and in third-party vendor due diligence.
But it’s also a challenge. Consumers are increasingly concerned about their privacy and are ending relationships with entities that don’t take their privacy concerns seriously. Between legal and reputational risk, the cost of cyber breaches are increasingly high and stories of breaches are a regular occurrence, with large-scale breaches at T-Mobile and Macy’s reported just last month.
How confident are you in the ability of your FI and its vendors to protect customer privacy? It’s a question your FI should be asking regularly to ensure that it’s testing systems, engaging in due diligence and monitoring, and keeping pace with evolving threats.
Customers are entrusting you with their secrets. Make sure you keep them in the vault.