Home   News   Features   Interviews   Magazine Archive   Industry Awards  
Subscribe
Securites Lending Times logo
Leading the Way

Global Asset Servicing News and Commentary
≔ Menu
Securites Lending Times logo
Leading the Way

Global Asset Servicing News and Commentary
News by section
Subscribe
⨂ Close
  1. Home
  2. Technology news
  3. ITAS: TAs given stark warning on data security
Technology news

ITAS: TAs given stark warning on data security


01 March 2017 Luxembourg
Reporter: Stephanie Palmer

Generic business image for news article
Image: Shutterstock
Transfer agents must be aware of, and reactive to, the increasing importance of cyber security, according to William Long, partner at law firm Sidley Austin.

Speaking at ITAS Luxembourg, Long told attendees that every business represented in the room “will be affected by a cyber security incident”.

Coping with the fallout from a cyber security attack “can be extremely painful”, resulting in job losses, a direct impact on profits, and reputational damage and a subsequent dip in share prices.

When the EU’s General Data Protection Regulation (GDPR) comes into effect next year, a cyber breach could also lead to “mouth-wateringly large” fines, Long said, of up to 4 percent of annual global turnover, a deliberately “persuasive figure”.

The new regulation mandates a more controlled process around gaining consent to use a client’s data, introduces a right to object to automated data profiling and a right to erasure, meaning clients can, in some cases, request data to be deleted. It also introduces the potential for individuals to file damages claims in the case of a data breach, even for non-financial loss.

In the financial services space, Long said, firms will have to take a “privacy-by-design, privacy-by-default” approach to data, only collecting the minimum amount and building privacy into processed and procedures in an “antithesis to the world of big data”.

The new rules also mean that where a vendor processes data on behalf of an asset manager, “service agreements will have to be amended”.

To manage cyber risk and the impending new regulatory requirements, Long said risk mitigation is key. Firms should determine their risk profile and get procedures and policies in place to prepare for a data breach, clarifying what the “crown jewels” are, where they are, and who is looking after them.

“Frankly,” Long asked, “are they up to the job?” He advised attendees to first identify the relevant people to have on a breach response team, with coordination between human resources, IT, legal and governance teams.
← Previous technology article

ITAS: More fintech required for KYC
Next technology article →

Volante releases patch for Designer system
NO FEE, NO RISK
100% ON RETURNS If you invest in only one asset servicing news source this year, make sure it is your free subscription to Asset Servicing Times
Advertisement
Subscribe today
Knowledge base

Explore our extensive directory to find all the essential contacts you need

Visit our directory →
Glossary terms in this article
→ Default

Discover definitions, explanations and related news articles in our glossary

Visit our glossary →