Data Governance & Privacy

Session from the November 19-20, 2024 OpenFinity Expo

Video replay and slides available here:

Link to the video replay.

Session Description:

This presentation, delivered by Zoe from the Future of Privacy Forum, focuses on the new data governance requirements of the rule on data providers, 3rg parties, and aggregators, with a focus on risk management and privacy. 

It covers: 

• Foundational compliance for all parties, including how to evaluate and administer roles and responsibilities, risks and controls, due diligence, contract negotiations and management, and oversight of each other and vendors; 

  
  

• Pain points between the parties and how to navigate them; 

• How to understand and implement new privacy requirements for third parties relating to the collection, use and retention of customer data

Samples from the presentation

Key Takeaways:

1. Foundational Compliance Framework:

   • Emphasis on evaluating roles and responsibilities, establishing robust controls, and performing due diligence.

   • Contract negotiation and vendor oversight are critical for managing risk and ensuring compliance.

2. Data Provider Obligations:

   • Providers must implement standardized APIs for secure data transfer, replacing insecure practices like screen scraping.

   • Policies must ensure proper authentication, performance, and security standards for data sharing.

3. Third-Party Obligations:

   • New privacy requirements focus on minimizing data collection, proper usage, and clear retention policies.

   • Compliance involves obtaining explicit consumer authorization and adhering to strict security protocols.

4. Risk Management:

   • Providers and third parties are tasked with assessing risks based on clear policies and procedures.

   • Denials for access must be justified, reasonable, and non-discriminatory, aligning with established risk management frameworks.

5. Navigating Pain Points:

   • Challenges between stakeholders include defining accountability, ensuring effective communication, and resolving disagreements over risk assessments.

   • A collaborative approach with clear contracts and expectations is essential for operational harmony.

6. Privacy and Consumer Focus:

   • Privacy enhancements aim to empower consumers by securing their data and providing transparency about its usage.

   • Regulations encourage practices that build consumer trust while supporting innovation in open finance.

7. Implementation Challenges:

   • Entities must address operational hurdles, including API readiness, regulatory compliance timelines (2026–2030), and the transition from outdated methods.

   • Collaboration with industry-standard bodies and regulatory guidance can facilitate smoother adaptation.

     
     

Implications:

This framework underscores the importance of balancing innovation with consumer protection. Stakeholders must work together to establish clear governance practices, uphold privacy rights, and mitigate risks, ensuring a secure and sustainable ecosystem for open finance.