Data Privacy Spotlight: How Do Financial Services Brands Fare?
Financial Services companies handle substantial amounts of consumer data every single day. They collect, process and store this data, a great deal of which is considered sensitive data, making this industry a perfect fit for our first Data Privacy Spotlight.
As the saying goes, “with great power comes great responsibility.” For Financial Services companies (and those leveraging data from them) it is especially important to ensure that the right steps are taken when it comes to protecting their customers’ sensitive data. As additional state privacy regulations are released and we get closer and closer to the expected deprecation of third-party cookies, it is crucial that these organizations invest time and resources into data privacy.
To start, many have begun to hire privacy professionals to oversee the organization’s operations and ensure that they are aligned to key principles of data privacy. Consider the findings from TRU Staffing Partner’s 2022 Data Privacy Jobs Report stating a 30% YOY increase in demand for privacy professionals; data privacy stewardship roles are becoming more and more important.
While hiring privacy professionals to create controls and establish processes to mitigate risk is a great first step, this is just one piece of an overarching data privacy strategy that takes into account the organization’s purpose and all the specifics that make its business unique.
To help support companies across the advertising ecosystem with this undertaking, we created the Neutronian Data Privacy Scores (also referred to as DPS). Designed to be used by brands and agencies, data providers, publishers and platforms, Data Privacy Scores can be leveraged in various ways to assess current data privacy practices and identify opportunities for refinement. Read on to learn more about the key principles behind the scores and see examples of the kinds of practices that result in a high vs. a low score.
Key Principles of Neutronian Data Privacy Scores
Article 5 of the GDPR says personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject. Born from these principles, Neutronian Data Privacy Scores examine how a company is handling privacy compliance and respecting consumers’ rights. The scores provide the following benefits to the advertising and marketing ecosystem:
- Trust through increased transparency into a company’s data privacy practices
- Clarity to make partner decisions and campaign optimizations that take into account data privacy signals in addition to performance
- Guidance on privacy-led best practices that your organization can implement and that you can leverage for your partner due diligence process
Lessons From The Best Of The Best
Neutronian’s goal in creating the Data Privacy Scores was not only to increase transparency but also to highlight best practices from companies that are going above and beyond the basic requirements of legal compliance. In the Financial Services industry vertical, two companies demonstrating examples of data privacy best practices are S&P Global and TransUnion. Let’s take a closer look at the factors driving their high scores, beginning with S&P Global.
Scoring well across the board, S&P Global scored particularly high in Consent & Compliance due to the fact that they make it easy for an individual to access privacy related information and exercise their subject access rights. Also contributing to their high score is the layout of their privacy policy with features like expandable sub-sections by topic that make it easy to navigate to the information that you are looking for. Lastly, a link to their “do not sell” request form can be found right in their website footer, again making it easy for someone to find what they are looking for.
Moving on to TransUnion, we found their privacy policy to be more transparent than the industry standard when it comes to sharing details on data collection and usage; an important item to call out considering the sensitive types of data they are handling. In this policy, for each type of data they collect, they explain the purpose for collecting that data and share details on the types of companies they may share that data with, illustrating a great best practice example for data disclosures.
Now you might be asking, what are some things that can result in a lower score? Using a large bank that scored in the average tier for the vertical, we can provide examples of the factors that negatively impact a company’s DPS. Note: We’ve removed the name of the organization purposely to adhere to our mantra of highlighting the good versus naming and shaming the not so good. More important than the company’s identity is what can be learned about how to improve data privacy policies and practices.
In this example, the large bank scores the lowest in the Data Disclosures category followed by Privacy & Compliance. In order to view their privacy policy, you have to download it as a PDF from their website and to exercise any of your data subject access rights, they instruct you to call a toll-free number, both examples of the company putting unnecessary burden on the individual.
Now it is expected that one organization’s privacy policy will differ from the next as they should be developed to align with the overall privacy strategy for that specific organization. However, all policies should have the same commonalities of transparent language and easy-to-follow instructions creating a positive user experience which was not demonstrated in this example.
An additional item to call out for this example is the fact that the company does not appear to be keeping up with U.S. state privacy regulations as their privacy policy only references 2 of the 4 (soon to be 5) active state regulations and an individual’s rights under those laws. With more and more privacy regulations going into effect in 2024, it is critical for companies to stay on top of this in order to avoid costly fines and litigation.
Key Takeaways
Data Privacy Should Be Transparent.
Organizations that prioritize data privacy go above and beyond basic compliance. These companies are doing their part to protect sensitive data and respect consumers’ rights. However, prioritizing data privacy and taking actions to implement data privacy best practices is just the first step. It is just as important for those practices to be put into clear and concise language that can easily be understood by anyone that may come across it. Remember the saying “make it clear enough that your Grandma would understand it”? Use this as your guiding light and be sure that even someone like your Grandma (i.e., a non-AdTech/ MarTech industry veteran) would be able to understand why you are collecting their data and how to take action if they choose to opt-out or exercise any of their other data subject rights.
Everyone Has A Role In Risk Mitigation.
As more and more processes within an organization take into account data privacy concerns (e.g., evaluating a new data partner or performing due diligence during vendor selection, etc.), risk mitigation and due diligence becomes increasingly important. Neutronian Data Privacy Scores add trust and clarity into these processes by providing independent, third-party verification that gives all parties involved access to the same information and makes due diligence easier.
Data Privacy Is More Than Just A Privacy Policy.
Data privacy is not a one-and-done task that can be addressed and then simply checked off the to-do list. A privacy policy is just one piece of a larger data privacy strategy that takes into account the business needs, provides a good user experience and abides by privacy regulations. Once the data privacy strategy is developed and implemented, ongoing monitoring and updating will be necessary. Neutronian Data Privacy Scores are published quarterly to help you keep up with the ever-changing regulatory policies and industry best practices as you manage your data privacy strategy.
Learn More
Data Privacy Scores can be used for partner evaluation, inventory curation, campaign optimization and analysis. To learn more, download one of our use case documents.