Financial Services – Part 2: Regulatory Compliance and Data Management
In part one of our Financial Services series Maintain Control of your Data in the Face of an Attack, we discussed the different types of security threats you may face. In part two we will review the regulatory changes the GPDR has created for financial services firms and how the Canadian Government has responded to growing cybersecurity concerns.
General Data Protection Regulation (GDPR)
On May 25th, 2018, the GDPR came into effect providing EU residents with more control over how their data is used and stored. This new regulation has set the stage for companies across the globe to review their own data protection regulations.
Is the GDPR relevant for non-EU Financial Services firms?
For the financial services industry, the GDPR is very relevant to the client base. Major banks and financial services providers deal with the EU for various purposes, such as facilitating foreign direct investment, managing local investors, and managing transactions between EU citizens/businesses and their counterparts. In each of these cases, the personal data of EU citizens is being collected and processed by a non-EU financial services provider
From a GDPR perspective, personal data breaches must be notified to the relevant supervisory authority no later than 72 hours after the data controller becomes aware of the breach. The Regulation distinguishes between the services being offered by the organization, meaning, essential services such as financial service providers must report cybersecurity breaches to the relevant authority at a national level (Article 33).
GDPR also guides how to handle data breaches. For example, an infection by ransomware could lead to a temporary loss of accessibility if the data can even be restored from a data backup. However, a network intrusion still occurred, and notification could be required if the incident is qualified as a confidentiality breach (i.e. personal data is accessed by the attacker) and this presents a risk to the rights and freedoms of individuals.
If you’re in the process of aligning your financial services firm with the GDPR, especially in terms of data collection, storage and management, contact us for support with GDPR compliance across your systems.
Canadian National Security Concern
Recently, BMO and CIBC-owned Simplii were both hit by a hacker who threatened to release 90,000 Canadians account information. Although the cause of the attack has not yet been released, it has raised several questions regarding server security and third-party contracts. If two of the largest banks in Canada were hit, how would small to midsized businesses stay attack-free?
For this reason, the Canadian Federal Government is rolling out a new cybersecurity strategy designed to better protect the country and its citizens from the growing threat of online attacks and crime. The plan, $500 million over five years, includes a range of initiatives aimed at the public as well as businesses.
“Small and medium-sized Canadian businesses are the backbone of our economy but are also the most vulnerable.” Commented Byron Holland, president and CEO of the Canadian Internet Registration Authority. “Providing these businesses with cybersecurity strategies and resources is essential to holding back the tide of cyber threats.”
We can help!
In the financial services industry, downtime can be detrimental to your reputation and business operations. Storagepipe’s backup and disaster recovery solutions can help. Our solutions seamlessly address your backup, recovery, compliance, security, and archival requirements.
With many major financial institutions including credit unions, insurance, and financial services firms as clients, let us provide you with total peace of mind that your data is securely protected. Start your Storagepipe experience today.