Post on 25-Feb-2016
description
transcript
Principle #6 – Privacy of Client Data
This presentation is made possible by the Smart Campaignwww.smartcampaign.org
2
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
3
1. Avoidance of over-indebtedness
2. Transparent and responsible pricing
3. Appropriate collections practices
4. Ethical staff behavior
5. Mechanisms for redress of grievances
6. Privacy of client data
Client Protection Principles
4
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
5
Privacy of Client Data: Principle in Practice
A financial institution achieves this principle by respecting the
privacy of client data and ensuring both the integrity and
the security of the data.
6
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
7
Privacy•Clients know how the institution will use their information.
•Confidentiality policies govern the processes, use, and distribution of client data to third parties.
•The institution ensures that client data is correct before sharing it and gives clients the opportunity to correct it.
•The institution asks for clients’ permission before sharing their data with credit bureaus or using it in marketing materials.
•A rigorous system of checks prevents the unauthorized use of client data and protects access to accounts.
•The information technology system is secure, protected by passwords, and several levels of authorized access.
•The institution offers orientation sessions that show clients how to safeguard their PIN numbers and other sensitive information.
Security
Two Components to Protecting Client Data
8
The Client Perspective: Can your clients agree with the
following? I know the institution’s policy on sharing my personal and financial information with third parties.
I have been informed that the institution will ask my permission before sharing my information with third parties, and before using my photo in any marketing materials.
I know how to keep my PIN number safe. The institution has explained to me how they keep
my data secure. The institution asked me before submitting my
information to the credit bureau (if applicable).
9
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
10
Feedback from ParticipantsHave you been in a situation where the security/privacy of your personal or financial information was compromised? How did you respond to the situation?
Is this an issue that your clients care about? If something went wrong and their personal or financial information was compromised, would it affect your business?
Have data management practices and systems evolved at your institution since you have worked there? How so?
Have you witnessed privacy or security lapses at your institution? How did your institution respond?
11
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
12
[Write your points for the presentation here:]• Points• Points• Points• Points
Lessons from Practitioners
13
Privacy of Client Data: Indicators of Good Practice
14
Privacy of Client Data: Indicators of Good Practice
15
Good Practice: Using Technology to Protect Data
One cooperative in Mexico developed a custom management information system (MIS) to store,
update, and, manage member data. A customized MIS allows the cooperative to:
Source: Caja Morelia Valladolid
• Maintain the MIS using their own staff.• Establish a clearly defined “user access hierarchy”
for staff accessing sensitive data.• Change passwords frequently.• Use an “internal hacker” whose role is to constantly
test the integrity of the system by attempting to break into the system from outside the cooperative.
16
Good Practices to Safeguard Privacy
Employees sign a confidentiality agreement at the same time as their employment contract.
Clients give written permission before the institution can use their image and/or story in marketing materials.
The institution has a periodic program for clients to update their data and incentivizes them to participate.
17
Good Practices to Ensure Security
Information about collections can only be accessed by the collections agent, branch manager, and the headquarters Collections Department.
Physical copies of client data are secured in branch locations and digital information is in a secure database.
The institution uses a power-sharing system: only the branch can change client information, while headquarters can access data from all branches.
Institutional information available on the ‘intranet’ cannot be printed or downloaded for use outside the office.
18
Good Practices from Around the World:
AUDITING PHYSICAL SECURITY• One MFI requires its Internal Audit department to
check the physical security of filing systems at headquarters, branches, and correspondent banking locations. These security audits ensure that client files are stored securely and that only authorized employees can access them.
MAINTAINING CORRECT INFORMATION• One MFI assists clients who need to correct/update
incorrect personal or financial information. This includes not only helping clients correct the MFI’s record, but also making sure that credit bureaus and government agencies have correct information about the client as well.
19
1. Client protection principles2. Principle #6 in practice3. Two components of protecting client
data4. Participant feedback5. Practitioner lessons and good practices6. Conclusion and call to action
Agenda
20
Summary:• The Smart Campaign has developed six principles of client
protection, one of which is privacy of client data.• Financial institutions satisfy this principle by respecting the
privacy of client data and ensuring it is both secure and uncompromised.
• Maintaining the privacy of client data requires implementing adequate safeguards, systems, and policies, but also informing the client about the use of their personal information and obtaining client consent before sharing it with a third party.
Conclusion
Call to action
• What “next steps” can your organization take to institutionalize and/or improve systems for maintaining the privacy and security of client data?
21
Join the Campaign and Endorse the Principles of Client
Protection
Have questions? Want more information?
Contact the Smart CampaignEmail: info@smartcampaign.org
Thank you!