SBA publishes guidelines on handling data in day-to-day business
Trust in how data are handled will remain a success factor for the financial sector going forward. The Swiss Bankers Association (SBA) sees it as crucial for banks to ensure that the data entrusted to them are protected while at the same time taking advantage of the opportunities arising thanks to new technologies. With this in mind, and with the new Federal Act on Data Protection entering into force soon, a working group headed by the SBA has produced a set of guidelines on handling data. These guidelines shed light on general regulatory concepts relating to data processing with the aid of six different use cases from the banking business. They are intended to assist SBA members in their day-to-day data handling. In practice, however, correct data handling is not simply a matter of obeying the law. It must also be embedded in a company’s organisation, vision and strategy, as well as its treatment of staff, its culture and its technical infrastructure.
Driven by technological progress, changing customer needs and regulatory requirements, views on how data can and should be used and what forms of processing are permissible will inevitably continue to evolve. The growing quantity of data being collected digitally and new possibilities created as technology advances are increasing the potential for more systematic data processing that ensures data protection while also yielding valuable insights for banks. For example, banks can understand customers’ needs better and respond to them with innovative business models, make their internal processes more efficient and improve their risk management. All of this will ultimately result in better advice for customers.
The guidelines do not constitute a legal or ethical policy, nor do they define sector-wide minimum standards. Use cases that already play a major role in everyday banking business today or are set to do so in the future illustrate the principles discussed. The guidelines do not claim to be exhaustive. They will be periodically updated and expanded as necessary. Each individual financial institution is free to interpret and apply them in line with its own risk assessment.
Webinar on the guidelines