Loss of data innocence increases focus on open banking data security
- 29 August, 2018 06:30
Businesses that gather consumer data must state, very clearly, exactly what a customer is opting into
With open banking set to roll out in New Zealand in the near future, a major focus for Payments NZ, as well as providers and consumers, is on data privacy and security.
The Cambridge Analytica scandal was a watershed moment in consumers' understanding of how their data can be used. It’s been a rude awakening, but this loss of data innocence is an important step towards a more sophisticated data economy.
What we can learn from the rest of the world
To consider how data privacy should be governed in New Zealand, we need to start by looking at how other countries are handling it.
In Australia, where open banking is set to roll out in the next 12 months, the productivity commission has called for the comprehensive right for consumers to access data held by one organisation and share it with another. The government in Australia is currently working through the appropriate model for data sharing.
In contrast, data sharing in the US is being led by the market and there are no proposals to legislate any open banking regime there.
In the UK, where open banking was launched in January, banks must create open APIs so customer data can be shared with authorised third-party applications in a secure, common and consistent format. This forces them to shift from being one-stop shops for financial services to open platforms where consumers can start to embrace a more modular approach.
It’s inevitable that open banking will hit New Zealand
Instead of having all banking through one provider, individuals and firms can have their current account with one provider and then bolt on other financial services such as insurance and mortgages, all under one user interface. Banks are required to provide transaction and product data to customers, who can then share it around with competitors, who will then to be able to share it around with fintechs.
The rest of the economy in the UK is watching how the banking sector implements open banking because the government has indicated other sectors will follow – energy, telecommunications, health and education.
In New Zealand, the open banking initiative would be the first implementation of what is known as a consumer data right. This would grant consumers open access to their data, as well as the ability to instruct a business to transfer their data to a third party through API-based secure transfer mechanisms. The intention is to make it easier for consumers to access, share, use and, importantly, derive value from their information as well as to foster a more competitive environment among banking providers and other associated businesses.
Keeping data safe
Open banking in New Zealand will encourage financial services to be distributed over platforms such as Xero. As we look towards this future reality we need to take into account the increased risk of cybersecurity breaches when considering the design of the open banking regime.
As a major player in the upcoming open banking movement, and particularly in the wake of the Cambridge Analytica scandal, I believe it is absolutely essential that businesses that gather consumer data state, very clearly, exactly what a customer is opting into.
It’s also important that consumers understand that the entity that provides the service to the end customer has the liability to keep data safe. That’s the banks, and other financial providers that handle the banks’ data.
It’s inevitable that open banking will hit New Zealand. When – not if – that happens, the business world will need to be ready to help every customers get the absolute best out of this technology, while keeping their data safe.
Nicole Buisson is small business director at Xero.
Get the latest on digital transformation: Sign up for CIO newsletters for regular updates on CIO news, career tips, views and events. Follow CIO New Zealand on Twitter:@cio_nz