U.S. banks balk at Canuck data classification

An initiative by several leading Canadian banks to develop standards has shined an unwanted spotlight on U.S. banks, which appear to be unwilling to follow suit.

A working draft of Canada’s common data-sensitivity classification scheme is expected to be released by year’s end, said Robert Garigue, coordinator of the initiative and chief information security officer at Toronto-based Bank of Montreal. The goal is to come up with a standard that “embodies a minimum set of expectations around information classification and controls,” he explained.

But there is no similar effort under way in the U.S., despite a growing recognition of the need for a common standard for data labeling south of the border as well, several analysts said.

The Canadian initiative will give banks and third parties, such as market research companies and check-processing firms, a standard way of labeling and protecting public, internal, regulated and highly sensitive data, Garigue said.

Unlike in Canada, where the country’s five major banks are regulated only by the federal government, dozens of major U.S. banks fall under the regulatory purview of state and federal agencies, making it far more difficult to develop standards, said Richard DeLotto, an analyst at Gartner Inc.

“It doesn’t seem to me that the financial sector here would embrace a single standard unless it was something mandated by the government,” said Adam Stone, a security management analyst.

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now