Essay: Privacy In Finance: Opportunities And Challenges

Privacy in the Financial Services Industry

Information privacy refers to the aspects of information technology (IT) that consider the ability a specific organization or individual has to determine what data in a computer system can be shared with third parties. Privacy is significant as this is something that provides the power to select thoughts and feelings and realize with whom we can share the same (Wu, Vitak, and Zimmer 2020). Privacy helps to protect the physical safety of individuals. Information privacy lays stress on anything that leaves a trail of information irrespective of the fact of the trail is digital. Concerns related to privacy are there in place wherever personally identifiable information is being collected or is being stored (Raab 2020). The information here can be in any form—digital or pen-paper-based. Here the prime cause of privacy issues is improper disclosure control of data. In this, the discussion will be surrounding information privacy in the financial sector.

Privacy is critically significant in the financial services industry as the sorts of information that is held by financial institutions are sensitive and regulated. In this digital age, transferring information has become easy and this is something that makes the information vulnerable to attacks. Then again, financial institutions mostly operate across multinational borders, and thus here the cross-border problems also turn up. It will also not be wrong to say that financial services institutions are certainly the richest sources of personally identifiable information—general as well as financial (Bouveret 2018). These have become the primary breach targets and thus require a comprehensive data privacy strategy. Again, the structure of the operation of the financial firms makes it mandatory for them to be equipped with stringent standards of data security. It is on a frequent basis that the financial sector has to deal with volumes of personal and confidential consumer information (Perumal et al. 2019). There is always this fear of data security breach and thus it is expected of the financial institutions that proper data privacy regulations be in place.

Data breaches affect the reputation of these financial firms as well and thus they need to be doubly sure about the information security measures in place. Experts from the financial sector, even suggest that the success or failure of a financial firm is heavily reliant on the way this firm maintains a balance between the use of consumer information and maintenance of privacy (Candauda Arachchige Sarathchandra 2018). On one hand, to take advantage of emerging prospects of growth, these financial institutions have to be flexible in the matter of sharing customer data. On the other hand, compromising data privacy can land them in trouble as well. Thus, there has to be a perfect balance maintained to address the pressing issues related to information privacy. It has to be agreed that IT in the financial sector enables the development of a sophisticated product, enhances market infrastructure, helps in the implementation of reliable techniques for risk control, and increases the reach of the companies as well (Du and Wei 2020). The Internet can be said to have impacted the various delivery channels of the banks but then with the integration of digital technologies the issue of privacy breaches of data also comes into the picture. Here the theory that can be referred to is Petronio’s Communication Privacy Management (CPM) Theory. This is one of the most valuable privacy theories that can be of much help to figure out interpersonal computer-mediated communication (Petronio and Child 2020). As per this theory, individuals are to maintain and coordinate boundaries of privacy with different communication partners relying on the perceived benefits and related costs of information disclosure. There are five prime elements of this theory that include private information, control and ownership, privacy management, private boundaries, and rule-based management. As per Petronio, private information modifies in terms of degrees of risk relying on perceived repercussions for revealing and concealing (Worthington and Fitch-Hauser 2018). In simple terms, it is said that some information gets easily disclosed as per the perceived consequentiality of disclosure. Work environments at the financial firms can be evaluated in terms of this theory. It is apparent that human resources are critical to any organization and when it comes to information privacy, a leak of information can be initiated from internal sources. This may be intentional or unintentional for instance a professional from the finance sector working from home is ignorant about information privacy and becomes the source of exploitation. This is not intentional but will certainly affect the organization to much extent. CPM theory is appropriate for the situation as it explains the decisions that individuals make about revealing or concealing private information (Walrave et al. 2022). Maybe some employees do not consider checking on the privacy of information to be significant and are least bothered about it. Then they can be the source through which cybercriminals exploit the system of the organizations. There are chances that some of their close acquaintances are working in the different financial sectors and they do not hesitate to discuss company data with these acquaintances. This as well means compromising the privacy of the information as the data of the customers of one financial firm should not be shared with the other via its employees (Kahlow 2020). Thus, in all ways, the above-mentioned theory suits the discussion and hints at the fact that addressing information privacy issues in the financial organization is the first and foremost duty of the human resource of the firm. It has to be understood that IT solutions are required in this dynamic work environment but going digital means taking more accountability. There is no alternative for the financial firms but to make the staff aware of the significance of information privacy.

The Importance of Maintaining a Balance between Data Sharing and Privacy

In the sections below, the opportunities and challenges posed to the financial sector related to information privacy have been discussed. Opportunities will reveal how to enhance information security in financial institutions and can bring positive changes within these organizations. Challenges will suggest what hindrances will the financial organizations face when handling information privacy. This will make it clear why financial firms should go for proper measures when it comes to information privacy.

Financial Management Information Systems (FMIS) is a viable option for financial organizations. This will support the financial firms in their venture of automation and integration of public financial management processes (Almutairi 2021). The financial processes being talked about will include budget formulation, execution, reporting, and accounting. This solution will be much more effective in bringing in significant improvisation in efficiency and equity of government operations. The financial firms will also be offered great potential to bring an increase in participation, transparency as well as accountability (Hartikayanti, Bramanti, and Gunardi 2018). It has to be supported by the FMIS privacy policy which is the policy specifically dedicated to the use of FMIS. The institutions in the financial sector should draft a document as to which data will be collected, how this will be provided required security, and so on. Unauthorized access or disclosure of information needs to be kept a check on. There need to be proper electronic and managerial procedures in place to safeguard information privacy. Thus, it can be said that there are many opportunities for the institutions of the financial sector if they choose to implement business information systems such as the FMIS to handle their data properly. To bring in proper integration of the system firms will have to make some changes to their existing policies and procedures that again will help them stay updated in the times of the advancing digital age.

The situation can be better understood with Privacy Security Trust (PST) framework. This specific framework has been developed from the notion of a sender of information being engaged in technology-mediated interaction with the receiver of the information using a technology platform. In this framework, the platform that is made use of is tagged as the technology lens (Morton 2016). This highlights the fact that if in case an information sender views an information receiver as a poorly designed technology platform, they may encounter a distorted view of the information receiver (Zhang et al. 2021). The implementation of FMIS in the financial sector can be explained using the PST framework. It is understood that with this system in place transfer and retrieval of financial data will be easy for the financial sector organizations. But if the system is targeted by a cybercriminal and the system functions be compromised, information privacy can be at stake. Thus, here the financial firms need to be specific about information control and adhere to some mechanisms such as GDPR subject access requests (Doe 2018). This provides the right of access permitting individuals to obtain records of their personal information that is held by any organization.

The Impact of IT and Digital Technologies on Data Privacy

Then again with the focus being directed toward information privacy, the financial sector can go for various approaches towards digital transformation. There can be approaches consisting of three layers such as distribution network, production creation, and adoption of digital products. Agent networks can be deployed and other applications such as automated loan products relied upon predictive credit scoring to be introduced in the sector (Opportunites and Risks in Digital Financial Services 2022). The financial sector will be better laced with equipment of information technology to add to the IT security infrastructure. This means a reduction in costs to deliver the services to the clients and better customer services. Thus, in this way by keeping the factor of information privacy at the center, the financial sector can bring is some major changes in the way it presently operates.

Challenges here are nothing but the growing number of data breaches. Financial firms such as Santander have become prime targets of cybercriminals because of the sensitive data that these companies handle. As mentioned before, the increase in volumes of data with every passing day is the reason why organization as Santander need to implement systems such as FMIS. But shifting to a digital medium as such will mean an increased attack surface being provided to the cybercriminals. This hints at the fact that the company will have to invest more in securing data. Maybe modern technologies such as blockchain are used to safeguard information privacy. The use of blockchain will help the company to streamline the banking and lending services, bring in a reduction in counterparty risk, and decrease issuance and settlement times as well (Tapscott and Tapscott 2017). But the problem is the implementation of such technologies will mean heavy investment to be done. The trends in the realms of information privacy need to be understood and expert advice taken. Most importantly, some good policies and procedures need to be in place. The company has to put in extra efforts to adhere to global laws such as GDPR in a better way when implementing new technologies (Bufalieri et al. 2020). Information privacy will be the central reason why the firm will have to take some major steps toward introducing new technologies.

Some minor challenges that the financial sector can face when focusing on developments to enhance information privacy are lack of cooperation from the employees, need for extensive training to ensure that workforce gets acquainted with new systems, imbalance in traditional and modern methods, ethical issues as automation brought about by the use of technologies can mean loss of jobs and more (Azim et al. 2019). The most intriguing issues are lack of cooperation and ethical issues. The financial sector needs to be aware of the fact that human resource has to be included highly in the decision making as without that developments in regard to information privacy cannot be accomplished as per the plans. The financial sector should not rush to adopt digital technologies as that can mean compromising the knowledge gained about the technology. This will not help the firms in any way to enhance information privacy but will rather lead them to encounter bad consequences. Information privacy has to be dealt with but then the firms need to take note of the challenges that it poses. When looking at it superficially, many will not be able to identify the challenges but when explored in-depth and all related aspects considered some major observations can be made. Apart from that, something that can be mentioned here is the privacy paradox. As per this paradox users have privacy-compromising behavior online that results in the dichotomy between privacy attitudes and actual behavior (Kokolakis 2017). Here, this is being mentioned because, there is this notion developed that when people are not that bothered about how their data is being collected or used, why the companies should out in such efforts. Employees of the financial sector are already burdened with much work and adding the responsibility of handling new technology might not please them.

Petronio's Communication Privacy Management Theory in the Financial Sector

The organization that will be referred to for the purpose of figuring out opportunities and challenges of information privacy is Santander UK. This was established in the year 1988 and employs about 21,600 individuals (Top Banks in the UK 2022). It conducts its operations using Retail Banking, Commercial Banking, and Global Corporate Banking segments. The bank is headquartered in London (Top Banks in the UK 2022). This institution has always been specific with data protection and processing of personal data. The institution is well aware of the fact that handling huge amounts of data on a frequent basis means much responsibility to be taken and it is accountable for all that happens surrounding data (Data Protection Statement - Santander UK 2022). Potential violations of financial privacy arise during the tracking of foreign transactions, establishment of payment systems that monitor and report on cash transactions and enable sharing of financial information with the third parties. Governments and other authentic institutions can certainly seek access to financial information to administer taxes, prevent and identify laundering, develop credit profiles, and lastly for intelligence purposes as well (Data protection policy 2022). The bank understands that financial services are rapidly changing with the advancement of technology and this is something that is as well is also affecting the nature of financial services. At Santander, the Data Protection Officer is vested with the responsibility of monitoring as well as enforcing compliance with the General Data Protection Regulation (GDPR) (Shabani and Borry 2018). This has been aligned to for ensuring that all of the personal data being provided by the data subject utilizing the website is protected. The institution is transparent with its data protection statement. The data protection statement of Santander suggests what types of personal data are collected and made use of by the organization (Financial Management Information Systems 2022). There are proper explanations about monitoring of communication, usage of personal data, and so on. It hints at the fact customer's consent is required to process any sort of data and some personal data as well is not mandatory to be shared.

To better understand the situation at Santander, its value chain as a banking industry can be discussed. For the companies such as Santander in the banking sector, the value chain starts from the consumers. The remaining value chain consists of a set of value-generating events and associated activities (TechnoFunc - Banking Industry Value Chain: How Banks Earn Profit? 2022). For their various services, the banks are needed to earn money ensuring that the functioning of the same keeps going. Banking institutions such as Santander are significant to the efficient functioning of the financial system. But then this has to be accepted as well that ultimately banks as well are businesses. Banks fill in the needs of the market by rendering services and earn profit by charging consumers for the service that has been rendered. The prime functions of the banks can be said to be as accepting deposits and granting loans. In all these activities information exchange is a key (TechnoFunc - Banking Industry Value Chain: How Banks Earn Profit? 2022). For instance, to take a loan from Santander, one needs to fill up a form, provide all his or her details and then be eligible for the loan. This means collection of sensitive data that needs protection. Thus, it can be clearly understood that information privacy is something that creates and delivers value. Suppose the information being shared by the customer when applying for a loan is made available to data companies and this information is misused, the reputation of the firm will be affected. Data breach always affects the reputation of any firm and thus it can be said that information privacy adds much value and ensures that customers are given due priority. This can be better understood with the theory of Restricted Access or Limited Control (RALC) theory (Schwabe 2019). This describes privacy in terms of defense from interruption and information gathering by others by situations that are there to restrict access rather than in terms of controlling information. In simple terms, the privacy of information is compromised when accessing some information that one is not authorized to. The value chain of banks such as Santander needs to incorporate that sensitive information is made available to some employees and the ones who can be held accountable for the duty only.

Information Security in Financial Institutions and the Role of Human Resources

Conclusion

Thus, from the discussion done it can be said that information privacy has to be given due priority when going for the implementation of BIS. The financial sector mainly needs proper considerations to be in place as it deals with sensitive data even beyond national boundaries. Financial institutions succumb to reputational losses when data breaches occur and thus proper measures should be in place when implementing BIS. It has to be accepted that with the changing business scenario firms in the financial sector need to adopt new technologies but then they have to be specific about data privacy-related policies as is evident from the case of Santander. There should be transparency as to how customer data will be used and provisions kept for seeking permission before sharing most sensitive data with third parties such as Government institutions.

References

2022. Data protection policy. [online] Available at: <https://www.santander.com/en/landing-pages/data-protection-policy> [Accessed 10 April

2022. Financial Management Information Systems (FMIS). [online] Available at: <https://www.worldbank.org/en/topic/governance/brief/financial-management-information-systems-fmis> [Accessed 10 April 2022].

ALMUTAIRI, H.A., 2021. The Role of Adopting Financial Management Information Systems in Increasing Organizational Performance: Evidence from Kuwaiti SMEs. The Journal of Asian Finance, Economics, and Business, 8(12), pp.411-420.

Azim, M.T., Fan, L., Uddin, M.A., Jilani, M.M.A.K. and Begum, S., 2019. Linking transformational leadership with employees’ engagement in the creative process. Management Research Review.

Bouveret, A., 2018. Cyber risk for the financial sector: A framework for quantitative assessment. International Monetary Fund.

Bufalieri, L., La Morgia, M., Mei, A. and Stefa, J., 2020, October. GDPR: when the right to access personal data becomes a threat. In 2020 IEEE International Conference on Web Services (ICWS) (pp. 75-83). IEEE.

Candauda Arachchige Sarathchandra, D., 2018. Privacy Regulations in the Context of Finance: Comparison Between Developing and Developed Countries.

Corporate Finance Institute. 2022. Top Banks in the UK. [online] Available at: <https://corporatefinanceinstitute.com/resources/careers/companies/top-banks-in-the-uk/> [Accessed 10 April 2022].

Doe, S., 2018. Practical privacy: report from the GDPR world. Legal Information Management, 18(2), pp.76-79.

Du, J. and Wei, L., 2020, November. An analysis of regulatory technology in the Internet financial sector in conjunction with the logit model. In 2020 2nd International Conference on Economic Management and Model Engineering (ICEMME) (pp. 428-431). IEEE.

Hartikayanti, H.N., Bramanti, F.L. and Gunardi, A., 2018. Financial management information system: an empirical evidence.

Kahlow, J.A., 2020. The influence of technology on privacy boundary management in young adults' sexting relationships: A communication privacy management perspective. In Young adult sexuality in the digital age (pp. 73-93). IGI Global.

Kokolakis, S., 2017. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & security, 64, pp.122-134.

Morton, A.J., 2016. Individual privacy concern and organisational privacy practice-bridging the gap (Doctoral dissertation, UCL (University College London)).

Perumal, S., Aramugam, R., Samy, G.N., Krishnasamy, K. and Shanmugam, B., 2019, August. Proposed Customer's Sensitive Information Privacy Model for Financial Institution. In 2019 International Conference on Computing, Electronics & Communications Engineering (iCCECE) (pp. 203-207). IEEE.

Petronio, S. and Child, J.T., 2020. Conceptualization and operationalization: Utility of communication privacy management theory. Current opinion in psychology, 31, pp.76-82.

Raab, C.D., 2020. Information privacy, impact assessment, and the place of ethics. Computer Law & Security Review, 37, p.105404.

Responsiblefinanceforum.org. 2022. Opportunites and Risks in Digital Financial Services. [online] Available at: <https://responsiblefinanceforum.org/wp-content/uploads/2017/06/RFFVIII-Opportunities_and_Risks_in_Digital_Financial_Services-Protecting_Consumer_Data_and_Privacy.pdf> [Accessed 10 April 2022].

Santander.co.uk. 2022. Data Protection Statement - Santander UK. [online] Available at: <https://www.santander.co.uk/uk/business/data-protection> [Accessed 10 April 2022].

Schwabe, D., 2019, May. Trust and privacy in knowledge graphs. In Companion Proceedings of The 2019 World Wide Web Conference (pp. 722-728).

Shabani, M. and Borry, P., 2018. Rules for processing genetic data for research purposes in view of the new EU General Data Protection Regulation. European Journal of Human Genetics, 26(2), pp.149-156.

Tapscott, A. and Tapscott, D., 2017. How blockchain is changing finance. Harvard Business Review, 1(9), pp.2-5.

Technofunc.com. 2022. TechnoFunc - Banking Industry Value Chain: How Banks Earn Profit?. [online] Available at: <https://www.technofunc.com/index.php/domain-knowledge/banking-domain/item/how-banks-earn-profit> [Accessed 10 April 2022].

Walrave, M., Verswijvel, K., Ouvrein, G., Staes, L., Hallam, L. and Hardies, K., 2022. The limits of sharenting: exploring parents' and adolescents' sharenting boundaries through the lens of communication privacy management theory. In Frontiers in Education.

Worthington, D.L. and Fitch-Hauser, M., 2018. Communication Privacy Management and Mediated Communication. In Encyclopedia of Information Science and Technology, Fourth Edition (pp. 6985-6992). IGI Global.

Wu, P.F., Vitak, J. and Zimmer, M.T., 2020. A contextual approach to information privacy research. Journal of the Association for Information Science and Technology, 71(4), pp.485-490.

Zhang, X., Puthal, D., Yang, C., Liu, G., Choo, K.K.R. and Yin, H., 2021, October. International Workshop on Privacy, Security and Trust in Computational Intelligence (PSTCI2021). In Proceedings of the 30th ACM International Conference on Information & Knowledge Management (pp. 4886-4887).