In modern practice, data is rarely stationary. This is especially relevant in the financial services (FS) industry, where data is leveraged in order to understand trends and derive market insights. But where exactly is this data coming from, and where is it going? Immuta uncovers this and more in its latest whitepaper.
Imagine this; you go to checkout at a supermarket by tapping or inserting your bank card to complete the transaction. You then learn that your local supermarket has begun collecting customer data for operational purposes, to help the store better control stock and orders so that your favourite items will always be available when you need them. At this level, there is a clear understanding of who collects and owns this personal data, and how it will be used.
But, imagine this data is then repurposed for analysis. Maybe the corporation that owns this supermarket chain wants to analyse customer data on a larger scale to influence higher-level decisions. This means that your transaction data from that visit might be changing hands to a different data owner, at the corporate level. With access to data from a number of locations, this owner might not have as much awareness or control over where and how this data is accessed.
Without the right controls in place, managing data throughout its lifecycle can become convoluted and prone to risk.
As this personal data is analysed by other corporate stakeholders, it is transformed into a variety of data products. Each new data product created gives this data another home, with another owner, far removed from the initial data set. At this point, it could even find itself in a data marketplace, being sold or exchanged with third parties for their own analytical purposes.
As the data gets further from its source, who is responsible for what it is being used for? Is it the bank who holds the data of that person on their card, or the supermarket who is collecting the data and sharing it?
This is the typical cause of one of the greatest challenges we face today; the repurposing of data beyond its original use. This issue is not just affecting retailers, but also financial services.
Without the right controls in place, managing data throughout its lifecycle can become convoluted and prone to risk. For instance the global Payment Card Industry Data Security Standard (PCI DSS) is applicable to merchants accepting or processing payment cards. The policy is designed to better protect customer data by providing clear guidance for merchants, along with the requirement to comply with a specific set of security requirements.
However, with 12 complex requirements and over 200 sub-requirements, ensuring PCI-DSS compliance is no easy task.
Unless data owners and access permissions are clearly defined, no one will be accountable for how the data is used. Therefore, your personal transaction data could very easily become fair game for any number of uses, far removed from its original intention.
Situations like these occur far too often. Data security is a grey area for many organisations, which highlights the necessity of maintaining data security at each stage of its lifecycle. Financial services organisations must take the initiative to build access controls and clear rules into their data strategies.
This will allow organisations to effectively unlock new use cases and repurpose data for business-driving initiatives without violating compliance regulations or – most importantly – customer trust.
In its latest whitepaper, The Ultimate Guide to Data Security for Financial Services, Immuta, the cloud data access control organisation providing data engineering and operations teams one universal platform to control access to analytical data sets in the cloud, highlights the balance financial services firms must strike between deriving value and avoiding risk with sensitive data use.
To learn more about this and more, check out Immuta’s Ultimate Guide to Data Security for Financial Services here.