From Panama with(out) love privacy and data security in financial services - Viewpoint - careers advice blog Viewpoint careers advice blog

From Panama with(out) love privacy and data security in financial services - Viewpoint - careers advice blog Every candidate, employee and stakeholder â€" whatever the size of their organisation needs to have a thorough understanding of data protection legislation and compliance. That has become apparent following the recent uproar surrounding the so-called ‘Panama Papers’, which showed how easy it is for supposedly confidential data to leak into the public domain â€" and how difficult it is to protect it. However, confidentiality is the cornerstone of firms in the financial services sector, and data protection is the responsibility of everyone working in it. Cybersecurity and data protection: the new public issue N.1 The Wikileaks US diplomatic cables case and the Snowden revelations had already shown how vulnerable institutions, corporates and individuals are to data breaches. The data leak from Panama offshore law firm  Mossack Fonseca  was  reportedly the biggest in history, with 11.5 million documents falling into the public domain in an instant.  The World Economic Forum has identified cyber threats among the key risks to the world’s stability in its  Global Risk Report  and says they could cost the global economy up to US$3 trillion. Meanwhile, according to  PWC’s Global State of Security Survey 2016, cyber-attacks on businesses, institutions and individuals increased 38% last year compared to 2014: complacency can be costly both in terms of financial and reputational damage. Data breaches: Mistake â€" or malice? According to a 2014 report by encryption services provider  Egress Software Technologies,  93% of data breaches were due to human error, poor processes or lack of care when handling data. Egress notes that in the private sector, financial services were among the worst affected. “The financial industry was one of the hardest hit, with an increase of 200% in insurance, 44% seen for lenders and 200% for both financial advisors and pension providers,” its report says. The SANS Institute is a cooperative research and education organisation and the world’s largest provider of cyber security training and certification to governments and commercial institutions. It says that financial services organisations are still being breached too often, most frequently  by those with insider access. Nearly half of the respondents (46%) of its  second annual survey on the security of the financial services sector  cited abuse or misuse by internal employees or contractors as being their most prevalent causes of breaches, while 42% cited successful spearphishing attacks. One of the biggest security problems were seeing is bad user behaviour,  says SANS instructor and financial systems security expert  G. Mark Hardy. As a result of their inability to contain user mistakes, financial services companies are learning that compliance doesnt translate to security and are shifting their top priority from compliance to avoiding data breaches. The problem is likely to get worse as the workforce is rapidly adopting Bring-Your-Own-Device (BYOD), the Internet of Things (IoT) and office-based cloud applications, creating even more vulnerability in an organisation’s IT security system. Data protection law: a work in progress Further thorough education and training of the workforce is key. However, the legal framework is inconsistent across the world. Data protection laws in Europe and North America are described as ‘Heavy’ by  DLA Piper, Australia and Japan are rated ‘Robust’ while most of Asia is ‘Limited’. In the United States privacy legislation tends to be adopted on an  ad hoc  basis, while only the EU has established clear guidelines on data protection law through the following initiatives: The upcoming  General  Data Protection Regulation  (GDPR), which is  a massive overhaul of the outdated EUs 1995  data protection  rules and  will enable people to better control their personal data according to the EU. The new rules will come into force in 2018. The  Cybercrime Directive. This new legislation was adopted in 2013 by the EU parliament to fight  attacks against information systems. September 2015 was the deadline for transposition into national law of the new directive. Data protection is a relatively new concern and a great deal needs to be done to protect personal or confidential information. Nevertheless, candidates for jobs in the financial services sector will be expected to display full awareness of data security and understand the consequences of their actions in a digital age. After all, many careers have ended prematurely because of an email gaffe… Join our Financial Markets Industry Insights LinkedIn group to share your thoughts and stay up-to-date with the latest financial markets business, employment and recruitment news. Join our LinkedIn group I hope you found the above information interesting and useful    â€" please see below for links to  other financial markets  blogs  which may be of interest to you and your teams: The Café Generation: how tech culture is spreading to financial services Why modular banking means flexible candidates Too much pessimism clouds silver lining for Chinas economy Digital destruction: Could Fintech kill banking jobs? The basics of business partner functions Business partners should be seen, and heard Intrapreneurship and labs: How banks are fostering innovation Marty McFly, Twitter better Investor Relations