Data Leakage Still Prime Concern

Data leakage will continue to plague financial institutions in the coming year.

Data leakage is a growing problem for financial services and continues to garner sensational publicity. Such publicity in turn acts as a damage multiplier by triggering retaliatory behavior among frightened or angry customers, investors, regulators and others who might not otherwise have known about a particular incident.

Although data leakage in financial services always has been a great concern, it has become of greater concern in recent years. This can be attributed to three key factors:

1. Consolidation and globalization. Consolidation and globalization have led to larger institutions comprised of significantly larger and more diverse workforces, and to greater employee turnover, increasing the risk of insider theft of sensitive data.



2. Rise of the extended enterprise. The dramatic advances in electronic communications and commerce have made it possible and desirable to extend the traditional corporate boundaries, making its resources and information more accessible to outsourcers, third-party processors, and vendor and customer partners, thereby increasing the number of parties with access to sensitive information.



3. Increased value of information. With the growth of electronic commerce, organized crime has found a less risky and more profitable way to commit crimes, including identity-theft-related fraud. It now is easier to recruit accomplices and commit crime at a safe distance, often hiding from the law in foreign countries where it is more difficult to be caught and prosecuted. This has increased the value of information and the temptations for employees to steal it.



4. Closely associated with data leaks is the issue of data retention. With the explosion of digital information, corporations are storing trillions of bytes of information. The cost of storing the data is the least of the issues. The information has to be classified and filed, and the confidential information must be protected against unauthorized access. Different types of information have to be retained for different lengths of time, and data has to be found and retrieved if requested within tight time frames.

The rules are particularly complex for financial institutions, where variations abound across lines of business and global locations. While the industry has been working to establish electronic document/records management policies, procedures and technologies for the past several years, processes largely are not automated and not connected end-to-end across businesses.

Discovery of electronically stored information (ESI) still is a challenge. Poor information access controls help contribute to data leakage. At the same time, the costs associated with leaving these challenges unchecked cannot be understated -- recent penalties issued against major corporations for inefficiencies and errors in records management programs included $1.4 billion, $253 million and $29.2 million fines.

With so much at stake, there is a critical need for a top-down view of organizational requirements, accountabilities and capabilities that can reduce the time, cost and complexity of records management and speed the development of technology tools that can help automate the associated processes and reduce the chance of data leakage. Process innovation also is required to rethink the old ways of doing business and minimize the amount of information that needs to be shared across organizations, thus minimizing the corporation's exposure to data leakage and the cost of data retention.