In September 2008, I received one of those notices you hear about, but think will never happen to you. It was a letter from my mortgage lender to let me know that   “an employee may have sold unauthorized personal information about you to a third party”. In short, there had been a data breach at the company.

Unfortunately, my story is not unique. Millions of consumers have had their privacy compromised by the financial institutions.  The divergence between the security some companies promise on paper and what happens in fact puts a dent in consumer confidence.  Each month since I received the notice, I spend extra time reviewing each bank statement. It is not only troubling, it is inconvenient to be on high alert.

Financial services businesses under the jurisdiction of the Federal Trade Commission are subject to the provisions of the FTC’s Safeguard Rule. Under the Rule, each business is required to ensure an effective information security plan.

When I opened my account, the mortgage lender provided me with privacy statements as required by federal and California laws. However, their information security policy was only good on paper. Like a one-legged stool, it did not hold up in reality.

A financial information security plan stands a better chance of success if it incorporates the following three key elements:

1.    Risk assessment: The plan needs to identify and anticipate internal and external threats to the integrity of customer data. Financial Information security requires proactive planning for real and potential vulnerabilities. Risk assessment is an effective tool for such strategic planning.

2.    Accurate Compliance Language: The growing incidence of data breaches shows that some businesses are not honoring their stated compliance obligations. The policy document that customers receive needs to reflect accurate compliance language. However, a financial information security program based on realistic expectations stands a better chance of success than one based on pretentious legal language.

3.    Governance: Obviously, governance is a function of the size of the company. There is hardly a shortage of hierarchy and titles in large enterprises. However, the point of compliance governance is who is in charge? Financial information security is more likely to succeed with effective governance involving accountability and coordination.

The problems of identity theft and fraud make information security a big deal for everyone. Data security builds customer confidence. It is good for business. It is the law. It needs a platform of success that incorporates key elements of risk management, compliance, and governance.

Rachel Agheyisi is an economist with over 25 years of business research, writing, and corporate consulting experience. She is the Executive Director of Report Content Writer, a company that specializes in writing white papers and case studies used by IT companies for generating leads in the biotech, financial services, and health care industries. http://www.reportcontentwriter.com

Email me at rachel@reportcontentwriter.com on how I help you develop content-rich white papers and case studies.

Article Source