When looking at the website of different asset management companies, there may be a sense or veneer of a secure institution that can safely service their clients It is also likely they may have secure offices in business parks or office towers around the world but in today’s world this is just the start of effective security. By not having sound data security and data privacy practices in place asset managers may be exposing their firms and their clients to some significant vulnerabilities.
Digital networks are a key enabler in the globalization of business as they enhance our ability to communicate, share and store information, and connect with business associates and clients. New technologies bring new capabilities and with new capabilities an increased risk of uncontrolled data disclosure. In today’s blog post we wanted to highlight some data privacy and data security considerations for firms to most effectively embrace if they are going to insulate themselves from modern-day cyber risks.
This is one of the areas of growing concern in recent years (and rightfully so) as cyber attacks are being more sophisticated and more lethal in their impact. We can even see this with the recent discussion related to cyber attacks and the potential hacking / swaying of the US presidential election. When we start to consider global cross-border transfers of personal data, it is critical to protect the confidentiality, integrity and availability of business and personal information. With this increased focus on consumer data security we thought it would be important to spend some time on data privacy and security, especially for asset managers.
This is a very important consideration especially for those with global or multinational business operations. Firstly, there are the privacy laws that need to be considered, across different jurisdictions where business is transacted. It is important to respect the varied laws in different jurisdictions, to not find yourself in a major predicament of breaching privacy laws and to better understand where data actually lives.
Another important aspect to consider is the security of the data, and how secure is it? With servers that are not secure there will be an increased risk of data and identify theft.
This is an aspect that is challenging with the numerous data systems and integration points. It is important to have a technology team that is reliable, knowledgeable and able to continually combat cyber threats that have been encountered.
We see that there are many asset managers who proudly describe their data policy on their website, but it isn’t always completely clear what stands behind it. This is such an important topic in today’s business world, that there will need to be far more confidence in a website.
Having a sound data security strategy as well as a data governance policy in place are two important steps in keeping current with the laws and changing regulations and the impact on data privacy. There are some key ways that an organization can develop a data strategy that include having appropriate policies, standards, guidelines and program management in place to ensure it is robust and current.
The industry has always been regulated, but not as heavily as it is now. So the need for regulatory compliance in its fullest capacity is relatively new to asset managers. We can see the importance of keeping current in one example if we are to look at the upcoming General Data Protection Regulation. These new rules in 2018 will harmonize data protection laws across the European Union with fines of up to 4% of global turnover for non-compliance. This is an important example of how there needs to be someone within the organization to oversee the data requirements, and ensure they are adhered to on an ongoing basis.
One final consideration is in assuring that partnerships with third-party vendors have data policies in place that are consistent with an organization’s own policies, practices and controls to confirm your data is managed properly and securely, in accordance with legal and regulatory requirements. The chain is only as strong as the weakest link, so your business partners must exercise the same discretion that your firm would.
Data security and data privacy are highly important considerations in today’s world. These are some steps we have identified in working with our clients that an organization should consider in their business practices, but we are also interested in hearing what you are doing at your organization to ensure a strong data privacy framework is in place.
Also, if you’d like to read more about this topic and have future articles delivered conveniently to your inbox, please sign up for our newsletter.