BPI

Nonpartisan public policy, research and advocacy group, representing the nation’s leading banks

Member Portal
BP Banking Perspectives
  • Home
  • About Us
    • Mission Statement
    • Membership
    • Board Members
    • Our Team
  • Advocacy
    • AML/CFT, Bank Secrecy Act and Sanctions
    • Bank Activities and Structure
    • Bank Capital and Stress Testing
    • Bank Governance
    • Bank Liquidity
    • Cybersecurity
    • Regulatory Reporting and Accounting
    • Resolution + Recovery Planning
    • Supervision and Enforcement
    • Amicus Briefs
    • Fintech
  • Research
    • Systemic Risk and TBTF
    • Bank Capital and Stress Testing
    • Bank Conditions and Credit Availability
    • Bank Liquidity
    • Financial Markets
    • Monetary Policy + The Economy
    • Resolution + Recovery Planning
  • BITS
    • Overview
    • Cybersecurity
    • Fraud Reduction
    • Technology Advocacy & Operations
    • Technology & Risk Strategy
    • Fintech
    • CTO Corner
    • Quantum Risk Calculator
  • Events
  • Press
  • Blog

Can Financial Institutions Save Privacy?

Heather Hogsett

Heather Hogsett

Senior Vice President, Technology and Risk Strategy for BITS

Heather Hogsett is the current Senior Vice President, Technology and Risk Strategy for BITS at the Bank Policy Institute. Prior to joining BPI, Ms. Hogsett was the Vice President of Technology and Risk Strategy for BITS at FSR, where she developed and led initiatives on emerging technology and security matters facing the nation’s largest financial firms.

 

In this capacity she collaborated across the industry, with technology innovators, regulators and policymakers to raise awareness and improve the dialogue in areas such as cybersecurity risk management and board oversight; data security, governance and privacy; third party risk management; innovation and fintech policy.

 

Prior to joining BITS, Ms. Hogsett served as Staff Director for Federal Relations at the National Governors Association, where she oversaw NGA’s federal legislative agenda and activities on cybersecurity, homeland security and defense, emergency management and veterans’ affairs. Ms. Hogsett helped establish and direct the Council of Governors – a presidentially-appointed council bringing governors together with the Secretaries of Defense and Homeland Security, as well as White House officials – which established an unprecedented level of cooperation between state and federal military forces. 

 

Prior to NGA, Ms. Hogsett served on the Homeland Security Committee in the U.S. House of Representatives and the Homeland Security and Governmental Affairs Committee in the U.S. Senate. Ms. Hogsett holds a bachelor’s degree in political science and international studies from Northwestern University in Evanston, Illinois, and a Master of Science in Foreign Service degree from Georgetown University in Washington, DC.

 

Articles Written by Heather Hogsett

July 12, 2018

Can Financial Institutions Save Privacy?

June 20, 2018

BITS FSR outlines core principles for promoting innovation in financial services in letter to Treasury

July 12, 2018

The debate over personal information and privacy is at a turning point.

Information once thought private and protected is now out in the open for all to see – social security numbers, credit card numbers, the street you lived on when you were 12, your eating habits, shopping habits, business and personal correspondence… Between the multitude of data breaches and the sheer volume of data generated and collected on each of us every day, the internet now knows more about you than you do.

So is privacy dead? Does anyone still care? Or have consumers become numb to the barrage of headlines about data breaches or data mining of which they were unaware?

According to a recent survey by Deloitte, people do care about their information falling into the wrong hands and 81 percent “feel they have lost control over the way their personal data are collected and used.” These concerns are not new but tend to rise and fall based on events.

What’s changed today and what should be seen as a turning point, however, are the sweeping privacy rules in the European Union’s (EU) Global Data Protection Regulation (GDPR) and the newly enacted data privacy bill in California. Both measures expand the definition of private information, give consumers new rights over how their data is collected and used, and will have broad-ranging influence over how companies operate and communicate with customers.

GDPR, which went into effect at the end of May, has forced companies handling any EU citizen’s data to be more transparent about how they use the data and provide clearer disclosure statements. Most notably, GDPR also provides consumers the ability to request that their information be deleted – often referred to as the “right-to-be-forgotten”.

The California law is similar to GDPR but grants consumers further ability to opt out of data sharing rather than being forced to opt in in order to continue to use online sites or services. It also protects consumers from companies charging them a premium if they choose not to share their data, gives consumers the right to know the commercial purpose for which their data is collected and the categories of data sources.

As firms analyze these new requirements, there are a number of questions, potential conflicts and operational challenges that will likely arise. For instance, how will financial firms be required to implement customers’ ability to request the deletion of their information and how will this affect Know Your Customer and Anti-Money Laundering obligations, or the ability to track bad actors in cyberspace through the international IP address registry (a.k.a., WHOIS database)?

If the history of data breach laws serves as an example, other states will soon implement their own privacy measures, leaving firms with a hodgepodge of customer privacy protections and disclosure requirements to meet across the country.  For internationally active banks, the problem is multiplied across countries, and complicated by growing requirements for on-shoring of data.  Balkanization of data would represent a serious loss of efficiency for national and international firms.  Thus, multiple industries, including financial services, are coming together to try to shape these conversations and bring some uniformity, ideally in the form of a national standard that avoids conflict and overlap across jurisdictions.

Regardless of what occurs at a national level in the U.S. firms should rethink how they use customer data with an eye toward empowering the customer through greater control, transparency and choice.

Financial firms are at an advantage when it comes to security and privacy. As an industry that values customer trust, firms have long prioritized protecting customer data and have invested significantly in the technology and organizational processes necessary to secure information and protect it against unauthorized disclosure.  Among the critical infrastructure sectors, financial services is the most highly regarded for its cybersecurity risk management practices and has long served as an example for others. Critical aspects of protecting private information such as data governance, segmentation, encryption, access controls and retention policies are all familiar territory for financial firms.

Now is the time to leverage this expertise to reimagine customer experiences through a privacy lens.

The firms leading the way are prioritizing customer trust and innovation by providing clearer and simpler disclosure statements and offering new options for how customers engage with them. Soon it may be commonplace for customers to be able to choose what types of data the industry collects and to swipe left or right to grant access or turn it off when using a financial services app.

If customers can more easily control their data and understand the benefits of its use, they are more likely to provide it. While the thought of being tracked through your mobile device may be somewhat uncomfortable, if you knew that it was only used to confirm that it’s you trying to use your credit card for a large purchase on vacation rather than a fraudster, would you feel better about it? Or that by allowing your bank to collect and match your fingerprint, behavioral patterns and location, that it improves the security of your account and speeds up the sign-in process?

Customer demands and market trends have moved toward providing greater personalization, and tailored and seamless experiences. FinTech start-ups and incumbent financial firms are all relying on customer data in the race to do everything from improving product and service offerings to finding new ways to expand access to credit. All of this could be curtailed if firms fail to articulate why they are good stewards of customer data and how they use the data for good.

Over the last several years, BITS, the technology policy division of BPI, has been exploring the opportunities and challenges brought by using new types of data. Some of these conversations have raised thorny issues around consumer sentiment and the data practices of other industries. We are continuing this work with a particular focus on data privacy. The landscape is shifting quickly but the path forward is clear – greater transparency, clarity and control for customers will win the day.

Disclaimer: The views expressed in this post are those of the author(s) and do not necessarily reflect the position of BITS, The Bank Policy Institute, or their memberships, and are not intended to be, and should not be construed as, legal advice of any kind.

Related Blog Posts

February 15

The Banking Industry is Unconcentrated, and Will Remain So After the BB&T/SunTrust Merger

February 6

Federal Reserve’s Stress Scenario is Much More Severe Than the 2007-2009 Financial Crisis

Download PDF
January 25

BPI Symposium on Interactions Between Fed Normalization, Money Market Conditions, and Bank Funding and Liquidity

  • Careers
  • Contact Us
  • Privacy Policy
BP Banking Perspectives
Copyright © 2019 Bank Policy Institute