In the financial services industry, the protection of customer data and internal financial statements is non-negotiable. With rising customer security sensitivity, motivated attackers, and an increasingly complex legal and regulatory environment, data needs to be protected at all times — while it is stored, transmitted and viewed.
An important part of a comprehensive data protection strategy is ensuring visual privacy — the protection of data from people who may be able to view the screen of employees or customers. Visual privacy is often overlooked but it is a critical layer in protecting data from exposure. The need for visual privacy has increased substantially over the past few years. Consider the following:
Any comprehensive approach to safeguard data must include protecting that data while it is displayed on a screen. Visual privacy is critical to both protect information and to build a case of “due care” for auditors and regulators. A comprehensive protection strategy has to address the entire data lifecycle: entry, transmission, storage, use, display and disposal.
The information security industry has long recognized the importance of visual privacy. For example, passwords are typically masked as they are entered into an application or website. This need has been specifically called out for financial services. The Federal Trade Commission guidelines for complying with the Gramm-Leach-Bliley Act (GLBA) require “using password- activated screen savers to lock employee computers after a period of inactivity.” For financial services organizations the range of sensitive data that is entered, processed and viewed goes far beyond passwords, and steps must be taken to protect that data from opportunistic observers.
The GLBA specifically calls out the need for “administrative, technical and physical safeguards” to keep customer financial data safe from exposure to unauthorized third parties. Some companies have tried angling cubes/monitors in public areas or isolating computers that will have sensitive information to try to keep visual data safe. A privacy filter is a tool that gives organizations more flexibility to place workers where they want and need to be, maximizing productivity. Privacy filters go further in that they help protect data from side views for individuals who might enter what is considered a protected space.
3M, a leader in this category, offers a range of privacy filters which effectively block out side views, help reduce the risk of data exposure and protect an organization’s most valuable resource: its data. 3M™ Privacy Filters come in a range of sizes and styles to protect laptops, desktops and even smartphones. For more information visit: http://www.3Mscreens.com.
Privacy and Compliance in Financial Institutions: An Overview
Financial services organizations have seen a rise in regulatory and compliance standards around customer and corporate data. While controls may be in place to defend this information as it is stored and transmitted, security is equally important for data as it is entered, processed and viewed. Some important laws/standards to consider are:
Gramm-Leach-Bliley Act (GLBA):
The GLBA, signed into law in 1999, requires financial institutions to define a privacy policy for customer data and to put reasonable safeguards in place to protect that data. At some point, much of this data will be displayed on employee screens.
Breach notification laws: Currently, 47 states require that a customer be notified if a company suspects that his/her personally identifiable information (PII) has been exposed to an unauthorized third party.
Payment Card Industry Data Security
Standard (PCI DSS): Defines procedures for keeping payment card information secure. The PCI DSS is under constant revision and is being adapted to cover a wide range of threats.
Other standards/laws: Other laws and standards such as ISO 27001, ISO 27002, and Sarbanes Oxley have direct implications for data confidentiality. In practice, the litmus test of “due care” is being recalibrated to include protection beyond data storage and transmission.
Did you know?
1Mobile Worker Population 2011-2015 forecast, IDC Worldwide, 2012.
2The Annual Mobile Industry Numbers & Stats Blog, Communities Dominate Brands, 2013.
3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.