Consent for consumer data sharing – the key to an enhanced digital financial ecosystem
Local and international legislation is putting in place stringent regulations for how consumer data is collected and handled. How should companies comply when it comes to sharing customer data, while still using this data to support efficient business and enhanced digital financial services?
Data has been described as ‘the new gold’, proving to be a priceless resource for businesses and a key to unlocking personalised services and online convenience for consumers. But as an increasingly digital market trades personal information in return for convenience, some entities have exploited consumer data – and even used it to commit wide-scale fraud. Authorised consumer consent for use of personal data has long been best practice, but new legislation is being introduced in markets across the globe to ensure enterprises comply with best practice and protect their customers.
Facebook was famously found to have sold identifying information on 87 million users to British political consulting firm Cambridge Analytica, for example, and the Marriott International hotel group suffered a breach of data relating to up to 500 million guests. In South Africa, insurance firm Liberty suffered a major data breach last year, and in 2017, real estate group Jigsaw Holdings suffered a breach that exposed over 31 million personal records.
Yet despite breaches such as these, a recent Experian study found that 70% of consumers are willing to share more data if doing so will give them more online security and convenience. While an Accenture report found most consumers will share more information with financial services companies in exchange for improved services .
It would appear that consumers expect security built in to their engagements with enterprises, with a PWC survey finding 72% feel businesses – not government – are best equipped to protect them. On the other hand, only 25% currently believe companies handle their data responsibly.
In the face of this unsatisfactory trade-off between the safeguarding of personal information and consumers’ need to part with the data to access convenience and personalised goods and services, governments have started to step in to take control of the situation. Almost in parallel, legislators across the world have started putting in place laws to protect users’ personal information, outlining how it should be gathered, stored, used and disposed of.
Confronted with the need to comply with legislation such as South Africa’s pending Protection of Personal Information (POPI) Act and the EU General Data Protection Regulation (GDPR) which came into effect last year, local organisations across industries face a major shift in how they do business, and how they collect, protect and use customers’ data. For businesses dependant on this data to develop products and services the market wants, compliance is particularly challenging. POPI not only stipulates the protection of standard sensitive data such as names, addresses, ID numbers and banking information – it also covers any data that may be used to identify a person. This includes national and ethnic origins, sexual orientation, marital status, age and physical and mental health status.
Certain digital financial service providers face an additional challenge, in relation to compliance with these regulations, in that they are required to obtain express permission to share their customers’ data. Consider the credit scoring industry, where it is vital to gather and share personal financial data to provide a service to customers. Open data sharing is also the cornerstone of Open Banking initiatives as seen in Nigeria and Europe’s Payment Services Directive 2 (PSD2). Open Banking, where banks share certain data via secure application programming interfaces (APIs), allows for the development of a range of digital financial services that can be used by customers to more easily transact, manage their finances and have full access to all their data. Secure sharing of customers’ data is critical to ensuring the success of Open Banking initiatives.
The key to adherence to new legislation for financial service institutions providing access to their customers’ data lies in the provision of authorised user consent for sharing of their data. Users must expressly consent to their data being processed, and they must do so freely in an informed and unambiguous manner.
The highly regulated, commoditised and increasingly competitive financial services market is leading moves to international data protection compliance. Myriad Connect is partnering with financial service organisations across Africa to help them to secure and authenticate transactions and obtain authorised consent for data sharing within the guidelines of legislation.
Myriad Connect’s out of band authentication service is used by financial services providers to enable a completely secure, independent channel for the authorisation of consent across any device, regardless of data connectivity. At the same time, our service provides fraud detection and prevention services to protect users in real-time. This helps solve the challenge of gaining user consent for data sharing within a secure environment. It also protects customer data and maintains trust, while delivering the data businesses need to improve customer experience.