In recent years, there has been a
large number of new laws and regulations in the data privacy space. Many
institutions need to take into consideration multiple changing laws, e.g.
General Data Protection Regulation (GDPR), California Consumer Privacy Act
(CCPA), Gramm-Leach-Bliley Act (GLBA) and translate those data privacy
requirements to day-to-day practices. Each of the regulations focuses on
protecting sensitive consumer data, which prompts financial institutions to
ensure proper governance and manage customers’ demands and expectations, while
also continuing to grow their position in the market.
The survey was conducted by The
Risk Management Association (RMA) between February and March 2019 in
preparation of the RMA Privacy Round Table scheduled for April 8, 2019 in
Boston. Most of the questions were multiple choice with opportunities to provide
comments. Some questions were open text and designed to provide information and
insight about the current state of practices.
A total of 33 responses were
received from a wide range of financial institutions including community,
regional, and large banks headquartered in the United States.
-
Asset size below $10 billion: 7 responses.
- Asset size between $10-50 billion: 12 responses.
- Asset size between $50-100 billion: 4 responses.
- Asset size over $100 billion: 10 responses.
Due to the number of low
responses in each of the asset size categories and to prevent discoverability
issues, this report will present the overall results.
The final report provides
participants’ responses, while protecting the confidentiality of individual
institutions by masking the source of the responses. You may view the executive summary (PDF) by clicking on the
aforementioned link.
The full report is available
only to those who have contributed to the survey. For questions please
contact Sylwia Czajkowska, Associate Director/OpRisk, (215)446-4071, sczajkowska@rmahq.org.