Transcript of "Managing it security and data privacy security"
Managing IT Security and DataPrivacy Security to Enhance theClient ExperienceOvum Financial Services TechnologyForum25th June 2013Alpesh DoshiFintricity
A CHANGE IN CUSTOMERRELATIONSHIPSMost B2CBrands UseSocial MediaEngagement isnow part of theFABRICCustomers want abetter relationshipwith their BRANDS
SOCIAL DATA IS A NEWCURRENCY OF ENGAGEMENTWe generatevast amountsof DATAOn the web andSocial sitesData on our likes,activities, friends,views/opinionsSocial Data is now a currency that can be used tobuild one-to-one relationships with customers.Carefully harvesting, analysing and leveragingsocial media data, banks may be able to gainvaluable insight into customer investment patterns,market trends and value propositions.
WHAT KIND OF DATA ISAVAILABLE?DemographicsAge, Gender,Geography, HHI,Level ofEducation, Listof friends,Friends ofFriendsInterestsProfile-Based,Contextual,Demonstrated,UndeclaredActionsCreating, Rating,Sending, Sharing,Uploading, Watching,and moreInteractionHow people interactwith content and ads:Clicks, time spent,interactions, videoscompletedRecency andFrequencyHow often andwhen peopleexpress interestsor actionsSentiment andExposureWhat people say,what they read, andwhen and how theysay and read it
SECURITY STRATEGY FORPERSONAL DATAData Protection andData Privacy regulationsmust be implementedInformation RiskStandards – ISO 27001Regulatory and FCA/PRARequirements
SECURITY STRATEGY FORPERSONAL DATADATA PROTECTION• Personal data must be processed fairlyand lawfully• Obtained for only one or more specifiedlawful purpose• Adequate, relevant and not excessive• Accurate and kept up to date• Not be kept for longer than is necessary• Processed in accordance with datasubjects’ rights• Appropriate technical and organisationalmeasures• No transfer outside the EEA unlessadequate protectionRISK MANAGEMENT• Brand Reputation and loss of credibility canbe catastrophic for a financial servicesorganisation• Confidential Information about identifiedindividuals, even though some of the data ispublicly available, must be ‘managed’carefully• Internal Policies, both business andtechnology policies must be coherent andlinked across departments• Monitoring and management of these risks,and how they meet requirements must beimplemented
GAPS IN APPROACHES BYFINANCIALS SERVICES COsMost firms don’thave joined uppolicies.Firms tend to have a reactiveapproach to implementing risks andonly do so when an event happens.IntegratedMonitoring iskey.Most firms have not identifieddata or assessed security risksthat are faced by firms.Data ownership and use of Social .has not beenconsidered yet, but is being used
SECURITY SOLUTIONS ANDARCHITECTURESBuild architecturesthat incorporatesecurity from the startThe volumes and timeliness ofSocial Data requires revisedoperating models and systemsarchitectureGovernance, Risk,Compliancesolutions updatedData Security and UseLifecycle approach createdin an integrated wayRisk Mitigation must be the business imperative, butenable agility and improved customer engagement
SUMMARYData Privacy and ITSecurity has becomemore complex.Data Protection and Privacy, Information Risk (ISO27001), and Regulatory Requirements must becombined into a overall Security StrategyA combination of businessand technology approachesare requiredIt requires joined up thinking and implementationbetween the business and IT
References• Guarding the Social Gates, The imperative for Social media Risk Management, Alan Weber, Altimeter Group, August 2012• Social Data: Managing data privacy and other Legal Risks, Belinda Doshi, Partner, Nabarro, September 2012• FCA – Data Security http://www.fsa.gov.uk/pubs/other/data_security.pdf• The Social Banker – Social Media Lessons from Banking Insiders KPMG, April 2012
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.