One-Third of Financial Firms Lack Clear Plan to Address Privacy Risks : Accenture

Privacy executives should look beyond just compliance and focus on elevating the customer experience

One-third of financial services organizations lack a clear plan or the resources to address privacy risks related to customer data in the next 12 months, according to a new report by Accenture.
 
The report — “Privacy in Financial Services: Stature and Sustainability in the Information Age” — is based on a survey of 100 privacy executives in the banking, insurance and capital markets sectors in North America and Europe. It focuses on how companies should rethink how they use, store and protect customer data as recently implemented regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), give consumers explicit privacy rights.
 
According to the report, seven in 10 respondents (70%) see privacy as a key risk for their firms, increasing the need for a clear privacy strategy. Noting that nearly three-quarters (72%) of respondents’ companies use consent to tailor customer-facing products and services, the report suggests that financial services firms incorporate privacy into the overall customer journey by giving customers more control over their data and deleting personal information upon request.
 
“Given the renewed regulatory focus and threat of significant financial fines, it’s not surprising that financial services firms are making privacy a top priority,” said Ben Shorten, a managing director in Accenture’s Strategy & Consulting group. “But these institutions should think beyond the compliance risks and consider the broader opportunity to elevate the customer experience around privacy. Consumers are willing to share information if there’s value in it for them, whether personalized offers, better services or more competitive pricing. Firms that understand how customers perceive and value data privacy have a clear opportunity to differentiate themselves.” 

When asked which privacy risks will require the most effort to remediate over the next year, respondents most often cited privacy risk monitoring (51%), the accuracy and maintenance of records processing/ information asset registers (44%), and records management and data retention/deletion (41%).
 
These risks are heightened by the “right to erasure” requests under GDPR and CCPA, which empower consumers to ask companies to delete their personal data upon request, making proper records management critical. One way that firms can achieve this, according to the report, is by using automated tools to aid with data discovery.
 
The report notes that while three-fourths (76%) of respondents plan to increase their privacy investments over the next year, companies without a clear privacy strategy could fail to reap the expected value from these investments — while those that create clear strategies and infuse a culture of privacy awareness across their organizations will differentiate themselves and build consumer trust.
 
In addition, as firms increasingly focus on demonstrating ethical and responsible use of data in their artificial intelligence and machine-learning algorithms, a new class of privacy risks related to data ethics could emerge. This presents another opportunity for firms to build consumer trust by providing greater transparency around automated decisioning models and introducing ethical guide rails for the use of personal data.