‹ All episodes

The Hire thru Retire Podcast

Balancing Personalized Guidance and Data Privacy with Voya's Stacy Hughes

April 25, 2023 Voya Financial Episode 50
Balancing Personalized Guidance and Data Privacy with Voya's Stacy Hughes
The Hire thru Retire Podcast
More Info
The Hire thru Retire Podcast
Balancing Personalized Guidance and Data Privacy with Voya's Stacy Hughes
Apr 25, 2023 Episode 50
Voya Financial

In today’s digital world, finding the balance between personalization and consumer privacy is top of mind and an important part of the discussion and experiences we create. So, in this episode, Bill is joined by Voya’s Chief Information Security Officer Stacy Hughes, to talk more about this balance and to help employers find the right balance for their own experiences.

 

Bill Harmon is a registered representative of Voya Financial Partners, LLC (member SIPC). 

 

CN2812048_0325

Apple Podcasts Spotify Overcast Castro Castbox Goodpods +
Show Notes Transcript

In today’s digital world, finding the balance between personalization and consumer privacy is top of mind and an important part of the discussion and experiences we create. So, in this episode, Bill is joined by Voya’s Chief Information Security Officer Stacy Hughes, to talk more about this balance and to help employers find the right balance for their own experiences.

 

Bill Harmon is a registered representative of Voya Financial Partners, LLC (member SIPC). 

 

CN2812048_0325

Speaker 1:

You are listening to the Hire Through Retire podcast, brought to you by Voya Financial. We are talking to the best and brightest in the industry to bring you the latest in benefits, savings and investment trends in the workplace, tackling all things from 401ks to HSAs and everything in between. Come along with us on our journey to help all individuals become well-planned, well invested and well protected.

Speaker 2:

Welcome back to the Hire Through Retire podcast. I'm your host, bill Harmon and happy to be back with everyone today. We've talked a lot and, and I mean a lot about data on this podcast and it's become a passionate topic of mine because we leverage data in so much of what we do to help not just make a better experience for our customers, but also to help to create better outcomes. We also know that leveraging data to help create greater personalized experiences can also help generate a better experience. At the same time, we know that in today's digital world, finding that balance between being personalized and customer privacy is top of mind and it's an important part of the discussion and experiences that we create. So joining me today to talk more about this balance, again, that balance between how do you get personalized, but how do you watch um, out for consumer privacy. We're joined today by our very own chief information security officer, Stacy Hughes, to share her insights and perspectives on this really important topic. So welcome Stacy.

Speaker 3:

Thank you. I'm excited to be here.

Speaker 2:

Stacy, before we get started, can you share a bit about the landscape today? Like what trends are you seeing in the technology industry around hyper personalized experiences and what's the demand from both employers and their employees?

Speaker 3:

Well, thanks Bill. Our research at Voya, we see that providing general financial advice is really not meeting the needs of the consumers. Our data shows that consumers want and really expect very personalized financial guidance, which is very unique to their own circumstances as well as their personal goals. And that algorithms and everything behind the scenes that make either, for example, shopping on Amazon or watching Netflix, makes the experience very personal and predictable. And that's really raised in my opinion, expectations in the financial services space as well because personalization and financial services is really taking shape of that unique guidance and support. And the more we have that data and can understand someone's very unique circumstances, we're able then to better help them provide that guidance and support now to make decisions that help their financial futures.

Speaker 2:

You know, that's so true. What, what was the old financial wellness calculators that were pretty straight-lined expecting you're just gonna go on life's path and nothing comes along the way and everyone like you is the same. That's changed and I love how you even said it because really what we do in our personal lives with, you know, Amazon and anything else has really raised the bar to our expectations of, you should know me better than a calculator. You really, I want this personalized. I want you to get in my head and know what I want next. And that's a perfect segue into my next question. So Stacy, as you mentioned, personalization requires the consumer to opt in and then open access to their sensitive financial data. And you know, in this day and age, protecting personal information is a very serious concern. And so it it is, it's a trade off for sure and I, I hear about this tug of war from our clients often of, well I want you to be personalized, but I'm nervous about giving out this sensitive personal information. So employers and employees say that sharing personal data is an important factor in their employee's decision to be able to opt in for such personalized experiences. So lemme ask, what are some of the ways in which companies can help alleviate the consumer concerns of sharing this personal information to gain the benefits of a more personalized experience?

Speaker 3:

So it's natural for consumers to be wary of providing personal information. I definitely am as a security professional. However, providing that information, it does greatly improve the customer experience. For example, when I watch a show on Netflix, there are others that pop up that I may not have even thought about watching but could be my next best favorite show. And based off of that type of example, it's the same for financial services and for example in the financial services, the more personal financial information that we have, the more informed we are about your unique circumstances and being able to offer better guidance. And that really helps lead, you know, our consumers to have better decisions about their financial future. And any organization that offers that level of personalization of your data also needs to take responsibility to make sure that it's protected.

Speaker 2:

You know, you're so right. Like I mentioned earlier, most of us have gone on to Amazon and then we get like, hey, you might want just bought that. You might wanna consider and then how do you even know that's, I didn't know I wanted that, but I do want that. So we're used to some level of, well they must know me, there was some personalization and that algorithm said that should lead me to this. Same with Netflix. So there is this sense of, in our personal lives we, our listeners are all probably nodding their heads saying, yeah, I do do that and I know that they know enough about me to make that decision, but now we're talking about my financials, we're talking about some savings accounts and we really need to build trust and confidence to be able to say, all right, it is okay to to provide some additional personal information so we can give you more personalized responses. So tell us what sort of things can companies do to build that confidence and trust with consumers so that they will provide that personal information?

Speaker 3:

No, I think that's very important because any organization really needs to focus on making sure that they're in the business of building confidence and trust in any way they have your personal information and we also wanna make sure that it's easy, it's easy to do business now more than ever and being able to have not friction when they're having that experience with, with any service and experiences that they're offering and also other things that we are doing, you know, makes things better and faster, but it also creates risk as you noted Phil. And so that's where I think it's really that tug of war and it's the yin, yin and yang between ease as well as security. And I think that big challenge is how do we mitigate that risk from a security perspective to make sure we have security but we don't have friction in the process as well. And, and I think both can be done very well by companies, but it's really critical that information security is embedded in the processes upfront and having a strong information security strategy that really ties in with the business. I know Bill, you and I talk quite a bit about, you know, the business and how information security plays a part in that and it's no different anywhere else out there as well too. And as security professionals we also have to play, I'd say both sides. We have to have a very strong offense to where we're constantly staying on the leading edge of emerging technologies and working hand in hand, you know, with the business to really create that secure and frictionless experience from the beginning. But also we have to be on the defense side of things and continuously stay in front of what I like to call the threat landscape and look at that not only within an organization but also with our partner ecosystems as well too. And I think that's really how you continue to build trust and confidence with your customers and give them that when when they're sharing their personal data.

Speaker 2:

And I love how you said that because I've had several personal situations where that firewall was so good it kept me out like I can't get in my own account cause they're firewalls so strong and so define that like security, but then frictionless like how can I let the good guys in and keep the bad guys out? It is such a balance. And so there, there we talked about it. So those are two pillars. Let me throw another pillar in there and that is that well we're in the financial services industry and so we're your certainly no stranger to regulation. So Stacey, that is true. How do you view, yeah, I know and all the time we're balancing all of that now there's been a lot of regulatory activity when it comes to data as well. So how do you view that regulatory environment from a data privacy perspective and, and what's on the horizon that employers need to consider so that they can continue to provide personalized guidance while complying with all the regulations to protect this personal information?

Speaker 3:

I'm so glad you asked that question. I was just reading a Gartner study in Forbes about trends that we can expect in 2023 and greater privacy and regulatory pressure is at the top of the list. So it's a very timely topic. The study states, and I'll quote this, is that Gartner predicts that by 20 23, 60 5% of the world's population will have personal data covered under modern privacy regulations up from 10% in 2020. And also in the US nearly 40 states have introduced or considered more than 250 bills dealing with cybersecurity in 2022. And there's also new and proposed, uh, s e C ruling related to cybersecurity disclosure requirements for public organizations and, and also being able to make sure that the boards have cybersecurity experts on them. So the regulatory environment continues to, as I like to call it, uh, become more and more involved in what's going on in day-to-day lives and and to protect us as well too. I think in conjunction with that, the information security and compliance teams, we have to work very closely together to make sure, you know, any company remains, you know, current with the requirements and also compliant with the regulations where customer privacy is protected. Because that's very important for all of us and you know, we are the ying to the personalized guidance and the customer experience is the yang. So the two are very interlocked and, and they balance each other to help earn, you know, trust and confidence of our customers

Speaker 2:

Really doesn't, and that kind of fit in. You think about all these potential regulations, proposed regulations that are out there and it is meant to really, you know, protect at the same point. We're balancing that with that frictionless, like, don't protect that so much. I can't even get into my own account. Yes. Like that's this balance and now we're trying to help, uh, the regulatory agencies figure all of that out. And it's not just the federal, it's all the states and there's just a lot of activity.

Speaker 3:

It's almost to where I like to call it the art and the science of cybersecurity. So there's all the rules but there's also, you know, the art behind it with what you're doing as organizations. So it's, it creates new opportunities every day.

Speaker 2:

Yep. And it is, it's that balance, um, which everyone listening would say, I want my data secure<laugh>, but I want you to, I wanna be able to access it very simplistically just me, nobody else. And I want to be able to have someone do something with this data to give me really personalized guidance. So Stacey, gosh, thanks so much for being here. This is such an important and timely topic and I appreciate you taking the time to share your perspectives today. Before we let you go, I'm gonna end with one more question for you to leave with our listeners today. We talked a lot about the need and desire for companies to provide a personalized experience that consumers, it'll resonate with them, that they'll enjoy, but there's also balance in doing so for the employers when it comes to how they offer everything. So what advice would you have for employers when it comes to finding the right balance between this personalization that we talked about and then with privacy, either when it comes to their own experiences or when it comes to companies that they work with to provide these experiences for their employees?

Speaker 3:

I have two pieces of advice. The first one is make sure you have the right partners supporting you. Find out what their privacy and security guidelines are and see how they're validating that with third party audits and independent reviews. And have a good process to provide feedback like quarterly business reviews. That way you can understand new features and functionality being provided, but also how they're taking care of your information as well. I always say feedback is a gift and being able to have that partnership is wonderful. The second piece of advice is to educate and then educate some more. Building very strong awareness of the tactics that bad actors use and ways to prevent them is a shared responsibility amongst all of us. And working with your partners and employers and making sure everybody's practicing safe cyber habits, you know, strong and long passwords. Making sure everybody can recognize a phishing email that they've received, multifactor authentication, you know, those are just a few examples of habits that should be reinforced and everybody should be reminded of on a regular basis. And security technology is just one line of defense. There's always the, the human element and helping all of us be educated to identify and recognize and set ourselves up for success is very critical in helping to protect personal data.

Speaker 2:

I love how you said that, that educating the employees at the company, all sorts of cybersecurity training cause it can happen unknowingly internally. So just to provide that education on how to everyone protect against this. It's not just the CISO's job, it's everyone's job. I also wanna thank you for joining us. Today is a great dialogue.

Speaker 3:

Great. Thank you Bill,

Speaker 2:

I also wanna thank our listeners. We do hope this conversation was valuable for you. Thanks again for joining us today. Stay well.

Speaker 1:

This information is provided by Voya for your education only. Neither Voya North representatives offer tax or legal advice. Any opinions expressed within, do not necessarily reflect those of the Voya family of companies or its representatives and are not intended to provide specific advice or recommendations for any individual. Please consult your tax or legal advisor before making a tax related investment or insurance decision.