In today’s technological age, protecting your personal information, whether it is your banking information, name, address, etc. is vitally important. Data privacy or information privacy is a branch of data security concerned with the proper handling of data/information so that third parties cannot have access. More specifically, practical data privacy concerns often revolve around whether or how data is shared with third parties or how data is legally collected or stored.

What is the Difference between Data Privacy vs. Data Security?

Data Security and Data Privacy are often used interchangeably, but there are distinct differences:

1) Data Security protects data from compromise by external attackers and malicious insiders.

2) Data Privacy governs how data is collected, shared and used.

Data Privacy and Financial Institutions

Financial institutions and service providers to the financial industry often process a vast amount of personal data on a daily basis. Much of the data processed is confidential and sensitive and is considered privileged i.e. restricted to the entities themselves and can only be admissible in court if intervening legal circumstances dictate otherwise, such as in a Money Laundering Investigation. Due to the very nature of privileged information, there are increased risks and a likelihood of a focus on this sector by Supervisory Authorities, which tend to have legal rights to audit and impose administrative fines and sanctions.

Financial Institutions should seek to put in place Data Protection Impact Assessments. This is essential in order to assess inherent risks and put systems in place to mitigate them due to the high volume of confidential customer data. Having the appropriate technical and organizational measures in place in order to detect, handle and report a breach will, therefore, be crucial for Financial Institutions. Here are some Tips to secure your data:

 Change management passwords at initial installation.

 Implement a tiered data protection and security model including multiple perimeter rings of defence to counter applicable threats.

 Include both logical (authorization, authentication, encryption and passwords) and physical (restricted access and locks on server, storage and networking cabinets) security. Logical security includes securing your networks with firewalls, running antispyware and virus-detection programs on servers and network-addressed storage systems.

 Implement storage systems based on volume or logical unit number mapping and masking as a last line of defence for your stored data.

 Leverage access logs, as well as, perform background checks of third party personnel who may be handling your data.

 Identify where weak links are in your data-movement processes and correct those deficiencies. Always conduct follow up assessments.

 Change your key-code or access code regularly and inform only those who need access.

Remember that any comments and queries can be sent to us at kaw@kawmanagement.com and info@kawmanagement.com or visit our website at www.kawmanagement.com.