Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Partner Conferences
  • Newsletter
  • Subscribe
  • News
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Cloud

    Cyber Security

    DevOps

    Drone

    HPC

    Internet of Things

    IT Services

    Networking

    QA and Testing

    Robotics

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Web Development

    Wireless

  • Automotive

    Banking

    Compliance

    Construction

    E-Commerce

    Education

    FinTech

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Pharma and Life Science

    Retail

    Sports

    Travel and Hospitality

  • IBM

    Intel

    Microsoft

    Oracle

    Salesforce

    SAP

  • Business Process Management

    CEM

    Cognitive

    Collaboration

    Contact Center

    Corporate Finance

    Data Center

    Enterprise Asset Management

    Enterprise Performance Management

    ERP

    Field Service

    Fleet Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    PLM

    Procurement

    Project Management

Menu
    • Compliance
    • Agile
    • Banking
    • SAP
    • Cloud
    • Cognitive
    • Contact Center
    • Cyber Security
    • Sports
    • Procurement
    • Corporate Finance
    • Gov and Public
    • Healthcare
    • HR Technology
    • Media and Entertainment
    • Managed Services
    • Manufacturing
    • Construction
    • Logistics
    • Oracle
    • Wireless
    • Retail
    More
    Sports Procurement Corporate Finance Gov and Public Healthcare HR Technology Media and Entertainment Managed Services Manufacturing Construction Logistics Oracle Wireless Retail
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Security and Compliance-focused IT Approach-key for Business Success

    Daniel Hughes, CIO, Elementis Global

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    How GDPR can open opportunities for APAC businesses

    Royce Teoh, Head of Digital Solutions, ASEAN, Oracle Asia-Pacific

    right

    Customer Data: The New Compliance Frontier

    By Jamie Kelly, Chief Compliance Officer, Westpac

    Tweet
    content-image

    Jamie Kelly, Chief Compliance Officer, Westpac

    IT Compliance Trends

    In financial services two areas are evolving extremely rapidly—IT/data and regulatory compliance.

    Technology developments such as the digitization of payments systems, FinTech, blockchain, cryptocurrency, the cloud and open data continue to challenge business models, and the ingenuity and resilience of CIOs to support their business to execute transformation strategies.

    In the world of regulatory change, customer, community and regulator expectations are evolving. Regulatory reform is complex and pervasive, and the need to manage ethical and conduct considerations is demanding new levels of capability and professionalism from the CCO, CIO and their teams.

    The intersection of these two areas is fascinating, fast paced and strategically important.

    Customer Data Compliance Trends

    Three IT/data compliance trends concerning customer data require our sharp focus:

    1. Data privacy.

    2. Data security and cybersecurity.

    3. Consumer Data Rights (including the trend to open data).

    Underpinning all three developments is a common purpose—the idea that customers should:

    • Have open access to their personal data (e.g. Consumer Data Right and open data).

    • Have more control over how their personal data is being used or disclosed (e.g. GDPR through the enhanced consent regime).

    • Have some comfort that their personal data will be protected and stored appropriately and commensurate to its sensitivity (e.g. GDPR, cybersecurity regulations, HKMA Cybersecurity Fortification Initiative, APRA’s draft prudential standard on Information Security Management).

    • Be able to access their personal data and the data they have provided to the organization (e.g. Consumer Data Right and open data), and

    • Be informed if their personal data has been compromised if there is a likely risk of serious harm (e.g. Mandatory Breach Notification pursuant to the Privacy Act) or if there is a high risk to the rights and freedoms of natural persons (e.g. GDPR).

    1. Data Privacy

    The approach to data privacy has historically varied significantly between geographies. In the past, the EU and EEA have led the way, while other jurisdictions such as the US have applied less regulation. However, in response to community concern around the collection, use, and storage of personal information, we are seeing jurisdictions implement more privacy regulation to provide individuals with the necessary protection. The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties.

    In Australia, a significant amendment to privacy laws came into effect on 22 February 2018. Reporting entities under the Privacy Act moved from a voluntary to a mandatory data breach notification regime, with associated personnel and organizational fines for non-compliance. This signals a trend towards greater attention and enforcement of privacy rights.

    The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties

    Separately, the new EU General Data Protection Regime (GDPR) aims to provide uniform data protection regulation for individuals located in the EU when it comes into operation on 25 May 2018 (and extends to businesses outside the EU via its extraterritorial provisions). The extra-territorial nature of the regulation makes its implementation complex and penalties for non-compliance are significant.

    2. Data Security and cybersecurity

    In conjunction with more assertive data protection authorities, we are seeing increasing focus from governments and regulators on cybersecurity. In Australia, APRA recently released a draft prudential standard on Information Security Management (CPS 234). Globally, the HKMA Cybersecurity Fortification Initiative and the recent creation of the Singaporean based Financial Services Information Sharing and Analysis Centre (FS-ISAC) endeavour to facilitate the timely sharing of cyber threat information and enable a rapid and coordinated response to emerging cyber threats.

    For organizations operating in, or connected with, more than one jurisdiction, there is a need to ensure compliance with a number of different jurisdictional approaches to cybersecurity law and regulation. This can present challenges:

    • Volume and complexity;

    • Extraterritorial application;

    • Contradictory/overlapping requirements; and

    • Implementation challenges across complex (and often legacy) IT environments.

    3. Consumer Data Right (including Open Data)

    Against the backdrop of increased protection and security required for customer data, governments have—somewhat paradoxically—turned their attention to comprehensive customer data access, sharing and portability rights.

    The Australian Government’s announcement that it will introduce a Consumer Data Right (“CDR”) is one example. Banking will be the first sector to be designated under this new requirement followed by the telecommunications and utility sectors.

    Open banking envisages customers securely sharing their customer data with other financial service entities who can use the data to offer alternatives (including Fintechs and non-banks). To this end, CDR will give third parties access to banking product data and transaction data that the customer requires:

    ‘By giving customers greater access to and control over their banking data, Open Banking has the potential to transform the way in which customers use and benefit from the banking system.’

    Separately, the Australian government has announced a mandatory comprehensive credit reporting regime, to give lenders access to a deeper, richer set of data to better assess a borrower’s true credit position.

    Hong Kong and Singapore are proposing similar open banking regimes, and the EU is currently implementing Payments Service Directive 2 (PDS2).

    Developments around consumer data rights will transform the way that data is used and accessed and will necessitate a fundamental change to the way APAC governments, businesses and individuals handle data.

    Positioning for Success

    Data, cyber and privacy regulation will continue to evolve. Organizations that can effectively navigate these changes will have a significant competitive advantage. Success in solving the puzzle will vary for each organization, but there are three core themes:

    • A compliant by design approach to new products and services, systems and third party relationships will position organizations strongly for both regulatory compliance and good customer outcomes.

    • Building strong and trusted alliances between Compliance and Technology, Data Custodians, and other functions such as Legal, Operational Risk and Operations:

    • Upskilling the Compliance function in two additional skill sets:

    • Chief Privacy Officer capability-to set standards around privacy and the ethical use of data, provide advice and expertise and monitor compliance; and

    • Capability to support the broad-based but specialist needs of the Technology, Data and Operations functions. This includes having regulatory compliance expertise in cybersecurity, outsourcing, the use of the cloud, and new prudential regulatory standards and guidance.

    Read Also

    How GDPR can open opportunities for APAC businesses

    How GDPR can open opportunities for APAC businesses
    Keeping Pace with Technology

    Keeping Pace with Technology
    Adventures In Sourcing Compliance And Risk Systems

    Adventures In Sourcing Compliance And Risk Systems
    Compliance in a New Era - an Agri- Commodity Perspective

    Compliance in a New Era - an Agri- Commodity Perspective
    Top 25 Compliance Solution Providers - 2018

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    Compliance Special

    Copyright © 2019 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy  |  Sitemap

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/customer-data-the-new-compliance-frontier-nwid-5086.html