Freely subscribe to our NEWSLETTER

The study, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry, was compiled from interviews with chief information security officers, chief security officers, chief privacy officers or executives with equivalent responsibilities from 80 multinational financial services organizations. The findings revealed areas of vulnerability or non-compliance such as 83 percent of financial service companies surveyed using real data in the development and testing of applications. A majority of these organizations do not take appropriates steps to protect this confidential and sensitive information.

“A single intrusion that compromises private data such as credit card numbers, Social Security Numbers, or other financial data can cause immense damage to an enterprise’s reputation, not to mention initiating lawsuits and regulatory fines that can have long-term impact,” said Noel Yuhanna in the September 2009 Forrester Research report: Your Enterprise Database Security Strategy 2010. “Database security is the last line of defense, so it deserves greater focus on the protection of private data from both internal and external attacks than IT pros have traditionally given it.”

In addition to this area of vulnerability, the Ponemon study found other commonly overlooked areas of risk to data security, including:

• Identity compliance procedures (used by only 56 percent of companies surveyed);

• Intrusion detection systems (used by only 47 percent of companies surveyed);

• Data loss prevention (DLP) technology (used by only 41 percent of companies surveyed); and

• Social Security Number usage (88 percent of those surveyed still use this as a primary identifier).

The report also found that while 60 percent of organizations have a chief privacy officer, 50 percent of them report that they have insufficient resources to accomplish their goals and objectives.

“One of the most important things a company can do to assure their future success is to plug the holes in their security policies that were demonstrated in this study,” said Larry Ponemon PhD., Ponemon Institute. “While there is a great deal of progress being made, there is still a long way to go.”
Compuware Data Privacy solutions provide security in both the test and production environments. Compuware offers a complete data privacy solution to help companies protect their critically sensitive information by making it possible to encrypt, scramble, translate, generate, age, analyze and validate test data. The solution also allows efficient recording of authorized internal activity between users and the application, protecting data against internal attacks.

“Safeguarding customer data is the best approach for financial services and other organizations to retain valuable customers, protect the company’s reputation, and avoid negative regulatory impacts,” said Rose Rowe, Vice President, Mainframe Strategy. “Compuware’s Data Privacy solutions help the world’s leading financial institutions ensure that their IT teams can effectively test important business applications while still upholding the trust that consumers place in their business.”

The Privacy and Data Protection Practices: Benchmark Study of the Financial Services Industry study was a three month project ending in October, 2009. The benchmark survey instrument was designed to collect descriptive information about the privacy and data protection practices of financial services companies. In total, 80 companies were selected for analysis in the report based on organizational size—more than 500 employees. The companies represented are mostly large financial, multi-national business organizations based in North America and included banking, investment, brokerage, insurance, credit card and mortgage organizations.