• Platform

Data, privacy and information security — the journey to instilling trust

28 January 2021

2021 has arrived and in this time of COVID, while we are still physically stuck at home, our data continues to travel far beyond our reaches as we interact on apps, smartphones, social media etc. As a Data Governance Specialist, Loren Randall-Duvel’s journey at JUMO has seen her stepping into data governance, privacy and information security. She considers the objectives, frameworks and methodologies.

‘Data breaches… Data Quality… Privacy Policies… Protect your data… these headlines hit us daily. Our data is at the hands of companies we’ve given consent to through their privacy policies and terms and conditions. There’s a level of trust we place in them. We trust them to do what they say with our personal information. We trust that our data will not be changed or used incorrectly. We trust that our data will not be sold or shared. We trust that our data will not fall into the wrong hands.

JUMO’s financial technology platform gives people access to financial products that were historically unavailable to them. This access requires acceptance of our terms and conditions, so that we can collect their personal information and assess their eligibility for the financial product. But once we have this data, what happens next?

We need to hold and protect the identity they entrust to us and strive to ensure that their data does not fall into the wrong hands. We must comply with data protection legislation and information security certifications, while still making the data available internally. We also need to ensure that the data we hold has not been changed or manipulated erroneously and that it is processed as quickly and seamlessly as possible.

There are three internal functions that touch on these responsibilities:

  1. Information security for ensuring the confidentiality, integrity and availability of data. It’s about balancing access with protecting information from unauthorised use.
  2. Data governance for ensuring high-quality data is available throughout the designated lifecycle.
  3. Privacy for the proper handling of data, from the way it is collected, to how it is used and later destroyed.

They share commonalities, for example, the concepts of access, data integrity, data quality and data accuracy. It’s therefore essential for these streams to work together towards one common goal: protecting accurate customer data and maintaining customer trust.

In order to break down the barriers between these streams and work on common ground, there are five simple steps that can be followed.

1. Build relationships

Without investing time in building relationships across the business and within the streams, you will find it difficult to tackle challenges that have a common objective and need a common solution. Document policy, process and standards together, across all three streams.

2. Seek backup

Getting buy-in from executive leadership is essential. Having support from the top provides the freedom to test the waters and stability to drive the process.

3. Communicate

Continuous engagement across the business and building consistent behaviours is hard work, but it’s important not to disappear into the background. Maintain contact, tell colleagues what you’re doing and why. Get them involved and have check-in meetings across the workstreams to compare notes. While each stream needs to cover different functions, it’s important to be communicating the same ultimate message.

4. Start small, with the highest risk

There are many resources available to help you start a framework for each of these streams. The big bang approach does not work. By all means have a template to work off, but identify the highest risk related to data and tackle that first. Complete it fully before moving on to the next area.

5. Review the plan

The job is never done. In a world of changing technology and new integrations, the plan you put in place needs constant review for areas of improvement. There will be obstacles and challenges. Learn from these and if you need to, change your approach.

Getting all three streams to work together has enabled JUMO to tackle collective challenges with a single approach. This has eased the burden of regulatory reporting, improved our internal processes and brought data to the top of everyone’s minds. After working together to drive our common vision, we can say with confidence that our customers can trust us with their data.’