Deposit portability: A legal requirement, not a strategic option
Based on recent pronouncements by the Bank of Jamaica (BOJ) the central bank is currently pioneering the development of strategies to make deposit portability a reality.
Their ambition is commendable: To enable both the banked and unbanked to seamlessly shift between various banks, while maintaining their standing instructions and circumventing the traditionally cumbersome account opening procedures and Know-Your-Customer (KYC) hassles. This would undoubtedly revolutionise the banking experience for consumers, offering them unparalleled flexibility and control.
To get a better appreciation of this just think about the impact number portability initially had on the telecommunications market and equally importantly how both telcos, at some point or the other, depending on who had the larger subscriber numbers, fought against it.
It’s important to note that data portability doesn’t just make for a savvy market strategy that would inure to the benefit of consumers; it’s also a legal obligation under section 6 of the Jamaican Data Protection Act.
Section 6 gives individuals the right to request their personal data be transmitted to another data controller in a commonly used and machine-readable format. The law dictates that the BOJ, and the banking sector at large, as data controllers, recognise and effectively enable this right. A nuanced understanding and execution of data portability can transform the landscape of the banking industry, improving services, fostering innovation, and ultimately leading to enhanced customer satisfaction.
Understanding the types of personal data covered under this right is also essential. The right to data portability applies to personal data that an individual has actively provided to a service provider and the data generated by their activity. This includes, for example, transactional data such as deposit and withdrawal history, loan details, or direct debit information. However, it’s crucial to note that data derived or inferred by the service provider about the individual, such as credit scoring data, may not fall under the ambit of data portability — the jury is still out on this.
The clarity and transparency of these stipulations are pivotal in ensuring effective implementation of data portability and enabling customers to exercise this right fully.
The benefits of data portability are manifold, extending to individuals, businesses, and the broader economy.
Firstly, from the individual’s perspective, data portability significantly enhances the customer experience. It gives customers the freedom to choose and switch between different service providers without losing their personal data. This independence can be especially beneficial in the banking sector, where shifting between banks traditionally involves extensive paperwork and bureaucratic hurdles. By simplifying this process data portability can encourage consumers to seek out the best services that suit their needs, promoting customer satisfaction and financial inclusion.
Secondly, for businesses, data portability can foster healthy competition. When customers can easily move their data from one service provider to another, businesses are incentivised to constantly innovate and improve their services to retain existing customers and attract new ones. This competitive pressure can drive the development of better products and services, ultimately benefiting the end users.
In addition, data portability can also stimulate innovation within the digital single market. By facilitating the free flow of data across different platforms it enables the development of new business models, products, and services. For instance, with access to banking data from multiple sources, FinTech companies could develop personalised financial management tools, or banks could provide tailored financial advice based on a comprehensive view of a customer’s financial history.
Moreover, data portability also plays a critical role in promoting transparency and trust. By empowering individuals with control over their data, it encourages businesses to be more transparent about their data practices, fostering a trusted relationship between businesses and their customers.
The BOJ, along with other industry leaders, appeared up until now to under-appreciate the far-reaching impact the full implementation of the Data Protection Act will have on the status quo. The BOJ’s and the broader banking sector’s failure to recognise and implement data portability could mean falling short of compliance with the Jamaican Data Protection Act. This could lead to legal repercussions, as well as damage to their reputation among customers.
The focus, for the most part, seems to be on preventing data breaches. The Data Protection Act requires them to go much further. Moreover, it could also stifle innovation and competition in the banking sector, as banks would not have the incentive to improve their services to retain or attract customers who can easily transfer their data.
Recommendations for the BOJ
Moving forward, the BOJ can enhance its deposit portability strategy by embracing the right to data portability. This involves ensuring that customer data can be easily transferred between banks in a structured, commonly used, and machine-readable format. For instance, there are data sharing frameworks such as the semantic Web stack and their accompanying ontologies that are already being adopted in the local data protection space. This framework can be used to streamline and standardise the sharing of personal data in the banking industry while preserving data integrity and security.
Moreover, the BOJ can play a crucial role in clarifying the obligations of banks under the Jamaican Data Protection Act. This could involve developing clear guidelines and best practices for banks to comply with the right to data portability, along with training and support to implement these practices effectively.
As the BOJ pursues its commendable goal of deposit portability, incorporating the right to data portability is not just a strategic imperative but a legal obligation. It is an opportunity to truly revolutionise banking services, giving customers the freedom and control they deserve over their data.
Chukwuemeka Cameron is a trained data protection officer; an attorney with a master’s in information technology; and founder of Design Privacy, a consulting firm that helps clients comply with privacy laws and build trust with their customers. He is also a certified ISO 27001 and 27701 lead implementer. Send comments to the Jamaica Observer or ccameron@designprivacy.io