Banks brace themselves for data protection concerns
A man completes a transaction using a Visa card. Banks collect data that sufficiently identifies and describes their clients, such data may as well be further processed for providing value added services for specific clients, based on their unique customer profile. PHOTO/file
What you need to know:
Banks are investing in technology, human resource and physical security measures to safe guard data, Racheal Nabisubi writes.
Banks are among the several institutions that collect and process personal data for various reasons including commercial gain.
Thanks to technology employed by banks, this information is generated through online forms, cookies, CCTV cameras and other tools employed for monitoring customer transaction behaviours during a bank-client relationship.
As more economic and social activities find their way online, data protection and privacy is increasingly becoming a growing concern.
Another concern is the way enormous data is collected when it comes to personal information that is used and shared with third parties without even the notice or consent of consumers.
Data protection
Data protection is the process of safeguarding important information from corruption, compromise or loss.
The significance of data protection increases as the amount of data created and stored continues growing at unprecedented rates.
The United Nations Conference on Trade and Development (UNCTAD) website indicates that 137 out of 194 countries had put in place legislation to secure the protection of data and privacy.
It further indicates that Africa and Asia show different levels of adoption with 61 and 57 per cent of countries having adopted such legislations. The share in least developed countries is only 48 per cent.
However, despite all efforts to ensure data protection and privacy in this technological era, it still remains one of the key challenges among institutions such as banks.
But how can banks manage data protection challenges?
Mr Abdul Victor Nabongho, the head of compliance, Housing Finance Bank, says “World over, financial data is personal, private and confidential information but there is increasing realisation of threat and reality that such data can be misused which has made data security a major concern to us as a bank, our consumers and regulators,” Mr Nabongho says.
The bank has, for instance, been relying on enforcing Section 18 of the Computer Misuse Act, 2011 which “prohibits the unauthorised disclosure of information” save for certain permissible purposes as well as other Data protection principles provided for in some other laws, such as The Access to Information Act 2005 (Act No 6 of 2005); Section 26, The Uganda Communications Act, 2013 (Act No. 1 of 2013); Section 79, The Electronic Signatures Act, 2011 (Act No. 7 of 2011); Section 81, The Computer Misuse Act, 2011 (Act No. 2 of 2011) and The Regulation of Interception of Communications Act, 2010.
The technological developments and large amounts of personal data collected, processed and stored accelerated the need for a comprehensive Data Protection Law in Uganda.
He elaborates that the bank has invested in technology, human resource and physical security measures to safe guard data.
“Housing Finance Bank has done clear data mapping to identify types of data collected, the data subjects / owners of data, inventory of the purpose for which different data sets are collected, collection sources, medium of collection, storage of the data such as physical or electronic, usage of the data i.e. internal or external, transmission of the data within the organization and outside as well as taken stock of the retention and disposal elements around data,” he explains.
The Bank was registered as a data collector, processor and controller with the Personal Data Protection Office under registration number PDPO-202111-0016 with Certificate granted in November 2021.
He adds: “We have designated a data protection officer that is, the head of compliance and the public can lodge any data related concerns associated with Housing Finance Bank through the Data protection officer.”
Mr Kenneth Agutamba, head, corporate communications, Stanbic Bank, says data protection is a major responsibility for banks because they handle huge volumes of personally Identifiable Information (PII) and Personal Credit Card Information (PCI) for customers. Keeping that information secure from unauthorised access is one of the regulatory requirements for all financial institutions.
“Banks have generally done well in keeping their customer information safe that is why you don’t know your friend’s account balance. For instance; the controls we have in place are such that only the owner can have access. This has helped preserve the trust customers have in banking system,” Mr Agutamba says.
He notes that banks both local and international still invest in upgrading and securing their technology and information systems every year.
This, he says, is the first line of defence; using the best and ISO certified technologies that guarantee a high level of data security for customers.
Manage data protection, privacy
For banks to manage data protection and privacy, Nabongho notes that they must duly register with the Personal Data Protection Office.
In addition, there is need to carry out data mapping within the organisation, secure your devices and networks, use a firewall to block, data encryption is a must and backup your data in secure locations. Furthermore, automated software updates and secure wireless network especially in the current work from home setup.
