2 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

3 1. Appropriate product design and delivery 2. Prevention of over-indebtedness 3. Transparency 4. Responsible pricing 5. Fair and respectful treatment of clients 6. Privacy of client data 7. Mechanisms for complaint resolution Client Protection Principles

4 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

5 Privacy of Client Data The Principle in Practice: The provider complies with all local data privacy laws. Client information is only used in the ways agreed upon at the time of data collection. Consider this: Clients trust financial service providers with very sensitive personal and financial information.

6 Use a privacy policy Privacy clause Penalize misuse Use a written privacy policy that governs the gathering, processing, use, and distribution of client data. Ensure the privacy clause is in plain language and not hidden in the contract or in small print. Establish penalties for exposing or revealing client data to third parties without prior client consent. The Principle in Practice

7 Adequate systems Secure IT systems Secure physical files Put systems in place (including secure IT systems) to protect the confidentiality, security, accuracy and integrity of customers' personal and financial information. Ensure IT systems have different password protection systems that are changed periodically with different access levels according to the position of the staff member accessing the data. Store client files in a secure location, within the branch or headquarters. The Principle in Practice

8 Policy on Informing Clients Staff understand Train staff Inform clients Create a policy on how to talk to clients about this topic, requiring staff to present clearly to clients how the FI will use and share their client data. Communicate this policy to staff. Train staff to protect the confidentiality, security, accuracy and integrity of customers' information. Inform clients how their information will be used internally and, when applicable, when it will be shared externally. The Principle in Practice

9 Read privacy clause aloud Privacy clause Written consent Prior to loan disbursement, ensure staff reads the privacy portion of the contract to the client. Include a data privacy clause in the contract, describing how and when data can be shared (in addition to credit bureau information). Require written client consent to use information or photos in promotions, marketing materials and other public information. The Principle in Practice

10 Require written consent Train groups Require written client consent to share personal information with any external audiences, including credit bureaus, insurance agents, collection companies and others. Train group leaders to safeguard group member information, particularly saving account balances, dates of loan disbursement, and information on repayment problems. The Principle in Practice

11 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Practitioner feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

12 Can your clients agree with the following? I have been told that the institution will ask my permission before sharing my information with third parties, and before using my photo in any marketing materials. I know how to keep my PIN number safe. I know how the institution keeps my data secure. The institution explained the importance of keeping group information confidential. The client perspective

13 1.Client protection principles 2.Principle #6 in practice 3.Protecting client data & the client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

14 Feedback from Participants Do your clients care about data security? If something went wrong and their personal or financial information was compromised, would it affect your business? Have data management practices and systems evolved at your institution since you have worked there? How so? Have you witnessed privacy or security lapses at your institution? How did your institution respond?

15 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

16 Technical Tools Getting Started Questionnaire: Self Assessment for MFIsGetting Started Questionnaire: Self Assessment for MFIs and Guide on Smart AssessmentsGuide on Smart Assessments Smart Operations Security is the Key: Pocket Guide to Financial Security for Clients Smart Lending- Individual and GroupIndividual Group Smart SavingsSmart Savings and Smart MicroinsuranceSmart Microinsurance Samples and Case Studies Essential Documents for New Clients Essential Documents for New Clients (see Data Privacy Agreement and Privacy Agreement Summary) Smart Note: Customized IT at Caja Morelia Tools available from the Smart Campaign

17 1.Client protection principles 2.Principle #6 in practice 3.The client perspective 4.Participant feedback 5.Tools for improving practice 6.Conclusion and call to action Agenda

18 Financial institutions satisfy this principle by respecting the privacy of client data and keeping it secure. Maintaining the privacy of client data requires implementing adequate safeguards, systems, and policies, but also informing the client about the use of their personal information and obtaining client consent before sharing it with a third party. Staff and client training is important for making sure privacy and security procedures are successful. Conclusion Call to Action: What “next steps” can your organization take to institutionalize and/or improve systems for maintaining the privacy and security of client data?

19 Thank you! Endorse the Smart Campaign. Visit Sign up to receive news and information. Download the Getting Started Questionnaire and conduct a client protection self-assessment.Getting Started Questionnaire What’s next? us!