Addressing a global organization’s data governance practices
Snapshot
Data security is becoming an increasingly urgent problem for the fintech industry. Recent research has shown that nearly a quarter of phishing attacks worldwide target financial institutions, and the average cost of a data breach at a financial institution is almost $6 million. A core element of cybersecurity for any business is data privacy: protecting the privacy of the company’s own data, and – crucially – the privacy of its customers’ data. For businesses, protecting customers’ data is a legal requirement; for customers, knowing that their personal information won’t be misused or stolen is key to developing the confidence needed to become a regular and loyal client.
Challenge
A successful US-based global fintech organization recently found itself in need of help complying with privacy regulations. This firm operates in many countries, and had many different requirements it needed to fulfill. But it faced a basic problem: Where to begin? The company brought in a Kalles Group consultant with regulatory, compliance and security expertise to provide support for “must-do” privacy requirements, and help lay the groundwork for a mature privacy program. In carrying out the evaluation, the consultant found the company was in need of a comprehensive data governance policy – meaning rules for how an organization stores, uses and manages all the data it collects. With the Governance, Risk, and Compliance (GRC) team’s partnership, the consultant designed a governance policy that gave this organization a much better understanding of how to bring its practices into compliance with regulations.
Operating a business in dozens of countries can be  complex, because – among other things – it requires complying with many different regulatory regimes. In this case , one particular challenge came in the form of privacy regulations. For an organization that deals in cross-border finance, adapting to numerous different data regulations was no small matter. And in terms of building a privacy policy framework, it wasn’t entirely clear where the organization should begin. The organization’s leadership brought in Kalles Group to shape this complex problem into manageable actions, by first prioritizing where to start.
Approach
Given the very large demands on this company’s time, Kalles Group’s approach was to evaluate the situation and break down the project into bites that were small enough to ensure that stakeholders at the company would have the time and resources to understand, evaluate and act. Early on, it became obvious that a major element was missing: A comprehensive data governance framework. Kalles Group set off on the task of building a data governance policy, on which the company would be able to build a framework from which the necessary privacy policies would flow. The consultant’s work laid out the basic tenets of what data governance is, and created an organization-wide map that made it clear which stakeholders should be responsible for various aspects of data governance and privacy policy.
Results
This fintech firm is in a much better position to determine where it stands, in terms of meeting regulatory requirements around data privacy, and is on track to developing the policies needed for compliance with privacy laws. After laying down an actionable data governance framework, Kalles Group began partnering with the organization on the next phase: life cycle management for policies across the organization.