Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Like this? Share it with your network

Share

Principle #6 privacy of client data to post

on

  • 451 views

 

Statistics

Views

Total Views
451
Views on SlideShare
451
Embed Views
0

Actions

Likes
0
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Principle #6 privacy of client data to post Presentation Transcript

  • 1. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 2
  • 2. Client Protection Principles 1. Avoidance of over-indebtedness 2. Transparent and responsible pricing 3. Appropriate collections practices 4. Ethical staff behavior 5. Mechanisms for redress of grievances 6. Privacy of client data 3
  • 3. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 4
  • 4. Privacy of Client Data: Principle in Practice A financial institution achieves this principle by respecting the privacy of client data and ensuring both the integrity and the security of the data. Privacy Security 5
  • 5. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 6
  • 6. Two Components to Protecting Client Data Privacy Security• Clients know how the institution •A rigorous system of checks will use their information. prevents the unauthorized use of client data and protects• Confidentiality policies govern access to accounts. the processes, use, and distribution of client data to third •The information technology parties. system is secure, protected by passwords, and several levels• The institution ensures that of authorized access. client data is correct before sharing it and gives clients the •The institution offers opportunity to correct it. orientation sessions that show• The institution asks for clients‟ clients how to safeguard their permission before sharing their PIN numbers and other data with credit bureaus or sensitive information. using it in marketing materials. 7
  • 7. The Client Perspective: Can your clients agree with the following? I know the institution‟s policy on sharing my personal and financial information with third parties. I have been informed that the institution will ask my permission before sharing my information with third parties, and before using my photo in any marketing materials. I know how to keep my PIN number safe. The institution has explained to me how they keep my data secure. The institution asked me before submitting my information to the credit bureau (if applicable). 8
  • 8. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 9
  • 9. Feedback from Participants Have you been in a situation where the security/privacy of your personal or financial information was compromised? How did you respond to the situation? Have you witnessed privacy or security lapses at your institution? How did your institution respond? Is this an issue that your clients care about? If something went wrong and their personal or financial information was compromised, would it affect your business? Have data management practices and systems evolved at your institution since you have worked there? How so? 10
  • 10. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 11
  • 11. Lessons from Practitioners [Write your points for the presentation here:] • Points • Points • Points • Points 12
  • 12. Privacy of Client Data: Indicators of Good Practice Written Privacy Policy • A written privacy policy governs the gathering, processing, use, and distribution of client information. Systems Protect Clients • Systems, including secure IT systems, are in place and staff are trained to protect the confidentiality, security, accuracy, and integrity of clients‟ personal and financial information. Client Knowledge • Clients know how their information will be used. Staff explains how data will be used and seeks permission for use. 13
  • 13. Privacy of Client Data: Indicators of Good Practice Written Client Consent • Written client consent is required for use of information in promotions, marketing materials, and other public information. Clients are asked for written agreement for sharing personal information with any external parties, including credit bureaus. Client Training • The organization offers information, orientation, or educational sessions to clients on how to safeguard information, and access codes or PIN numbers. 14
  • 14. Good Practice: Using Technology to Protect Data One cooperative in Mexicodeveloped a custom management information system (MIS) to store, update, and, manage member data. A customized MIS allows the cooperative to: • Maintain the MIS using theirown staff. • Establish a clearly defined “user access hierarchy” for staff accessing sensitive data. • Changepasswords frequently. • Use an “internal hacker” whose role is to constantly test the integrity of the system by attempting to break into the system from outside the cooperative. 15Source: Caja Morelia Valladolid
  • 15. Good Practices to Safeguard Privacy  Employees sign a confidentiality agreement at the same time as their employment contract.  Clients give written permission before the institution can use their image and/or story in marketing materials.  The institution has a periodic program for clients to update their data and incentivizes them to participate. 16
  • 16. Good Practices to Ensure Security  Information about collections can only be accessed by the collections agent, branch manager, and the headquarters Collections Department.  Physical copies of client data are secured in branch locations and digital information is in a secure database.  The institution uses a power-sharing system: only the branch can change client information, while headquarters can access data from all branches.  Institutional information available on the „intranet‟ cannot be printed or downloaded for use outside the office. 17
  • 17. Good Practices from Around the World: AUDITING PHYSICAL SECURITY • One MFI requires its Internal Audit department to check the physical security of filing systems at headquarters, branches, and correspondent banking locations. These security audits ensure that client files are stored securely and that only authorized employees can access them. MAINTAINING CORRECT INFORMATION • One MFI assists clients who need to correct/update incorrect personal or financial information. This includes not only helping clients correct the MFI’s record, but also making sure that credit bureaus and government agencies have correct information about the client as well. 18
  • 18. Agenda 1. Client protection principles 2. Principle #6 in practice 3. Two components of protecting client data 4. Participant feedback 5. Practitioner lessons and good practices 6. Conclusion and call to action 19
  • 19. ConclusionSummary: • The Smart Campaign has developed six principles of client protection, one of which is privacy of client data. • Financial institutions satisfy this principle by respecting the privacy of client data and ensuring it is both secure and uncompromised. • Maintaining the privacy of client data requires implementing adequate safeguards, systems, and policies, but also informing the client about the use of their personal information and obtaining client consent before sharing it with a third party. • What “next steps” can your organization take Call to to institutionalize and/or improve systems for action maintaining the privacy and security of client data? 20
  • 20. Thank you! Join the Campaign and Endorse the Principles of Client Protection Have questions? Want more information? Contact the Smart Campaign Email: info@smartcampaign.org 21