ESTABLISH CUSTOMER IDENTITY, DATA PRIVACY AND SECURITY STANDARD

We encourage the development, use and implementation, as relevant to market standards and in accordance with applicable laws and regulations, of customer identity and authentication systems by DFS providers. We promote the responsible use of data and practice of data management, including back-end technology infrastructure and/or other mechanisms to protect the privacy and security of customer data and help strengthen approaches for informed customer consent. We encourage the assessment of risk to both customers and providers in adopting various approaches and technologies.

  • Encourage and support the development and use of customer identity and authentication systems for
    KYC/AML as relevant.
  • Promote and support customers’ personal data privacy rights, as well as informing customers about those
    rights, including which data will be collected or shared, when, with whom, for what purpose, for how long and
    with which associated risks.
  • Strengthen approaches for informed consent. For example, to use customer data only for the purpose
    specified at the time the information is collected, unless explicitly agreed with and understood by the
    consumer.
  • Mitigate consumer risks such as data/analytics which could be used for explicit discriminatory purposes.
  • Encourage and support investees to collect consumer data on an opt-in basis. If applicable, to strive for a
    balance between consumer-controlled vs. provider-proprietary data. Increasing customers’ control and use of
    their digital data record could reduce the need for different lenders to collect extensive personal data.
    4
  • Collaborate with investees, other investors and other stakeholders to develop new data use standards for
    digital credit which are consumer-friendly and enhance competition, for example (CGAP 2017): (i) consent and
    use restrictions (e.g. restricting use of data to a per-transaction basis, having clear user consent, and
    prohibiting sharing or sale of consumer transactional data by those who collect it without express and
    restricted consumer consent; (ii) easy, secure processes for customers to share their own data (e.g. encourage
    a neutral channel through which customers could export data from their transactional accounts in a
    standardized format); (iii) standards on what types of data should be shared vs. what should be kept private.