Principle #6 – Privacy of Client Data This presentation is made possible by the Smart Campaign
description
Transcript of Principle #6 – Privacy of Client Data This presentation is made possible by the Smart Campaign
Principle #6 – Privacy of Client Data
This presentation is made possible by the Smart Campaignwww.smartcampaign.org
2
1. Client protection principles2. Principle #6 in practice3. The client perspective4. Participant feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
3
1. Appropriate product design and delivery2. Prevention of over-indebtedness3. Transparency4. Responsible pricing5. Fair and respectful treatment of clients6. Privacy of client data7. Mechanisms for complaint resolution
Client Protection Principles
4
1. Client protection principles2. Principle #6 in practice3. The client perspective4. Participant feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
5
Privacy of Client Data
The Principle in Practice:
The provider complies with all local data privacy laws. Client information is only used in the ways agreed upon at the time of data collection.
Consider this:
Clients trust financial service providers with very sensitive personal and financial information.
6
Use a privacy policy
Use appropriate systems
Inform clients
Use a written privacy policy that governs the gathering, processing, use, and distribution of client data.Use technology that keeps client data secure. Train staff to keep data confidential, secure, and accurate. Inform clients how their information will be used internally and externally—including data shared with 3rd parties and the use of photos.
The Principle in Practice
7
Obtain client permission
Train clients
Obtain client consent for using information in promotions, marketing materials, and other publications; and for sharing personal information with any external parties, including credit bureaus.Offer information, orientation, or educational sessions to clients on how to safeguard information, access codes/ PIN numbers, and group information.
The Principle in Practice
8
Good practices for privacy and security
Ask employees to sign a confidentiality
agreement at the same time as their
employment contract.
Establish a clearly defined “user
access hierarchy” for staff accessing
sensitive data.
Hold periodic campaigns for clients to update their data and incentivize them
to participate.
Don’t allow information
available on the ‘intranet’ to be
printed or downloaded for use outside the office.
9
Good practices for privacy and security
Spot check the security of physical
files in branches (e.g. using internal
auditors).
Train clients on how to keep group
information private.
Describe the sanctions for the
misuse of client data in the staff book of
rules.
10
1. Client protection principles2. Principle #6 in practice3. The client perspective4. Practitioner feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
11
Can your clients agree with the following?I have been told that the institution will ask my permission before sharing my information with third parties, and before using my photo in any marketing materials.I know how to keep my PIN number safe.
I know how the keeps my data secure.
The institution explained the importance of keeping group information confidential.
The client perspective
12
1. Client protection principles2. Principle #6 in practice3. Protecting client data & the client
perspective4. Participant feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
13
Feedback from ParticipantsDo your clients care about data security? If something went wrong and their personal or financial information was compromised, would it affect your business?
Have data management practices and systems evolved at your institution since you have worked there? How so?
Have you witnessed privacy or security lapses at your institution? How did your institution respond?
14
1. Client protection principles2. Principle #6 in practice3. The client perspective4. Participant feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
15
Technical Tools Getting Started Questionnaire: Self Assessment
for MFIsSecurity is the Key: Pocket Guide to Financial Security for ClientsSmart LendingSmart SavingsTechnical Guide for Investors
Samples and Case Studies
Client Welcome KitSmart Note: Customized IT at Caja MoreliaSmart Note: Protecting Client Data
Tools available from the Smart Campaign
16
1. Client protection principles2. Principle #6 in practice3. The client perspective4. Participant feedback5. Tools for improving practice6. Conclusion and call to action
Agenda
17
Financial institutions satisfy this principle by respecting the privacy of client data and keeping it secure.Maintaining the privacy of client data requires implementing adequate safeguards, systems, and policies, but also informing the client about the use of their personal information and obtaining client consent before sharing it with a third party.Staff and client training is important for making sure privacy and security procedures are successful.
Conclusion
Call to Action: What “next steps” can your organization take to institutionalize and/or improve systems for maintaining the privacy and security of client data?
18
Thank you!Endorse the Smart Campaign. Visit www.smartcampaign.org
Sign up to receive news and information.
Download the Getting Started Questionnaire and conduct a client protection self-assessment.
What’s next?
Email us! [email protected]