Industry Solutions - Financial Services

Customer Highlight

In the name of risk mitigation one prominent financial services company stored “out-of-service” disk drives indefinitely in secure rooms in multiple data centers across the country.

These drives, many of which have residual economic value, contain data that simply can’t be allowed out of the building. As such, this customer not only had to forego the value of the drives (easily recoverable by returning the drives to the disk system vendor) but had to go to the added expense of having the drives physically destroyed onsite.

PeakData not only demonstrated how to securely erase the data from the drives (and certify the work drive-by-drive) but set up a process at multiple data centers around the country to do the work on an ongoing basis.

The result—a process that is totally secure and significantly less costly than before. In fact, recouping the economic value of the disk drives pays for the disk eradication process several times over saving an estimated $1 million per year.

In the last eight years alone, there have been eight new U.S. Federal laws targeting financial services entities. No wonder that financial services has become the most highly regulated sector. Much of this legislation focuses on the protection of non-public information (NPI) and personally identifiable information (PII). It should come as no surprise since major data breaches are an almost daily media event and identity theft is the fastest growing financial crime. Against this backdrop, even more legislation looms even as existing standards continue to evolve.

Existing regulations that have a bearing on the Financial Services sector include, but are not limited to:

Sarbanes-Oxley Act of 2002 – Section 404 of SOX mandates that publicly traded companies implement and maintain internal controls for the protection of corporate financial information, and for the timely detection of unauthorized access, insider abuse and unauthorized sharing of the information.
Gramm-Leach-Bliley Act – Section 501(b) of GLBA requires financial services companies to protect the confidentiality and integrity of NPI, and to ensure it is secure from unauthorized access.
The Fair Credit Reporting Act (FCRA) of 1971 regulates the credit reporting industry in the United States. Credit reporting agencies contain information on millions of individuals that is used every day in transactions, such as granting credit, underwriting insurance, and conducting pre-employment background checks. The FCRA was amended by the Fair and Accurate Credit Transactions Act (FACTA) in 2003.
Payment Card Industry (PCI) Data Security Standards (DSS) – a set of comprehensive requirements for enhancing payment account data security developed by the founding payment brands of the PCI Security Standards Council to help facilitate the broad adoption of consistent data security measures on a global basis. The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
Basel II: International Convergence of Capital Measurement and Capital Standards Framework – Sets out the details for measuring capital adequacy and the minimum standard to be achieved which the national supervisory authorities represented on the Committee will propose for adoption in their respective countries. This Framework and the standard it contains have been endorsed by the Central Bank Governors and Heads of Banking Supervision of the Group of Ten countries.

Making sense of these and other myriad regulations – all of which carry severe financial and legal penalties – must become every organization’s imperative. Helping you avoid the pitfalls of improperly managed data is certainly PeakData’s imperative.

We have helped numerous financial services firms identify and close gaps in compliance with respect to their information storage practices – gaps that would otherwise have exposed them to unnecessary risk and financial damage.

We have helped our customers understand that the data on every disk drive or other storage media is their responsibility, essentially forever, regardless of which third party has taken physical possession. But they can also protect themselves from litigation, regulatory fines and customer notification expenses and do so cost-effectively, without disrupting their ongoing IT operations.

Our industry-leading people, processes and tools have helped some of the world’s leading financial enterprises. How can we help you?