Keeping client's data secure

30 May 2018

With the recent GDPR bringing data to the forefront, Kerry Nelson gives five tips on defending your clients’ information

gdpr

TECH TALK

HOW TO PROTECT YOUR CLIENTS’ DATA

Advisers can bring additional value to clients by helping them ensure security of their data, says Kerry Nelson

We have yet to see any high profile breaches of client data hitting adviser firms. But with data protection, data breaches and concerns about data misuse hitting the headlines, how should advisers position themselves?

It is something that we have been considering for some time at Nexus. Among other things, we believe that advisers should be aiming for the highest standards of data protection and data management – and we believe that would still apply even without the GDPR coming into force later this month.

Of course, the GDPR provides a very useful framework and this is forefront in our minds, but firms need to look at the broader context too. Below we set out the key questions and, where we have them, the answers we have been using to inform our strategy.

How should advisers be positioned for GDPR?

The GDPR is any adviser’s biggest immediate data challenge. We have reviewed our own data systems and are in the process of updating our communications with clients, consulting with them on how we can use their data. Given that we do not bombard them with email marketing, it is proving reasonably straightforward. The hardest part of the GDPR will prove to be managing data between firms, so how we share data with platforms, pension providers, insurers and back office software providers. Adviser firms should not simply take any changes on trust; data use should now be a factor in any recommendation process. Our goal ultimately – say six months into the GDPR process – is to position ourselves at the centre of things where we are rating our partner firms’ data processes alongside their fund performance and service standards.

How secure are client email communications?

We have been testing a secure email and password system, Beyond Encryption, which gives an increased level of protection to our communications. One of the biggest challenges has been convincing clients to embrace the system, but after a few months of persuasion we have everyone on board. It also demonstrates to new clients how serious we are about data security.

What about data breaches?

Advisers can’t protect clients against everything. If a client’s bank account is hacked as part of a more general breach, there is not a huge amount an adviser can do in terms of prevention. However, we should be prepared to help with advice on any kind of breach including how to complain and seek compensation if necessary, and what clients should subsequently do to try to make passwords secure including those governing access to the services we provide. Be proactive and help clients establish good data habits.

What about the furore on social media?

It is clear that Facebook has not been following the highest standards when it comes to client data. No-one is an island, so it is something we have been giving a lot of thought to. We use a range of social media, but where possible have decided to restrict how our data can be used unless there is a clear benefit. We will be suggesting the same approach to our clients. Although concerns about micro-targeting are largely confined to the political arena so far, we are maintaining a watching brief. We are not going to tell clients to come off Facebook or Twitter but will suggest they understand just how much data is being held. With the GDPR, we expect regulation will begin to bite. We certainly hope so.

What about artificial intelligence (AI)?

We are a reasonably small firm like many of our peers so there are limits to how much we can get under the bonnet of AI. We know that many financial services businesses are embracing this. We can see how understanding the customer and the client could be a boon – reducing costs and providing a better, more appropriate service. But we also have concerns about its potential abuse. We hope that the GDPR deals with many of these matters. But at the very least, we want to see policies from financial firms that clearly outline how AI will be used fairly and in clients’ interest. Advisers may be able to play a role in keeping firms on their toes.

Kerry Nelson is managing director of Nexus Independent Financial Advisers

Related Topics