California first-ever extensive consumer privacy law passed in the United States – California Consumer Protection And Privacy Act (CCPA) – Went into force on 1st of this month
Similar to the EU data protection act GDPR, the California privacy act also granted consumers to know about the organization’s privacy practices as well as the right to edit, delete view and prevent companies from selling their personal data.
CCPA has bounded financial institutions like bank, as the regulators are focusing on in-depth standardization, banks should outline their data privacy practice and should be reviewed in account & interacted with laws like GDPR & CCPA. In addition, the practices should have complied with Federal Deposit Insurance Corporation’s (FDIC) 370 & record consent.
Yatsko, senior director of compliance at DocuSign – from a regulatory standpoint there are over two embarrassing factors that are impacting data in either way. Privacy regulations are becoming highly addictive across the globe.
GDPR focusing more on data privacy-lifecycle and outline what happens to data once consumer click on “I agree“. Many US regulations refer to a standard defined by the National Institute Of Standards And Technology (NIST) – Special Publication 863.
Financial institutions that are supporting businesses need to understand the life-cycle of data collection & processing. Being able to understand where data is being collected, where & how is it processed is itself a critical situation. From an identity collection view, the institutions that are supporting businesses need to provide a strong proofing to the individual consumers & give them the right to understand how their digital identity is being processed per session. Identification is stand to be one side event but processing data happens in each and every event occurred.
To solve the issue of controlling what data is missing from which system – FDIC 370 establishes what are the requirements to perform the gap analysis between business and financial institutions.