In 2017, credit monitoring company Equifax was hit by a devastating data breach that enabled hackers to steal the social security numbers of about 143 million Americans, which reminded companies of how vulnerable they are to data breaches at any given time. With more damaging cyberattacks taking place all over the globe within the last few years, many customers have now stood up and called for more control over their data.
In response, California has become one of the first US states to pass a privacy law known as the California Consumer Privacy Act (CCPA).Similar laws are underway in nearly half of the states, and there are even federal-level efforts to tighten the privacy compliance. CCPA will go into effect on January 1, 2020 and will affect companies that fall into at least one of the groups outlined below:
- 50% of their annual revenue is generated through selling the personal information of consumers across a variety of channels
- They hold the personal information of more than 50,000 consumers, households, or devices
- They bring in more than $25 million gross annual revenue.
If your organization falls under one of these descriptions, and you don’t comply with this law by the beginning of next year, you will risk incurring fines from the Californian state government that range from $2,500–$7,500 per incident. In addition, you may be left open to possible legal action from angry consumers.
Financial penalties and legal action aside, why is data protection important, and what are its benefits for the banking sector?
According to the Capgemini Research Institute’s (CRI) “Seizing the GDPR advantage” report, consumers prefer doing business with organizations that enforce data security than those that do not. Thirty-nine percent of consumers who took part in the survey said they would purchase more products from companies that protect their data, while over 70% of respondents said they would stop dealing with a business if they discovered that business lacked adequate privacy protection procedures.
This is why banks need to strengthen their data security processes and protect their customers’ privacy in addition to data privacy regulation laws such as CCPA. These laws empower customers to control their personal information. At the same time, complying with these laws helps banks grow their brand and increase customer trust and loyalty – if you have the proper data protection tools and methodologies in place. Of course, balancing security with accessibility is extremely difficult, but it has tangible business benefits in the long run.
Europe has already crossed this bridge, both within and outside the financial sector, after the General Data Protection Regulation (GDPR) went into effect in 2018. This was a bridge that proved stable and easy to cross and made increasing customer loyalty and trust much simpler than banks originally thought.
As a response to the evolving nature of data privacy regulation, Capgemini has introduced an easy-to-follow approach that determines the state of compliance within your organization. Based on this outcome, we will support you in creating a strategic roadmap with a variety of milestones in your CCPA compliance journey.
With the CCPA enforcement date fast approaching, Capgemini recommends a phased approach to compliance. Banks that already have a privacy framework that was implemented for other regulations may find it easier to comply with the CCPA, which is very similar to the GDPR. But even for those firms that don’t have a framework in place, Capgemini has found that most have completed an initial Privacy Impact Assessment. With that in mind, these are the next steps to take to achieve CCPA compliance:
- Create a roadmap and remediation plan. This includes identifying a workable MVP that will ensure basic compliance, establish workstreams and onboarding teams, and adjust cost and effort estimates.
- Implement compliance solutions that use a combination of automation and other technologies to address data security gaps and system vulnerabilities, provide for consent and individual rights management, deliver anonymized data for marketing and analytics, and safeguard structured and unstructured data. Companies must also update service-level agreements with third parties.
These steps will enable your organization to respond to customer requests quickly, and give you the ability to track and manage requests effectively. In addition, they also enable you to begin building an audit trail for regulatory compliance before your organization is overwhelmed with data requests.
Once you have a working, basic framework, you should also consider investing further into this process in order to design an end-to-end automation framework that can replace any manual processes that you know will hamper your compliance efforts going forward. This will add more agility and responsiveness to your overall privacy framework, ensuring it can keep pace with consumer demands well into the future.
So now you know what CCPA is, and how you can quickly comply by leveraging our tried-and-tested phased approach, but remember, you need to have a robust privacy framework that is capable of becoming compliant at speed with any future data privacy laws that may materialize on the horizon> This is especially true if you are a multinational bank.
The GDPR and the CCPA are just the first in a long line of privacy laws, which includes multiple US state- and federal-level privacy laws, in addition to new laws being proposed in multiple countries such as Canada, India ,Brazil, and Japan.
This means that, to save time and money in the long run, data privacy should be at the forefront of your banks business strategy.
There’s still a lot to do in this area, and more changes are definitely on the way, but following the steps outlined in this blog, will soon see your organization basking in the benefits of expanding customer trust and loyalty. To know more reach out to me on LinkedIn or Twitter.