Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Whitepapers
  • Partner Conferences
  • News
  • Subscribe
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Business Intelligence

    Business Process Management

    CEM

    Cloud

    Collaboration

    CRM

    Cyber Security

    Data Center

    Digital Technology

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    Enterprise Security

    ERP

    Gamification

    Geographical Information System

    HPC

    HR Technology

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    PLM

    POS

    Project Management

    QA and Testing

    Risk Management

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Workflow

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Fleet Management

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Managed Services

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Payments

    Pharma and Life Science

    Procurement

    Retail

    Sales and Marketing

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Corporate Finance

    Google

    HP

    IBM

    Intel

    IT Service Management

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

Menu
    • Compliance
    • IBM
    • Amazon
    • ERP
    • Project Management
    • Big Data
    • Data Center
    • FinTech
    • Compliance
    • Unified Communication
    • Simulation
    • SAP
    • Utilities
    • Education
    • Sports
    • Salesforce
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Customer Data: The New Compliance Frontier

    By Jamie Kelly, Chief Compliance Officer, Westpac

    content-image

    Jamie Kelly, Chief Compliance Officer, Westpac

    IT Compliance Trends

    In financial services two areas are evolving extremely rapidly—IT/data and regulatory compliance.

    Technology developments such as the digitization of payments systems, FinTech, blockchain, cryptocurrency, the cloud and open data continue to challenge business models, and the ingenuity and resilience of CIOs to support their business to execute transformation strategies.

    In the world of regulatory change, customer, community and regulator expectations are evolving. Regulatory reform is complex and pervasive, and the need to manage ethical and conduct considerations is demanding new levels of capability and professionalism from the CCO, CIO and their teams.

    The intersection of these two areas is fascinating, fast paced and strategically important.

    Customer Data Compliance Trends

    Three IT/data compliance trends concerning customer data require our sharp focus:

    1. Data privacy.

    2. Data security and cybersecurity.

    3. Consumer Data Rights (including the trend to open data).

    Underpinning all three developments is a common purpose—the idea that customers should:

    • Have open access to their personal data (e.g. Consumer Data Right and open data).

    • Have more control over how their personal data is being used or disclosed (e.g. GDPR through the enhanced consent regime).

    • Have some comfort that their personal data will be protected and stored appropriately and commensurate to its sensitivity (e.g. GDPR, cybersecurity regulations, HKMA Cybersecurity Fortification Initiative, APRA’s draft prudential standard on Information Security Management).

    • Be able to access their personal data and the data they have provided to the organization (e.g. Consumer Data Right and open data), and

    • Be informed if their personal data has been compromised if there is a likely risk of serious harm (e.g. Mandatory Breach Notification pursuant to the Privacy Act) or if there is a high risk to the rights and freedoms of natural persons (e.g. GDPR).

    1. Data Privacy

    The approach to data privacy has historically varied significantly between geographies. In the past, the EU and EEA have led the way, while other jurisdictions such as the US have applied less regulation. However, in response to community concern around the collection, use, and storage of personal information, we are seeing jurisdictions implement more privacy regulation to provide individuals with the necessary protection. The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties.

    In Australia, a significant amendment to privacy laws came into effect on 22 February 2018. Reporting entities under the Privacy Act moved from a voluntary to a mandatory data breach notification regime, with associated personnel and organizational fines for non-compliance. This signals a trend towards greater attention and enforcement of privacy rights.

    The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties

    Separately, the new EU General Data Protection Regime (GDPR) aims to provide uniform data protection regulation for individuals located in the EU when it comes into operation on 25 May 2018 (and extends to businesses outside the EU via its extraterritorial provisions). The extra-territorial nature of the regulation makes its implementation complex and penalties for non-compliance are significant.

    2. Data Security and cybersecurity

    In conjunction with more assertive data protection authorities, we are seeing increasing focus from governments and regulators on cybersecurity. In Australia, APRA recently released a draft prudential standard on Information Security Management (CPS 234). Globally, the HKMA Cybersecurity Fortification Initiative and the recent creation of the Singaporean based Financial Services Information Sharing and Analysis Centre (FS-ISAC) endeavour to facilitate the timely sharing of cyber threat information and enable a rapid and coordinated response to emerging cyber threats.

    For organizations operating in, or connected with, more than one jurisdiction, there is a need to ensure compliance with a number of different jurisdictional approaches to cybersecurity law and regulation. This can present challenges:

    • Volume and complexity;

    • Extraterritorial application;

    • Contradictory/overlapping requirements; and

    • Implementation challenges across complex (and often legacy) IT environments.

    3. Consumer Data Right (including Open Data)

    Against the backdrop of increased protection and security required for customer data, governments have—somewhat paradoxically—turned their attention to comprehensive customer data access, sharing and portability rights.

    The Australian Government’s announcement that it will introduce a Consumer Data Right (“CDR”) is one example. Banking will be the first sector to be designated under this new requirement followed by the telecommunications and utility sectors.

    Open banking envisages customers securely sharing their customer data with other financial service entities who can use the data to offer alternatives (including Fintechs and non-banks). To this end, CDR will give third parties access to banking product data and transaction data that the customer requires:

    ‘By giving customers greater access to and control over their banking data, Open Banking has the potential to transform the way in which customers use and benefit from the banking system.’

    Separately, the Australian government has announced a mandatory comprehensive credit reporting regime, to give lenders access to a deeper, richer set of data to better assess a borrower’s true credit position.

    Hong Kong and Singapore are proposing similar open banking regimes, and the EU is currently implementing Payments Service Directive 2 (PDS2).

    Developments around consumer data rights will transform the way that data is used and accessed and will necessitate a fundamental change to the way APAC governments, businesses and individuals handle data.

    Positioning for Success

    Data, cyber and privacy regulation will continue to evolve. Organizations that can effectively navigate these changes will have a significant competitive advantage. Success in solving the puzzle will vary for each organization, but there are three core themes:

    • A compliant by design approach to new products and services, systems and third party relationships will position organizations strongly for both regulatory compliance and good customer outcomes.

    • Building strong and trusted alliances between Compliance and Technology, Data Custodians, and other functions such as Legal, Operational Risk and Operations:

    • Upskilling the Compliance function in two additional skill sets:

    • Chief Privacy Officer capability-to set standards around privacy and the ethical use of data, provide advice and expertise and monitor compliance; and

    • Capability to support the broad-based but specialist needs of the Technology, Data and Operations functions. This includes having regulatory compliance expertise in cybersecurity, outsourcing, the use of the cloud, and new prudential regulatory standards and guidance.
    Top 25 Compliance Solution Providers - 2018

    Top 25 Compliance Solution Providers - 2018

     Top 25 Compliance Solution Providers - 2017

    Top 25 Compliance Solution Providers - 2017

     25 Most Promising Compliance Solution Providers

    25 Most Promising Compliance Solution Providers

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/customer-data-the-new-compliance-frontier-nwid-5086.html