At Accion Venture Lab, we work with fintech startups, most of them in emerging markets. The majority of their customers haven’t worked with any kind of financial service provider before, and so our portfolio companies are the first (and probably sole) holder of these individuals’ financial information. What’s more, many fintech startups have developed innovative ways to use alternative sources of data for determining customers’ creditworthiness, so in addition to records on assets, business revenues, and payment history, the company may also have mobile phone records, housing information, and so on.
In the rush of launching a new fintech, protecting client data may not be top of mind. But this data is both valuable and sensitive — and any fintech firm is only one data breach away from losing customer confidence. We advise our portfolio companies to take steps to safeguard their customers’ data sooner rather than later — and certainly before a crisis occurs. For inclusive fintechs, protecting customers is even more important because of the vulnerable populations they serve. For a smallholder farmer, microentrepreneur, or any other low-income individual, a data breach that drains a savings account, damages a credit score, or exposes confidential information is not just an annoyance — it can be an insurmountable setback.
So, where to begin? To help answer that question, we’ve developed a Data Protection resource that will guide you through the process of assessing your company’s risks, understanding the various policies, protocols, and practices you can adopt to address those risks, and taking steps to implement a plan that fits your company’s needs.
We use the term “data protection,” as it encompasses both data privacy and data security. Data privacy focuses on which parties have authorized access to user data, and for what purpose. The data’s owner should always have control over what information is available and understand how it is to be used. On the other hand, data security relates to the systems in place to keep unauthorized entities from accessing and exploiting the data. So a complete data protection plan will cover everything from user transparency to technical solutions to regulatory compliance.
Our Data Protection resource contains not only a thorough explanation of how and why to put a data protection plan into place, but also an assessment to identify your company’s most urgent needs, a template to use in developing a data policy, options for taking this on in-house or hiring specialists to help, and much more. You’ll learn how often to update your plan, how to foster a staff-wide culture that supports data protection, ways to ensure your partners don’t expose you to vulnerability, and more.
And, if you do experience a data breach, the resource offers a response plan to help you identify the source of the problem, limit the damage, prevent it from happening again, and repair customer confidence.