Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:15 PM
Rick Kam, President and Founder, ID Experts Corp. (Beaverton, Ore.)
Rick Kam, President and Founder, ID Experts Corp. (Beaverton, Ore.)
Connect Directly

Banks Spend in Wrong Privacy Areas

Information security depends on policies and procedures as much as technology.

Rick Kam
Massachusetts is self-imposing stricter privacy rules. Such measures to increase the protection of individuals' personally identifiable information (PII) are a good thing for customers, and states have been working on privacy regulations, with Massachusetts, Nevada, New Jersey and New York on the forefront.

However, when it comes to privacy regulation, a one-size-fits-all approach is not likely the best solution. And it's not desirable for government to set and enforce specific privacy technology requirements on private industry. Yet that seems to be where key lawmakers are headed, pushing to empower the government to define and enforce security technology requirements for private industry.

Customers' PII must be secured in a way that de-identifies personal data, such as obscuring Social Security numbers from database records and encrypting information systems. Often financial institutions think of IT-only security measures to protect personal data, but banks need to take a more comprehensive approach to securing PII. Most data breaches are linked to operational error -- a rogue employee or a stolen laptop.

Banks' policies and systems are very capable and mature, yet we see expenditures placed in the wrong areas. And with breach incidents on the rise, data breach preparedness is paramount. To better protect their customers' information, banks should do a PII-focused risk assessment; improve procedures around handling of PII inventory, including third-party risk and contracts; evaluate technologies for data breach detection; and have a breach-response plan in place. And many of these requirements are included in the Massachusetts Data Security Regulation.

Massachusetts Privacy Regulations Are Step in the Right Direction
Mass. Privacy Rule Doesn't Translate to National Standard
New Encryption, Vendor Privacy Requirements Good for Banks
Banks Spend in Wrong Privacy Areas

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.