Community
In fintech, user’s data protection is among the top priorities requested by regulations, but surprisingly they are mapped onto real-world risks.
As a data security engineer, I can say that while it might look like much work to comply with GDPR, CCPA, PCI DSS, FFIEC, etc., these regulations exist not to add problems but to prevent them and protect the users and your business as well. They point out risky assets (data, processes) and allow extending your security efforts to cover them.
Say, encryption.
Different regulations require different kinds of personally identifiable information (PII) to be encrypted. Take encryption as a risk-narrowing approach:
Why not just “encrypt everything”? Well, encrypted data is binary data, and it’s hardly usable, while many fintech applications need to run analytics and database queries on collected data; thus, they can’t just “encrypt everything”.
To choose which fields to encrypt and which to leave in plaintext, you must clear up the risks and demands of regulations you fall under (ok, google, what we really need to encrypt).
Let’s have a closer look at your business. What do regulations protect your business and your users from?
Summarizing. Different regulations require different kinds of PII to be encrypted. In any case, you’ll be better off if you start with encrypting the data defined as risky by the data privacy regulations first (to lift that external pressure of your operations) and proceeding to extend data security to other types of risks next. Regulations can teach hard, but actually, they take care of handling risks correctly and serve as a pointer mapping where experience, goals, and data security meet for strategic decisions.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Arthur Azizov CEO at B2BINPAY
20 December
Sonali Patil Cloud Solution Architect at TCS
Retired Member
Andrew Ducker Payments Consulting at Icon Solutions
19 December
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.