New APRA guidelines published on September 2nd, 2013, ask banks and insurers to adopt the necessary steps to reduce their risk of data and warn businesses to be cautious when outsourcing the management of data.
Does this mean that insurers and banks have to depend on their own IT departments to obtain the information they require to comprehend their customers and be able to meet their demands?
For many people, the answer is “No”. The idea of asking an already stretched IT department to handle complex, special data requirements in addition to everything else they’re asked to handle could result in catastrophe. It may result in you being less than more.
What are the new guidelines?
The guidelines require businesses to be attentive to areas like data validation and putting place the correct business procedures in place to evaluate the ‘fitness to use’ prior to taking any action. This process is linked to controlling the quality of data and cleaning the information and processing to ensure it is accurate, consistent and completeness.
Although IT departments typically perform simple data analysis, a lot of organizations require a data partner to perform things like “fuzzy matching’ in order to eliminate duplicates and produce an all-encompassing view of customers. The companies can continue to maintain control by working with outside expertise to improve and correct their data. This can be done by using other sources to fill the gaps, dead flag records, or pinpoint those who have relocated or quit their positions.
The alignment between marketing and IT
Again, the necessity for IT and marketing to collaborate is emphasized in these guidelines, as they recommend that organizations establish general frameworks for managing data, which would allow marketing and IT to collaborate on goals and be backed by a unified business model.
How can you ensure that you are in compliance?
If you decide to outsource your personal data, you have to ensure that the data provider’s infrastructure is secure to the highest standards. Along with insisting on an in-depth audit, take an examination of how long they’ve been operating and their history of privacy breaches, and finally, how much importance they give to customer privacy and security of information.
This could mean choosing an Australian-based partner instead of one that is based in the United States. The option of hosting data locally, as opposed to cloud services provided by a few international software firms, will ensure that insurance and bank data stays within Australia the jurisdiction.
Data life-cycle management
When you look at the specifics in the guidance, they’re designed to reduce the chance of data management being faulty in the various phases of the life cycle of data.
It starts with the data capture. We’ve all experienced the issues caused by manually entering data, and a knowledgeable data analyst can assist in tackling these. Data capture also incorporates information feeds from both internal as well as external sources. You require sophisticated matching technology to interpret these feeds, resulting in one complete picture of the client.
The availability and timing of the event.
The necessity of speedy data is also highlighted within the guideline, a subject that poses a problem for many companies that rely upon their requests for data being prioritised by the overworked IT departments.
It is crucial for businesses to have the ability to analyse and access data about customers in a rapid way to comprehend, anticipate and address customer requirements at the right moment.
A fluid environment will assist in ensuring compliance is maintained prior to the requirements of the regulatory system.
Privacy and the new rules
The guidelines are inspired by changes to privacy regulations that are due to be implemented next year. Working with a data partner who is specialized will help in knowing how to work within the new guidelines.
If you’re working with internal resources and/or an external partner, you have to ensure you have the proper monitoring and control procedures in place, along with transparent policies and procedures that cover aspects like exception handling as well as data storage and disposal.
For instance, in Marketsoft, methods like encryption and de-identification of data mentioned in APRA guidelines are employed to ensure that strict controls are in place for customer data.
The bottom line is that these updated guidelines make business sense. If you are looking to outsource your data to enhance the quality of data validation or cleansing, in order to ensure rapid data delivery or any other aspect of the life-cycle of data that the document discusses, You must consider your data as a valuable asset it is, and partner with a trusted company, ensuring that you have the appropriate controls in place.
Discussion about this post