It goes without saying that technological advancement has come with a slew of risks attached. This is particularly true where financial technology (fintech) is concerned.
Symbolic of privacy and data protection’s growing importance is the change in the name of the authority dealing with these issues in Israel—from the Israeli Law, Information, and Technology Authority (ILITA) to the Privacy Protection Authority (“PPA“). This change is reflective of the core issue when dealing with information which is privacy. The PPA aims not only to enforce laws, but also to educate people of their rights in this field.
In mid-2017, the Privacy Protection Regulations (Data Security) 2017, coming into effect in May 2018, were promulgated. In addition, the PPA released a number of guidelines and clarifications, aimed at elucidating the duties of various parties with access to private information, and signaling the intention of the PPA to increase enforcement efforts.
The Data Security Regulations impose differing compliance requirements based on the sub-category to which the database falls into— managed by databases with individuals, or with basic, medium, and high-level security requirements. One of the key features of the Data Security Regulation is that it imposes a duty on each database owner to think about data and privacy and to review and classify the data each database retains.
This change in the domestic regulatory landscape follows alongside the GDPR regulations coming into effect in May 2018, which will affect many Israeli companies.
This is especially true for fintech companies that are heavily dependent on data and new big data models of obtaining information and giving value proposition to their users. Many fintech companies collect and process vast amounts of data in order to provide financial services quickly and inexpensively. Much of this data is highly sensitive personal information, such as date of birth, social security number, bank account details, online banking credentials, and credit score. The sheer volume of the information increases its sensitivity, because over time a fintech company may generate a very detailed and complete picture of an individual. As a result, data security and compliance with applicable privacy legislation are of critical importance.
Here are four privacy and security tips for fintech companies:
A company can never be too thorough with regard to data security. It’s important to create clear and transparent policies internally. This way, companies can be effective custodians of their clients’ data, under an agreement that is clearly understood by both parties, while simultaneously mitigating their own legal exposure.
Following these simple guidelines can save a lot of trouble down the road. Make your terms and conditions clearly visible on your home page, and be sure to include an active acceptance of those terms, such as a required check box.
Finally, be sure your terms and conditions remain in compliance with all legal particulars governing the industry in which you operate. This is a huge one, in importance and in complexity, but the alternative is much less appealing.
The future of fintech and privacy is not without challenges. By keeping up-to-date with regulations, and monitoring the way your business handles data, you can improve the experience of your clients and stay on the right side of the law.
Adv. Anat Even-Chen is a Partner at our Regulation team. Anat leads the regulation practice at Barnea, providing legal counsel to local and international clients on all regulatory issues.