2019 Privacy (GDPR, CCPA, GLBA) Survey (May 2019)

In recent years, there has been a large number of new laws and regulations in the data privacy space. Many institutions need to take into consideration multiple changing laws, e.g. General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Gramm-Leach-Bliley Act (GLBA) and translate those data privacy requirements to day-to-day practices. Each of the regulations focuses on protecting sensitive consumer data, which prompts financial institutions to ensure proper governance and manage customers’ demands and expectations, while also continuing to grow their position in the market.

The survey was conducted by The Risk Management Association (RMA) between February and March 2019 in preparation of the RMA Privacy Round Table scheduled for April 8, 2019 in Boston. Most of the questions were multiple choice with opportunities to provide comments. Some questions were open text and designed to provide information and insight about the current state of practices.

A total of 33 responses were received from a wide range of financial institutions including community, regional, and large banks headquartered in the United States.

  • Asset size below $10 billion: 7 responses.
  • Asset size between $10-50 billion: 12 responses.
  • Asset size between $50-100 billion: 4 responses.
  • Asset size over $100 billion: 10 responses.

Due to the number of low responses in each of the asset size categories and to prevent discoverability issues, this report will present the overall results.

The final report provides participants’ responses, while protecting the confidentiality of individual institutions by masking the source of the responses. You may view the executive summary (PDF) by clicking on the aforementioned link.

The full report is available only to those who have contributed to the survey.  For questions please contact Sylwia Czajkowska, Associate Director/OpRisk, (215)446-4071, sczajkowska@rmahq.org.