Security Process in India Inadequate: PWC

by CXOtoday Staff    Jan 13, 2009

In its recent survey based on the responses from 665 financial services executives reported 54% of financial services firm not having an accurate inventory where personal data for employees and customers is collected, transmitted or stored.


The report said 51% of financial services respondents dint not require any third-party service providers to comply with their company’s privacy policies.


The survey found only 45% of the responders to diligently performing abiding third parties regulations in handling the personal data of customers and employees. This appears to be a blind spot for financial services firms.  However, it said that 81 % consider themselves either somewhat’ or very confident in the information security practices of their partners and suppliers.


"Financial services firms have been leaders in privacy and security, but their policies and capabilities are being outstripped by changes in technology and business practices," said Sergio Pedro, managing director, PricewaterhouseCoopers.


PricewaterhouseCoopers said that financial services firms consider the following when beginning to assess whether they adequately address privacy concerns:

* Before deciding to move business processes or operations cross-border, does your firm consider whether there are country-specific privacy-related requirements and risks that might impact its operations in a given country?


* Does your firm identify applicable privacy-related requirements in all the jurisdictions where it conducts business and stores, processes, or collects sensitive data?

* Are your firm’s third-party service providers contractually obligated to protect the sensitive data of your firm’s customers and/ or employees?


* Does your firm understand the flow of sensitive data throughout its lifecycle, across the entire firm, and to/ from third-party service providers?


* Does your firm have a written plan to monitor, respond to, and remediate incidents where there is a potential risk of a data breach?