Stay Ahead With Linux Security News

privacy policyfinancial servicesinformation technology

Employee Training Is Essential For Effective Privacy Policies In Finance

The privacy policy is written and posted on a company's Web site. The 2002 privacy-policy notice, a complicated statement required of financial-services companies under the Gramm-Leach-Bliley Act, is in the mail. Top executives and perhaps even the board of directors have . . . . The privacy policy is written and posted on a company's Web site. The 2002 privacy-policy notice, a complicated statement required of financial-services companies under the Gramm-Leach-Bliley Act, is in the mail. Top executives and perhaps even the board of directors have reviewed the policy to make sure it will protect the company's good name. So it's mission accomplished on the privacy front. Or is it? Hardly. Privacy policies on Web sites and in mailings are just words. The hard part is backing them up with the employee training and information technology to make them work. Regulatory actions such as the Gramm-Leach-Bliley Act, which requires financial-services companies to notify customers of their information-sharing practices, have produced a mountain of mail for consumers and much moaning from banks about the cost, but they've done little to help customers understand or businesses enforce their privacy policies. "Many companies are still focused on the regulator's agenda. The ones that are more advanced are working on the customer's," says Leigh Williams, chief privacy officer at Fidelity Investments. So far, the companies making the extra effort and investment have been the exception. Privacy spending throughout the economy is hard to gauge, since it's generally mixed in among IT, training, and customer-support budgets, rather than broken out as a line item, even for internal budgeting. But Mike Beresik, national director of PricewaterhouseCoopers' privacy practice, says much of the spending has been focused on regulation compliance, with banks and other companies covered under the Gramm-Leach-Bliley Act spending far more than retail, entertainment, and consumer-goods companies. Financial-services companies last yearcollectively spent about $1 billion to prepare and mail privacy-policy statements required by that law, according to the American Bankers Association. That's not a huge number, given the size of the industry, and there hasn't been very much privacy-related spending beyond that. "Banks in the U.S. probably spend more on striping their parking lots," says Gartner analyst Richard DeLotto, who researches privacy issues. The link for this article located at InformationWeek is no longer available. . Privacy policies are crucial for data handling, yet often too complex and poorly communicated. Employee training is vital for compliance and data protection awareness. Privacy Policy Implementation, Financial Service Regulations, Employee Training Importance. . LinuxSecurity.com Team

Aug 20, 2002 • LinuxSecurity.com Team Privacy