The EU's General Data Protection Regulation (GDPR) has seen data protection driven up on the agenda at banks and insurance providers. Data privacy regulation has moved from a reactive to a proactive emphasis. “Businesses are now scrambling to put in processes and technology so they can care for any personal identifiable information appropriately, and be seen as taking data security seriously or risk punitive punishment. The impacts of GDPR are felt not only by banks and other financial services companies, but also by the broader ecosystem that encompasses third-party vendors and partners who will also feel the impact of the regulation.
As a CISO, my challenge has been to reduce the number of alerts by filtering out the noise generated by a myriad of data sources. I have to balance the latest "good idea" checklists and frameworks with the budget and staff that I have already. As an Information Security expert, I have discovered that it is costly both financially and organizationally in staff morale to constantly having to conduct "Ghostbuster" missions that end like bad comedy through chasing ghosts in a machine that alerts us constantly and points us to a dead end.
PRIVACY BY DESIGN:
Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process and may have been derived from this.
Given recent events in the Market, embedding a design based approach to privacy is prudent: