Federal law could protect US banks from data deluge

Financial services firms in the US are being overwhelmed by the volume, variety and velocity of sensitive data they have to process, according to Kristina Bergman, CEO of Integris Software, and calls from the Consumer Banking Association (CBA) for a federally-mandated privacy law could help solve a patchwork of state legislation. Earlier this month CBA …

by | May 16, 2019 | bobsguide

Financial services firms in the US are being overwhelmed by the volume, variety and velocity of sensitive data they have to process, according to Kristina Bergman, CEO of Integris Software, and calls from the Consumer Banking Association (CBA) for a federally-mandated privacy law could help solve a patchwork of state legislation.

Earlier this month CBA chief executive officer Richard Hunt sent a letter to Senate Commerce Committee chairman Roger Wicker and ranking member Maria Cantwell. Hunt wrote: “Congress should take seriously its authority and enact a federal data security and breach notification standard and pre-empt the current patchwork of state laws.

“With the recent breaches that have put millions of consumers at risk, the need to pass legislation to establish such a standard could not be more evident. Protecting consumer information is a shared responsibility of all parties involved.”

US citizen’s data is regulated by laws enacted at both national and state level. However, there is currently no principal data protection legislation. Federal statutes are usually targeted at specific sectors, and state laws focus on the privacy rights of individual consumers.

The Gramm Leach Bliley Act outlines the protection of personal information owned by the financial services industry. The Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) are also charged with protecting customers against data security loss.

For Bergman, meeting data security compliance requirements boils down to doing two key functions: “The first is understanding where sensitive data resides across all data source types, and the second is to map that data back to data handling obligations. Sounds simple enough, but companies really struggle on both fronts. Only 17% of mid and large US enterprises are able to incorporate all five common data types into their privacy management programs.

“Having a federal law won’t help much if you don’t understand what data you have and where it resides. But a federal law could simplify compliance by providing a standard taxonomy and rules around your data handling obligations. There are 30 states in the US with privacy legislation on the floor. It's only going to get worse before it gets better. A federal law would replace the growing patchwork of state legislation."

According to a report from US-based non-profit the Identity Theft Resource Center (ITRC), there were 135 data breaches in the US financial services sector in 2018, with 1.7m records exposed. The business sector recorded the highest level of breaches, at 571, exposing 415m records.

In the CBA letter, Hunt said banks are “on the front lines consistently monitoring for fraud and working to make consumers whole, no matter where a breach occurs.” From operating advanced fraud monitoring systems to reissuing cards, he added, CBA members spend considerable resources on preventing fraud.

Bergman believes data security issues are of critical importance to financial services firms. “These firms are being overwhelmed with the volume, variety, and velocity of sensitive data. Massive amounts of data are now streaming in and out of financial services firms. Much of this information is now ending up in data lakes which have the potential to become data dumpsters.

“The first step is to stop relying on spreadsheets and manual surveys to inventory your data sources. Financial services firms can adopt more modern approaches such as automating the discovery and classification of sensitive data across all data source types including file storage, big data systems, structured databases, SaaS applications, data lakes, and streaming data sources.”

Categories:

Resources

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Other | Behavior detection & predictive analytics Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Gresham Technologies

Regulatory reporting: 7 Questions with Philip Flood, Gresham Technologies

Philip Flood, Business Development Director, Regulatory and STP Services, recently joined the ‘7 questions with…’ podcast with Gert Raeves of… Continue Reading

View resource
Real-time payments tech put pressure on banks

Best Practice | Behavior detection & predictive analytics Real-time payments tech put pressure on banks

INTIX

Real-time payments tech put pressure on banks

The transformation to real-time has seen the market modernise, but there is a further need for banks to have the… Continue Reading

View resource
TransferGo Case Study - payments industry

Case Study | Behavior detection & predictive analytics TransferGo Case Study - payments industry

ReconArt, Inc.

TransferGo Case Study - payments industry

Bank statement and Account Payables reconciliation. Seamless integration with NetSuite. TransferGo outlined two major product requirements. First – full… Continue Reading

View resource

New GFT podcast on AI

In the latest episode of our new podcast series on AI entitled ‘Artificial Intelligence, Intelligently Applied’, our host Simon Thompson… Continue Reading

View resource