This document discusses managing IT security and data privacy to enhance the customer experience. It notes that customers now expect a better relationship with brands, and that social media data has become a new currency for engagement. It outlines the types of personal data available on social media sites and discusses the need for financial organizations to implement data protection, privacy regulations, and risk standards to securely manage this data. Key challenges include the lack of integrated policies and monitoring across most financial organizations regarding social media data security and use. The document argues that new security solutions and architectures are required that incorporate security from the start to address these challenges and regulatory requirements while still enabling improved customer engagement.

1. Managing IT Security and Data
Privacy Security to Enhance the
Client Experience
Ovum Financial Services Technology
Forum
25th June 2013
Alpesh Doshi
Fintricity

2. A CHANGE IN CUSTOMER
RELATIONSHIPS
Most B2C
Brands Use
Social Media
Engagement is
now part of the
FABRIC
Customers want a
better relationship
with their BRANDS

3. SOCIAL DATA IS A NEW
CURRENCY OF ENGAGEMENT
We generate
vast amounts
of DATA
On the web and
Social sites
Data on our likes,
activities, friends,
views/opinions
Social Data is now a currency that can be used to
build one-to-one relationships with customers.
Carefully harvesting, analysing and leveraging
social media data, banks may be able to gain
valuable insight into customer investment patterns,
market trends and value propositions.

5. WHAT KIND OF DATA IS
AVAILABLE?

6. WHAT KIND OF DATA IS
AVAILABLE?
Demographics
Age, Gender,
Geography, HHI,
Level of
Education, List
of friends,
Friends of
Friends
Interests
Profile-Based,
Contextual,
Demonstrated,
Undeclared
Actions
Creating, Rating,
Sending, Sharing,
Uploading, Watching,
and more
Interaction
How people interact
with content and ads:
Clicks, time spent,
interactions, videos
completed
Recency and
Frequency
How often and
when people
express interests
or actions
Sentiment and
Exposure
What people say,
what they read, and
when and how they
say and read it

7. SECURITY STRATEGY FOR
PERSONAL DATA
Data Protection and
Data Privacy regulations
must be implemented
Information Risk
Standards – ISO 27001
Regulatory and FCA/PRA
Requirements

8. SECURITY STRATEGY FOR
PERSONAL DATA
DATA PROTECTION
• Personal data must be processed fairly
and lawfully
• Obtained for only one or more specified
lawful purpose
• Adequate, relevant and not excessive
• Accurate and kept up to date
• Not be kept for longer than is necessary
• Processed in accordance with data
subjects’ rights
• Appropriate technical and organisational
measures
• No transfer outside the EEA unless
adequate protection
RISK MANAGEMENT
• Brand Reputation and loss of credibility can
be catastrophic for a financial services
organisation
• Confidential Information about identified
individuals, even though some of the data is
publicly available, must be ‘managed’
carefully
• Internal Policies, both business and
technology policies must be coherent and
linked across departments
• Monitoring and management of these risks,
and how they meet requirements must be
implemented

9. GAPS IN APPROACHES BY
FINANCIALS SERVICES COs
Most firms don’t
have joined up
policies.
Firms tend to have a reactive
approach to implementing risks and
only do so when an event happens.
Integrated
Monitoring is
key.
Most firms have not identified
data or assessed security risks
that are faced by firms.
Data ownership and use of Social .has not been
considered yet, but is being used

10. SECURITY SOLUTIONS AND
ARCHITECTURES
Build architectures
that incorporate
security from the start
The volumes and timeliness of
Social Data requires revised
operating models and systems
architecture
Governance, Risk,
Compliance
solutions updated
Data Security and Use
Lifecycle approach created
in an integrated way
Risk Mitigation must be the business imperative, but
enable agility and improved customer engagement

11. SUMMARY
Data Privacy and IT
Security has become
more complex.
Data Protection and Privacy, Information Risk (ISO
27001), and Regulatory Requirements must be
combined into a overall Security Strategy
A combination of business
and technology approaches
are required
It requires joined up thinking and implementation
between the business and IT

12. Thanks for Listening
Any Questions?
Alpesh Doshi, Fintricity
m: +44 7973 822820
w: www.fintricity.com
t: @alpeshdoshi
l: www.linkedin.com/in/alpeshdoshi

13. References
• Guarding the Social Gates, The imperative for Social media Risk Management, Alan Weber, Altimeter Group, August 2012
• Social Data: Managing data privacy and other Legal Risks, Belinda Doshi, Partner, Nabarro, September 2012
• FCA – Data Security http://www.fsa.gov.uk/pubs/other/data_security.pdf
• The Social Banker – Social Media Lessons from Banking Insiders KPMG, April 2012