Navigating the Data Privacy dilemma within Financial Services

By Vinicius Cardoso (pictured), CTO of Cloudera Australia and New Zealand

With data now widely acknowledged as the most valued currency in today’s digital landscape, many businesses within the Australian financial services industry are accelerating their efforts to extract measurable value and monetise their data. They are applying AI-driven analytics to derive insights and understand everything they can about the customer in the hopes of uncovering new audience profiles and revenue streams while also optimising operations and reducing marketing costs.

To do this, enterprises may be feeding personal and sensitive consumer data into Artificial Intelligence (AI) models, and here lies the challenge. While data is used to enhance the customer experience, organisations also face the added responsibility of keeping this information safe. Some are better at this than others. In fact, recent OAIC research showed that the financial sector reported the second-highest number of data breaches across Australia.

It comes as no surprise that the government is taking an active role in trying to increase operational resilience with the Australian Prudential Regulatory Authority’s (APRA) CPS 230 standard set to come into effect from 1 July 2025, where new requirements for risk management will be introduced.

The stakes have never been higher – the reputational, financial, legal and customer retention risks of mishandling data are too great to ignore. To navigate these changing regulatory demands and pave the way for future growth, organisations have no choice but to make strategic investments in data management solutions that enhance governance, risk and compliance.

Any large organisation that has significant brand value is extremely cautious about reputational risks if data is not properly managed. This is particularly true for highly regulated organisations such as financial institutions. Falling short of compliance or not adhering to regulations can result in lawsuits and long-term loss of brand loyalty.

Yet, the promise of new Gen AI applications and their potential value, coupled with the massive amount of personal data that organisations are looking to tap on, seem to be at odds with this privacy mandate. Financial services firms undoubtedly struggle with what appears to be a zero-sum game – whether to utilise the available data to elevate its offerings or dial back to avoid any risk of infringing on data privacy.

Integrating data privacy as a core business process – also known as privacy by design – can resolve this dilemma.

Implementing privacy by design involves embedding privacy measures into IT systems and business practices from the start. Enterprises must manage the entire data lifecycle, ensuring compliance with privacy regulations. This includes knowing what data they have, how it’s used, and securing it throughout its lifecycle.

To break it down further, here are some considerations when thinking about how to implement privacy by design strategies: 

1. Pin down a codified approach: A consistent approach to privacy should apply to all people, processes and technologies involved in managing data.
2. Proactive, not reactive: Use the time prior to making these data decisions to prepare (and embed) the privacy measures into the design of IT systems and business processes. This way, FSI can be resilient to changes and regulations as they appear.
3. KYD, KYI (Know Your Data, Know Your Intent): Whether organisations purchase, sell or gather data, they should know what information they have about their customers, how it has been retrieved, and what the intent is with the data at all times.
4. Take ownership of the entire data lifecycle: Articulate the guardrails governing the collection, management and utilisation of data. Strategies need to be evaluated for compliance with privacy regulations in the FSI market.
5. Deploy a modern data platform: A modern data platform can, for example, automatically identify and tag PII data a apply consistent security controls over it and across all of an organisation’s data so that FSI can rest assured that the sensitive data they are working with is being kept secure across environments – creating more freedom for innovation.

A secure data management platform enables the Financial Services industry to benefit from AI and data analytics without compromising privacy. This approach turns the data privacy challenge into an opportunity to demonstrate a commitment to personal data protection, not just for compliance, but because it’s the right thing to do.