APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Compliance
    • Software Testing
    • Procurement
    • Managed Services
    • Cyber Security
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Compliance
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    The Hard Case For Investing In Compliance

    Alexander Maclean, Global Head Of Regulatory Compliance / Chief Compliance Officer, Aegon [Ams: Agn]

    Compliance , Regulatory Affairs, Contract Management

    Charles Hammersla, Head Of Facilities Management – Nab, Cushman & Wakefield [Nyse: Cwk]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    Andreas Uremovic, Managing Director, Global Head Investment Portfolio Compliance, Allianz Global Investors [Fra: Alv]

    right

    Customer Data: The New Compliance Frontier

    Jamie Kelly, Chief Compliance Officer, Westpac

    Tweet
    content-image

    Jamie Kelly, Chief Compliance Officer, Westpac

    IT Compliance Trends

    In financial services two areas are evolving extremely rapidly—IT/data and regulatory compliance.

    Technology developments such as the digitization of payments systems, FinTech, blockchain, cryptocurrency, the cloud and open data continue to challenge business models, and the ingenuity and resilience of CIOs to support their business to execute transformation strategies.

    In the world of regulatory change, customer, community and regulator expectations are evolving. Regulatory reform is complex and pervasive, and the need to manage ethical and conduct considerations is demanding new levels of capability and professionalism from the CCO, CIO and their teams.

    The intersection of these two areas is fascinating, fast paced and strategically important.

    Customer Data Compliance Trends

    Three IT/data compliance trends concerning customer data require our sharp focus:

    1. Data privacy.

    2. Data security and cybersecurity.

    3. Consumer Data Rights (including the trend to open data).

    Underpinning all three developments is a common purpose—the idea that customers should:

    • Have open access to their personal data (e.g. Consumer Data Right and open data).

    • Have more control over how their personal data is being used or disclosed (e.g. GDPR through the enhanced consent regime).

    • Have some comfort that their personal data will be protected and stored appropriately and commensurate to its sensitivity (e.g. GDPR, cybersecurity regulations, HKMA Cybersecurity Fortification Initiative, APRA’s draft prudential standard on Information Security Management).

    • Be able to access their personal data and the data they have provided to the organization (e.g. Consumer Data Right and open data), and

    • Be informed if their personal data has been compromised if there is a likely risk of serious harm (e.g. Mandatory Breach Notification pursuant to the Privacy Act) or if there is a high risk to the rights and freedoms of natural persons (e.g. GDPR).

    1. Data Privacy

    The approach to data privacy has historically varied significantly between geographies. In the past, the EU and EEA have led the way, while other jurisdictions such as the US have applied less regulation. However, in response to community concern around the collection, use, and storage of personal information, we are seeing jurisdictions implement more privacy regulation to provide individuals with the necessary protection. The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties.

    In Australia, a significant amendment to privacy laws came into effect on 22 February 2018. Reporting entities under the Privacy Act moved from a voluntary to a mandatory data breach notification regime, with associated personnel and organizational fines for non-compliance. This signals a trend towards greater attention and enforcement of privacy rights.

    The focus on protecting personal information has been driven by an increased awareness of the huge volumes of personal data being created and stored with third parties

    Separately, the new EU General Data Protection Regime (GDPR) aims to provide uniform data protection regulation for individuals located in the EU when it comes into operation on 25 May 2018 (and extends to businesses outside the EU via its extraterritorial provisions). The extra-territorial nature of the regulation makes its implementation complex and penalties for non-compliance are significant.

    2. Data Security and cybersecurity

    In conjunction with more assertive data protection authorities, we are seeing increasing focus from governments and regulators on cybersecurity. In Australia, APRA recently released a draft prudential standard on Information Security Management (CPS 234). Globally, the HKMA Cybersecurity Fortification Initiative and the recent creation of the Singaporean based Financial Services Information Sharing and Analysis Centre (FS-ISAC) endeavour to facilitate the timely sharing of cyber threat information and enable a rapid and coordinated response to emerging cyber threats.

    For organizations operating in, or connected with, more than one jurisdiction, there is a need to ensure compliance with a number of different jurisdictional approaches to cybersecurity law and regulation. This can present challenges:

    • Volume and complexity;

    • Extraterritorial application;

    • Contradictory/overlapping requirements; and

    • Implementation challenges across complex (and often legacy) IT environments.

    3. Consumer Data Right (including Open Data)

    Against the backdrop of increased protection and security required for customer data, governments have—somewhat paradoxically—turned their attention to comprehensive customer data access, sharing and portability rights.

    The Australian Government’s announcement that it will introduce a Consumer Data Right (“CDR”) is one example. Banking will be the first sector to be designated under this new requirement followed by the telecommunications and utility sectors.

    Open banking envisages customers securely sharing their customer data with other financial service entities who can use the data to offer alternatives (including Fintechs and non-banks). To this end, CDR will give third parties access to banking product data and transaction data that the customer requires:

    ‘By giving customers greater access to and control over their banking data, Open Banking has the potential to transform the way in which customers use and benefit from the banking system.’

    Separately, the Australian government has announced a mandatory comprehensive credit reporting regime, to give lenders access to a deeper, richer set of data to better assess a borrower’s true credit position.

    Hong Kong and Singapore are proposing similar open banking regimes, and the EU is currently implementing Payments Service Directive 2 (PDS2).

    Developments around consumer data rights will transform the way that data is used and accessed and will necessitate a fundamental change to the way APAC governments, businesses and individuals handle data.

    Positioning for Success

    Data, cyber and privacy regulation will continue to evolve. Organizations that can effectively navigate these changes will have a significant competitive advantage. Success in solving the puzzle will vary for each organization, but there are three core themes:

    • A compliant by design approach to new products and services, systems and third party relationships will position organizations strongly for both regulatory compliance and good customer outcomes.

    • Building strong and trusted alliances between Compliance and Technology, Data Custodians, and other functions such as Legal, Operational Risk and Operations:

    • Upskilling the Compliance function in two additional skill sets:

    • Chief Privacy Officer capability-to set standards around privacy and the ethical use of data, provide advice and expertise and monitor compliance; and

    • Capability to support the broad-based but specialist needs of the Technology, Data and Operations functions. This includes having regulatory compliance expertise in cybersecurity, outsourcing, the use of the cloud, and new prudential regulatory standards and guidance.
    tag

    Financial

    Information Security

    Data Security

    Cyber Threats

    Weekly Brief

    loading
    Top 10 Compliance Solutions Companies - 2022

    Featured Vendors

    MasterSAM

    Sanjeev Dhar, MD

    entity solutions

    Matthew Franceschini, CEO & Co-founder

    ON THE DECK

    Compliance 2022

    Top Vendors

    Compliance 2021

    Top Vendors

    Compliance 2020

    Top Vendors

    Compliance 2019

    Top Vendors

    Compliance 2018

    Top Vendors

    Compliance 2017

    Top Vendors

    Compliance 2016

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Deliver Resiliency with Managed Services

    Deliver Resiliency with Managed Services

    Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, CIO and Director, BT
    How to align Supply Chain with Corporate Strategy

    How to align Supply Chain with Corporate Strategy

    Chanaka Rathnayake, Senior Production Manager (Packaging) at The HEINEKEN Company
    A dose of our own medicine

    A dose of our own medicine

    SABINA JANSTROM, IT DIRECTOR, DYNO NOBEL
    Insider Threat

    Insider Threat

    AI is America's best weapon for disrupting health inequities

    AI is America's best weapon for disrupting health inequities

    Michael Dowling, President & Ceo, Northwell Health and Tom Manning, Chairman, Ascertain
    Combating IoT Challenges with Smart Choices

    Combating IoT Challenges with Smart Choices

    Sandeep Babbar, Head Of Technology Innovation, Gwa Group Limited
    Artificial Intelligence regulations and its impact on medical devices

    Artificial Intelligence regulations and its impact on medical devices

    Leo Hovestadt, Director Quality Assurance Elekta
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/customer-data-the-new-compliance-frontier-nwid-5086.html