BANGALORE, INDIA: There is a lot of focus today on regulatory compliance involving financial reporting, security and data privacy.

Organizations are facing increased scrutiny from customers, staff and regulators of the way in which they deal with personal and other business data. Today, almost all of the data and information security survey reports highlight rising number of data breaches and increasing impact of data breach costs.

The cost impact is higher for the organizations that experience data breaches for the first time.
Data breaches can happen via different ways & means such as accidental exposure of Information by error, abuse of employee privileges, stolen laptops, hacker attacks, viruses, worms, spam, phishing and other types of threats.

Before we take a look at some of the critical privacy and data protection issues, let’s pause for a moment and think: Which are the requirements that an organization tends to focus most of its resources? Is it business comes first, is it regulatory compliance or is it risk management? Is it all of these or some of these?

Let us consider a financial institution. As we all know, a financial institution faces not only greater regulation and compliance requirements in the face of the current economic climate, but also greater challenges because of the vast amounts of sensitive financial and customer data that reside on their networks. And this data is shared across different institutions connected via different networks all over the world!

Therefore, managing data protection is getting complicated each day, primarily for two reasons: firstly, scope of data protection is becoming greater due to increasing compliance/governance requirements, and secondly, demand for high and 24 x 7 availability of data is expanding rapidly. A relevant example in this context would be growing use of mobile phones as an alternative channel of delivery of banking services and operative guidelines for banks issued by RBI for mobile payments in India.

Put simply, “mobile payments” is defined as information exchange between a bank and its
customers for financial transactions through the use of mobile phones. Therefore, not only banks will need to ensure compliance with applicable Know Your Customer (KYC) and Anti Money Laundering (AML) norms but also need to put in place a robust risk management strategy and mitigation framework, as the breadth of data availability expands.

Having said that, let us understand what are key privacy and data protection issues and concerns being faced by today’s organizations. One issue could be insufficient budget and funding considerations for the business. From an operating process perspective, there is often a gap as far as incremental cost associated with privacy and data protection, security and continuity, and third-party oversight are concerned.

For instance, all incremental costs need to be considered while budgeting for automated processes with regard to launching of mobile payment services. Say, what would be the cost of implementing additional controls now that the sensitive data is going to be shared with third parties like mobile network operators (MNOs)? Another issue could be absence of up-to-date operating policies and procedures, More often than not, current and updated operating policies and procedures are not available.