In August 2019, Australia made a giant leap towards an open data economy by passing Consumer Data Right (CDR) legislation. Following in the footsteps of the EU’s General Data Protection Regulations (GDPR), the CDR grants consumers the right to transfer personal data from one place to another with ease. It also allows consumers to switch service providers seamlessly, which increases competition in the financial services industry.
Our regulatory system is incredibly complex when it comes to the storage and use of data. While the need to protect customer data has been around and supported for some time, a new trend of enhancing customer control and supporting open data has emerged, with open banking set to be fully introduced into the Australian financial sector by February 2020.
This creates a serious dilemma for banks and other financial institutions, as they struggle to find the balance between maximising the customer experience and ensuring adequate security for sensitive data.
Maintaining Data Sovereignty
Data sovereignty revolves around the idea that data is subject to the laws of more than one country. For example, if your customer data is stored digitally with a cloud service provider, it may be stored overseas.
Businesses choose to do this for a multitude of reasons. It makes doing business easier, is more cost effective and ensures their data is backed up and stored safely and securely.
The reason that data sovereignty matters is because it raises questions about your compliance with privacy obligations and data security. Many Australian businesses have legal obligations under Australian privacy laws and the Australian Privacy Principles (APP), both of which cover the disclosure of personal data across borders.
If you store data overseas, not only do you need extensive internal procedures to secure the data, the data storage needs to be done according to local laws. If you choose to store your data in Australia with a local host, you’ll have greater data sovereignty with complete peace of mind knowing where your data is stored, how it’s protected and that it’s compliant with Australian legislation.
How To Protect Your Customer Data
Customers put their full trust in financial services institutions and expect that they won’t misuse sensitive data. But many consumers may not realise what rights they sign away and how their info can be used for digital marketing.
For example, if a customer signs up to receive an email newsletter or SMS notifications, they expect that private info like their email address or phone number is stored in a secure CRM database. Customers expect this data to only be used for that express purpose, not to be sold to an external third-party without their knowledge or consent.
To maintain customer trust, you should disclose what type of data you will collect, and what will be shared with external parties. According to a 2019 Deloitte survey, most respondents value transparency and clear communication as the most important factors when choosing a bank. By offering full transparency as to how you’ll be storing and potentially using their sensitive information, you’ll be able to create a strong sense of trust while actively demonstrating how you intend to protect this data.
You also need to ensure you’re using smart policies to educate and train employees on common standards when it comes to data privacy. This includes not opening suspicious emails, making sure websites don’t contain gaps for hackers, keeping up firewalls around any networks used for transporting data and restricting access to certain sensitive data to a few select employees.
As hackers become more sophisticated, companies need to ditch outdated tech and make sure they’re using CRM systems that rely on to local data storage, follow current best practices and leverage the latest security techniques. In order to protect sensitive info sent out via email or mobile, banks should also consider conducting regular audits of their security practices to tackle any flaws.
Open banking is set to revolutionise the Australian financial sector. It will grant more power to the consumer while encouraging competition between brands, leading to better pricing and more innovative services offered by banks.
As a result of this ongoing evolution, many financial services companies are at cross-roads when it comes to managing, storing and sharing private customer data. By hosting your data locally with a trusted provider, being transparent with customers and constantly evaluating your security practices, you can successfully navigate complex regulatory systems and strike the perfect balance between data protection and data sharing.