(Reuters) - The Securities Industry and Financial Markets Association (SIFMA), a trade group for the U.S. financial industry, released a framework on Thursday aimed at ensuring customers’ private data remains safe when they give third parties access to it.
The group’s effort comes in the wake of a recent scandal relating to Facebook Inc. (FB.O), when the personal information of nearly 87 million people was improperly shared with political consultancy, Cambridge Analytica.
Third-party vendors deploy data aggregation software that collates customers’ financial information from multiple accounts and institutions onto a single platform.
While these applications help individuals make decisions on investments, they also expose their personal data to security risks, the Washington-based group said.
“The goal of the principles is to provide customers with safe and secure access to their data and protection of their confidential account information, along with assurances that data aggregators adhere to the same data and security standards followed by regulated financial institutions,” SIFMA president and chief executive, Kenneth Bentsen, said in a statement.
An area of focus in the SIFMA guidelines is promoting the use of application programming interfaces (API) and other technologies for more secure gathering of customer data.
Currently, many data aggregators require customers to submit their log-in credentials for their accounts. They then use the credentials to access the accounts so they can view their data through a single screen, leaving customers’ personal data vulnerable to be hacked, according to SIFMA.
On the other hand, API and other software make customer data available for the aggregator through an agreed-upon portal, without customers sharing their log-in credentials.
SIFMA’s framework for its members covers data access, security and responsibility, transparency and permission, and scope of access and use.
Reporting by Richard Leong in New York and Jim Finkle in Toronto; Editing by Bernadette Baum