Data Privacy Perspectives: How finserv firms can foster consumer trust in the AI age

As Data Privacy Week brings the protection of one’s personal information into sharp focus, I’m reminded of a customer event a major North American bank hosted at SAS world headquarters last year. The bank’s chief data officer led a roundtable discussion with a group of esteemed data and AI experts on the topic of generative AI, centered on the technology’s cross-industry impacts and how those responsible for implementing GenAI are addressing its inherent challenges.

The CDO was quick to emphasize the bank’s obligation to safeguard its customers’ data and use it responsibly as part of the bank’s broader commitment to AI ethics. The ethical use of data and AI is “table stakes,” he said.

“That’s nonnegotiable for us because, as a financial institution, we’re fundamentally in the trust business,” he shared. “People trust us with their data. They trust us with their financial information.”

To him, his team and everyone else at the bank, that means using AI technology – and the customer and other data that fuel it – in “very narrow ways that would never put customer trust at issue,” he said.

This CDO is not alone in these sentiments. A recent GenAI adoption study by Coleman Parkes and SAS found that banking leaders’ foremost concerns in using the technology are protecting data privacy (cited by 74% of survey respondents) and security (71%).

And banks aren’t the only financial services organizations in the “trust business.” The same can be said of credit unions, insurance companies and other financial institutions.

With this in mind, I gathered insights from several SAS experts – and added some of my own – offering perspectives on data privacy for financial services leaders. What’s top of mind? Let’s dive in.

There is no data privacy without good data governance

Perhaps I’m stating the obvious here, but the critical importance of data governance is worth repeating with sage advice from the woman who literally wrote the book on using AI in risk modeling.

“Financial services organizations must delve deeper into the importance of integrating AI into existing systems within context while aligning with an enterprise AI strategy underpinned by robust data governance,” said Terisa Roberts, Global Lead for Risk Modeling and Decisioning at SAS and author of the book Risk Modeling: Practical Applications of Artificial Intelligence, Machine Learning, and Deep Learning.

“They must also consider the broader scope of GenAI use cases beyond large language models while remaining good stewards of precious customer data,” continued Roberts. “Effective applications of synthetic data generation, for example, could help insurers optimize pricing, reserving and actuarial modeling – or help banks fortify fraud detection and enhance the fairness and accuracy of their credit risk models – while also strengthening data privacy.”

Swimming in data, yet not a drop to drink

While data quality is not directly a "data privacy issue" in itself, the two issues are closely intertwined. Poor data quality can significantly limit an organization’s ability to protect customers’ personal information, a crucial factor in ensuring compliance with data privacy regulations like GDPR.

According to the latest estimates, more than 400 million terabytes of data is created each and every day. That’s a mind-blowing figure. What are the implications for insurance and banking leaders?

“The explosion of customer data is both powering – and, in some ways, overpowering – the insurance sector,” cautioned Franklin Manchester, Global Insurance Strategic Advisor at SAS. “While insurers are awash in data like never before, many of them recognize they still have a ways to go in terms of having clean, reliable data that they can effectively manage and protect. For those insurers, from reputational risk management perspective, the downside of trying to extract value from their customer data outweighs the upside. But for those firms that overcome their data and AI maturity challenges, the potential rewards are great. Recent research by IDC and SAS revealed that 50% of surveyed insurers ‘expect up to two times, and 41% over three to four times,’ return on AI investments.”

Insurers are not alone in their data quality and data integrity challenges. Banks face similar struggles with incomplete, inconsistent and inaccurate data that can put data privacy at risk.

“Banking is highly regulated and extremely risk-focused, where there are very complex problems to solve with high consequences for failure and very low fault tolerance,” said Stephen Greer, Advisory Industry Consultant in Financial Services at SAS. “In matters of data privacy, the consequences for lax data management can be steep. About half of all active MRAs [Matters Requiring Attention] in the US are for operational risks, a category where data management plays a large role.”

In the AI age, there’s no shortcutting data management. To optimally bolster data privacy, SAS advocates for a responsible data management framework that:

1. Ensures operational readiness controls and governance structures are in place;
2. Quickly escalates and remediates issues as they occur; and
3. Complies with all local regulations around the handling of sensitive data.

Can you put a price on data privacy?

This next perspective comes from Alena Tsishchanka, Senior Insurance Practice Leader at SAS, who offered this prediction late last year as SAS thought leaders shared their annual forecasts:

“In 2025, insurers intend to offer a bold new model: ‘Data for discounts.’ Customers who opt in will share personal information like health metrics, driving habits and spending patterns with carriers, who will fine-tune risk profiles to offer hyper-personalized pricing. For consumers who consent, lower costs await – but costs could climb for the privacy-conscientious. When the choice between data sharing or protecting private data directly impacts coverage affordability, consumers, carriers and regulators will have to decide: Can you put a price on privacy?”

No doubt that putting consumers to a decision between policy price and the risks of sharing personal data will come with incremental regulatory scrutiny. Nevertheless, these programs will provide consumers crucial choice regarding their data privacy, a trend that has been gaining momentum in financial services and beyond for some time.

And the question about putting a price on data privacy? While written for an insurance audience, it's equally pertinent to banks and other finserv firms. And leaders across financial services already know the price of data privacy is much more than the dollars and cents of protecting and adequately managing and governing customer data – or the fines and reputational damage incurred when data privacy is breached. Falling short of customers’ expectations in this area comes at the cost of trust that, once lost, is exceedingly hard to earn back.

The critical role of synthetic data in protecting data privacy

As Terisa Roberts noted, synthetic data generation is an aspect of GenAI that can help financial services organizations bolster data privacy. In fact, synthetic data generation has emerged as a game-changer in safeguarding sensitive information while enabling innovation.

Harry Keen, a synthetic data expert at SAS, put the technology into perspective:

“Many organizations already have stores of data that are critical for driving innovation with AI. But often that data is difficult to use securely because of its sensitive nature. That’s when organizations may turn to synthetic data – artificially created data that’s based on real-world datasets. Synthetic data puts a stop to the battle between privacy compliance and AI innovation.”

Brett Wujek, Senior Research and Development Manager at SAS, added additional context:

“Organizations need data to feed AI. However, very often organizations are restricted from using the data for AI development because of privacy issues. With synthetic data generation techniques, privacy concerns can be avoided by generating highly representative data that cannot be traced back to the real data. Moreover, synthetic data can be used to attain balance among all represented groups, which is critical to ensuring AI models are fair and unbiased.”

One area where financial services firms can immediately benefit from using synthetic data is marketing, according to Jonathan Moran, Head of MarTech Solutions Marketing at SAS:

"Marketers are drowning in data, but privacy concerns can restrict how they use it to help personalize and target customer communications. Synthetic data can help marketers expand customer audiences, augment data sets, and develop accurate and effective AI and machine learning models without exposing private, identifiable or restricted information therefore mitigating risks associated with real data."

Whether synthetic data is used for innovation, marketing, or for financial crimes detection, where modeling on rare events has long challenged financial firms, synthetic data will secure a significant role in both the AI and data privacy landscapes.

Making data-sharing a win-win

A parting thought: When banks and insurance companies ask their customers, context is everything. What’s in it for the customer?

SAS research shows that data sharing can be a win-win for consumers and finserv firms alike. For example, SAS’ Faces of Fraud consumer fraud study found that, among 13,500 people surveyed, 70% were willing to share more personal data with service providers in order to boost fraud protections.

In the realm of credit underwriting, a small but growing number of people are actively sharing their rent and utility payments data to build their credit scores. Increasing the collection and use of “alternative data” of this kind is a trend that could help increase global financial inclusion.

Safeguarding customers’ sensitive data with robust security and governance is first and foremost, always. But finding, and focusing on, the benefits to customers is also essential to creating data-driven service and decisioning models that foster trust and loyalty across the business.

Data privacy for the win!