Privacy is having a moment.
Following an incessant flow of data breaches and the unauthorised release of personal information in recent years, governments across the world have created new legislative and regulatory regimes designed to protect consumers.
While not directed explicitly at financial services, the sector – as custodian of some of the most sensitive personal information – has inevitably been drawn into the process.
In Europe, for example, the 2018 General Data Protection Regulation (GDPR) regime has imposed stringent “protocols for how businesses and other organizations handle the information relating to the individuals who interact with them”, according to the official ‘user-friendly’ guide on the rules.
“GDPR also brought in new definitions of personal data, consent types, accountability standards, and the roles involved in decision making, interpreting, and processing the data,” the guide says.
Eurozone financial firms have since developed a raft of privacy measures to protect client data from external breaches but also to give end customers greater control over how organisations treat their personal information. Companies based outside the region must also follow GDPR rules when dealing with European customers: in effect, making GDPR a global de facto privacy standard.
But in NZ, the privacy push has a local flavour, too, following the introduction of new Privacy Act legislation in 2020.
According to Mark Carver, newly appointed principal at consultancy firm Mosaic Financial Services Infrastructure, privacy is now a core competency for public-facing businesses such as financial services operations.
“But getting privacy settings right is not just about compliance,” Carver said. “Well thought-out privacy policies and processes can give clients greater confidence in sharing information and establish your business as a trusted brand.”
He said businesses benefit most by adopting ‘privacy-by-design’ principles, which puts the concept at the heart of client relationship management.
An experienced subject-matter specialist, Carver joined Mosaic last month to help meet growing demand for a more structured approach to privacy in the financial industry.
And one of his first moves was to line up a series of international standard-approved privacy training courses targeting different levels of experience and need.
Slated to begin in August, Mosaic has three two-day courses booked for this year: two covering the Certified Information Privacy Technologist (CIPT) certification; and, one offering Certified Information Privacy Manager (CIPM) training.
Carver said the CIPT course tends to have a broader appeal, targeting “people who design and implement privacy as part of all projects or creation of processes in an organisation”.
“The other interesting aspect of the CIPT course is it helps people develop skills and potential new roles in the field of privacy engineering and the growing privacy technology sector,” he said.
Meanwhile, the CIPM is the more-specialised course, likely to appeal to privacy officers or legal team members.
He said the CIPM training tends to attract senior staff concerned “with operational policies, processes and risk functions that assist with not only meeting compliance requirements but wider risk management frameworks”.
“The CIPM course is more about describing good practice through the use of privacy models and practices as opposed to specific legislation, it does go into likes of GDPR but more to explain a point,” Carver said.
Both courses are approved by the International Association of Privacy Professionals (IAPP) – the global industry body for the fast-growing niche.
Mosaic kicks off the privacy courses in Wellington early in August with Auckland hosting two subsequent courses in September and November.
For further publicly available information on the Mosaic courses click here.