By: Sonny Zulhuda
Contrary to the traditional belief, information is no longer a mere business processing tools. It is now the very asset that turns to become the commodity of the business itself – becoming more powerful and valuable than any other physical assets. And this is particularly obvious in financial and banking industries where the acquisition of personal data and the adoption of information technology (IT) have both transformed the banking industry as well as the associated operational risk management.
The demand to protect personal data in banking industry comes mainly from two factors. Firstly, the consumers are getting increasingly aware of their right to data privacy. The bulk of their data such as personal and family data, financial information, credit history, employment records, or legal matters are now the target of many predators who wish to acquire them for their benefit, ranging from unsolicited direct marketing, loyalty program recruitment, credit card applications, and even for malicious intent such as identity theft and fraud (or “phishing”).
Therefore, banks can no longer take it easy in their handling of customers’ personal data. A poor data management would result in the loss of credibility, reputation and consumers. At the end of the day, consumers would prefer those who are best in handling their data.
Another pressure for data protection comes from the perspective of laws and regulations. Banking regulations had firmly upheld the need to protect customers’ privacy and confidentiality. In addition, the international community has now adopted a new legal regime on personal data protection (PDP). Regional community such as European Union is particularly very firm in ensuring industrial compliance, to the extent that they make it as another trade barrier for any non-EU countries who do not have adequate PDP law. The Asia Pacific Economic Cooperation (APEC) has also pledged that the member countries should adhere to certain regulation on data protection.
In ASEAN region, Malaysia and the Philippines had led the initiatives, while it is learned that Singapore, Thailand and Indonesia are following the suit albeit in different speed and urgency. In short, it is believed that laws on personal data protection will soon reshape the business processes and will rewrite the requirements of risk management and corporate governance in the banking industry.
See: Latest incidents on personal data abuse implicating banking sector