Managing IT Security and Data Privacy Security to Enhance the

Client ExperienceOvum Financial Services Technology

Forum

25th June 2013

Alpesh Doshi

Fintricity

A CHANGE IN CUSTOMER RELATIONSHIPS

Most B2C Brands Use Social Media

Engagement is now part of the

FABRIC

Customers want a better relationship with their BRANDS

SOCIAL DATA IS A NEW CURRENCY OF ENGAGEMENT

We generate vast amounts of DATA

On the web and Social sites

Data on our likes, activities, friends, views/opinions

Social Data is now a currency that can be used to build one-to-one relationships with customers.

Carefully harvesting, analysing and leveraging social media data, banks may be able to gain valuable insight into customer investment patterns, market trends and value propositions.

WHAT KIND OF DATA IS AVAILABLE?

WHAT KIND OF DATA IS AVAILABLE?

DemographicsAge, Gender,

Geography, HHI, Level of

Education, List of friends, Friends of Friends

InterestsProfile-Based, Contextual,

Demonstrated, Undeclared

ActionsCreating, Rating, Sending, Sharing,

Uploading, Watching, and more

InteractionHow people interact

with content and ads: Clicks, time spent, interactions, videos

completed

Recency and Frequency

How often and when people

express interests or actions

Sentiment and Exposure

What people say, what they read, and when and how they

say and read it

SECURITY STRATEGY FOR PERSONAL DATA

Data Protection and Data Privacy regulations must be implemented

Information Risk Standards – ISO 27001

Regulatory and FCA/PRA Requirements

SECURITY STRATEGY FOR PERSONAL DATA

DATA PROTECTION• Personal data must be processed fairly

and lawfully

• Obtained for only one or more specified lawful purpose

• Adequate, relevant and not excessive

• Accurate and kept up to date

• Not be kept for longer than is necessary

• Processed in accordance with data subjects’ rights

• Appropriate technical and organisational measures

• No transfer outside the EEA unless adequate protection

RISK MANAGEMENT• Brand Reputation and loss of credibility can

be catastrophic for a financial services organisation

• Confidential Information about identified individuals, even though some of the data is publicly available, must be ‘managed’ carefully

• Internal Policies, both business and technology policies must be coherent and linked across departments

• Monitoring and management of these risks, and how they meet requirements must be implemented

GAPS IN APPROACHES BY FINANCIALS SERVICES COs

Most firms don’t have joined up policies.

Firms tend to have a reactive approach to implementing risks and only do so when an event happens.

Integrated Monitoring is key.

Most firms have not identified data or assessed security risks that are faced by firms.

Data ownership and use of Social .has not been considered yet, but is being used

SECURITY SOLUTIONS AND ARCHITECTURES

Build architectures that incorporate security from the start

The volumes and timeliness of Social Data requires revised operating models and systems architecture

Governance, Risk, Compliance solutions updated

Data Security and Use Lifecycle approach created in an integrated way

Risk Mitigation must be the business imperative, but enable agility and improved customer engagement

SUMMARY

Data Privacy and IT Security has become more complex.

Data Protection and Privacy, Information Risk (ISO 27001), and Regulatory Requirements must be combined into a overall Security Strategy

A combination of business and technology approaches are required

It requires joined up thinking and implementation between the business and IT

Thanks for Listening

Any Questions?

Alpesh Doshi, Fintricitym: +44 7973 822820

w: www.fintricity.com

t: @alpeshdoshi

l: www.linkedin.com/in/alpeshdoshi

References• Guarding the Social Gates, The imperative for Social media Risk Management, Alan Weber, Altimeter Group, August 2012

• Social Data: Managing data privacy and other Legal Risks, Belinda Doshi, Partner, Nabarro, September 2012

• FCA – Data Security http://www.fsa.gov.uk/pubs/other/data_security.pdf

• The Social Banker – Social Media Lessons from Banking Insiders KPMG, April 2012