Privacy First Onboarding Guide

The increased use of personal data and the ever-evolving threat landscape have led to the aggressive acceleration of modern privacy regulations, including consumer awareness and demand for privacy. However, organisations must approach privacy as a business practice and enabler to succeed in the digital landscape, not just a regulatory requirement.

This guide analyses the global digital landscape and details critical onboarding and verification risks.

1. The digital landscape

2. The regulation landscape

3. Data Storage

4. Data localization

5. Human analyst intervention

This guide also explores why these privacy risks matter, how to prevent them from happening in your verification flow, and how Data Zoo can help.

Introduction

Across the globe, privacy has become an increasingly important practice for all industries and business types. Whether your organisation is a global payments enterprise or a local trading startup, privacy regulations impact how you process customer data.

While international privacy and data protection initiatives have existed since 1973, the continuous strengthening of modern regulations has introduced new complexities. In fact, the privacy space has evolved more in the past couple of years than in the 50 years before that.

As organisations navigate the digital landscape, the way they interact with customers is changing and being impacted. This is a result of multiple external factors, such as the increased prevalence and sophistication of cyberattacks, the acceleration of modern privacy regulations, and the evolving customer demands for privacy.

In reality, privacy is more than just a regulatory requirement - it is an opportunity to build trust and drive growth. Organisations that take a proactive approach beyond regular compliance create financial value in their brand; 35% of customers are more willing to share their data; 57% will purchase new or premium products; 43% will stay loyal when something goes wrong; 61% will recommend it to others.

According to the 2022 Edelman Special Report: Trust in Technology, 73% of respondents are worried about their data privacy, and over 70% worry about cybersecurity.

The digital landscape

Over the past decade, and with the acceleration of the global pandemic, the adoption of cloud technologies has increased. Specifically, organisations are shifting to hybrid and multi-cloud environments, taking advantage of their improved agility and flexibility. Unfortunately, as these cloud environments grow and become more complex, they can create multiple business risks and challenges - IBM states that nearly half of all data breaches happen in the cloud.

What’s more, global organisations are the main target for cyberattacks. This is because the amount of data they collect through digital onboarding and verification has grown exponentially, coupled with the sensitive information processed and stored across multiple services and geographic regions, opening the door to vulnerabilities.

This was evident in 2022 as we saw an increase in global cyberattacks, including multiple large-scale personal data breaches, such as DoorDash, Cypto.com and Revolut. In addition, Australia recently experienced a spate of high-profile breaches (including Optus and Medibank). In most cases, these breaches resulted from an attacker exploiting their vulnerabilities and exfiltrating a database of user records.

The impact of data breaches

For 83% of companies, it’s not if a data breach will happen but when.

As the number of breaches worldwide continues to increase, a recent IBM report found that the associated costs continued to climb in parallel. Last year, the report recorded the highest global cost increase incurred by data breaches over all the previous years. The average total cost of a breach in the financial industry saw a rise from USD 5.72 million in 2021 to USD 5.97 million in 2022, an increase of USD 0.25 million or 4.4%.

All too commonly, organisations focus on this initial financial impact and the legal ramifications of a data breach. However, a study by the Ponemon Institute and Centrify discovered that the true cost of a data breach extends far beyond fines and sanctions - highlighting long-term impacts such as reputational harm and loss of customer trust. In fact, the study found that 65% of customers impacted by a breach lost trust in the organisation. Even worse, 27% chose to discontinue their relationship permanently. As a result, these companies underperformed the NASDAQ by 8.6% one year after their breach, and after three years, they underperformed the NASDAQ by 15.6% on average.

Companies are exposed from all directions.

A Forrester report found that 65% of organisations had at least one breach in the past 12 months. Surprisingly, for those that experienced a breach: 29% of these were attributed to external attacks, 20% to internal incidents, 18% to third-party incidents, and 17% to lost or stolen assets.

The regulation landscape

As the operations of organisations become more complex and given the ever-evolving threat landscape, the expansion of data protection laws is accelerating. Since the introduction of General Data Protection (May 2018), privacy regulations across the globe have continued to develop aggressively - both in terms of depth and geography.

Countries such as China, India and the United States (fragmented by state) have introduced new legislation in an attempt to modernise their privacy regulations and join the new data economy. Furthermore, Gartner predicts that by year-end 2024, 75% of the world’s population will have its personal data covered under modern privacy regulations.

The continuous strengthening of privacy laws across the globe is not expected to stop anytime soon. In contrast, as existing modern privacy laws mature, regulators are introducing more complex changes, including increasing the frequency and impact of enforcement actions. For example, modern privacy laws such as the GDPR have introduced significant penalties and fines for violations. As a result, GDPR fines exceeded €2.8 billion in the last 12 months, nearly double the total for 2018-2021 as a whole.

How Data Zoo Can Help

10 Stay current with global regulations. Data Zoo’s ecosystem is certified and adheres to the highest industry standards and regulations around the world. We understand the difference between being compliant (self-audited) and certified (audited by independent third-party auditors).

Protect your customers’ data and privacy. Our ecosystem is designed to onboard and verify customers with privacy top of mind. We do not store any PII after the verification process, nor do we sell/ transfer it to any third party for primary or secondary unrelated reasons. In addition, we comply with and adopt local regulation best practices, such as GDPR and CCPA, for the management and handling of PII.

Process data locally. The Data Zoo servers are located around the world (EU, US, CA, AU, SG, NZ) to ensure that data is always processed within the legal jurisdiction. If a client requires any additional servers, we can set them up on demand in any country within 3 weeks.

Eliminate data handling risks. Human analysts create risks from a data-handling perspective, including unnecessary friction. Data Zoo replaces these slow, manual and risky processes with a real-time and automated solution to ensure the protection and localisation of customer data.

Utilise trusted third-parties. Before integrating any third-party service provider or data source, we perform a rigorous due diligence process, including a vendor security assessment to ensure compliance with data privacy and security laws.