Key industry trends
The Financial Services industry is undoubtedly one of the most regulated in the world, and rightly so given the highly sensitive nature of information under its control. As new technologies continue to develop and be adopted, business models and consumer behaviour changes, governing bodies are having to create new legislation to ensure minimum standards are established – this is no more apparent than when it comes to risk management and cyber threats.
The regulatory landscape is becoming increasingly complex and it is largely falling on the shoulders of IT teams to implement compliant, yet agile architectures that drive innovation whilst curbing costs.
GDPR is the regulation that has occupied headlines throughout the past couple of years, but this is just one regulation of many that FS companies need to comply with when forging IT strategies.
In the US, the California Consumer Privacy Act was signed into law in June 2018 to establish new consumer privacy rights whilst increasing liability for data breaches. The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999, is a US federal law that, under the Safeguards Rule, expects financial institutions to be able to demonstrate how consumers’ private information is protected. The New York State Department of Financial Services (NYDFS) cybersecurity regulation requires all DFS regulated entities to adopt the core requirements of the cybersecurity program through the implementation of a cybersecurity policy, designation of a CISO, periodic pen testing and vulnerability assessments as well as a string of other requirements.
And these are just some of the US laws affecting data and privacy. In the UK there is the Data Protection Act 2018, in Germany the German Privacy Act 2018, revisions were made to the French Privacy Act to comply with GDPR – the list goes on as data and privacy comes to the forefront of not only IT agendas, but organizational agendas as well.
Data privacy is of paramount importance and ensuring compliance is a priority for the InfoSec community. With an ever increasing mobile footprint, IT and Security professionals need to consider the impact of mobility on data privacy and whether they have the appropriate technologies in place to guarantee compliance.