Defining the standard for data stewardship

When I founded Envestnet almost 20 years ago, my vision for the company was clear: to help independent advisers and financial institutions deliver better outcomes to their clients through cloud-based technology and related services.

Data aggregation has long been an essential element of this vision. Financial advisers need a single source for financial information that would otherwise be spread across numerous accounts and paper statements. It helps advisers work with their clients to address the reality of their financial situations and find solutions that best meet their financial objectives.

[Recommended video: Deploying fintech to improve the client experience and prevent fraud]​

Four years ago, through the acquisition of Yodlee, we incorporated the use of aggregated consumer-permissioned data held away from the adviser’s primary custodians. The benefits are many: a more complete and real-time view into an investor’s financial picture; faster information sharing and verification; and the security of knowing financial information is coming directly from the source, not from an unsecured intermediary.

Data security has always been embedded in our business. As more data becomes digitally available, the risk of it being stolen and put to work for nefarious purposes rises as well.

This risk can’t be addressed by going back to the old ways of storing information in physical form — that would be akin to advocating for a return to horses while the Model T rolls off the assembly line.

Every innovation needs guidelines for keeping people — and their information — safe. In the case of the automobile, it took more than 20 years to get standardized traffic signals and the stop sign. With digital data, we don’t have that kind of time. There is simply too much at stake.

[More: Capital One data hack puts financial advisers on high alert]

As a financial technology platform, Envestnet has a responsibility to ensure the highest levels of safety and security for anyone sharing information on our platform. We looked to the principles of what it means to be an investment fiduciary to create our own standard for care of data, which we call data stewardship.

Fiduciaries do more than achieve results in the best interests of their clients; they must operate with both good faith and integrity in their service. Data stewards also treat consumers and their information with the utmost respect. They are held to a more rigorous and higher standard than data brokers, who exist to gather and sell personally identifying information that can be used to target individual consumers.

[More: Vendors need to be held to a higher standard on privacy]

The following principles ensures our data stewardship is aligned with our obligations to our advisory clients. We encourage providers and users of consumer financial data to adopt a similar framework.

• Consumers must be provided clear notice of how their personal information, such as their name or Social Security number, can potentially be shared before registering for a service. Sharing personal information that identifies individuals with third parties for purposes unconnected to the service should never occur, unless there is clear disclosure and a straightforward ability for consumers to opt out.

• While data stewards may use aggregated, statistical data points for trend analysis, when data is gathered as part of an adviser’s fiduciary role, the specifics of that data must only be shared between the adviser, the supporting institution or institutions and the permissioning investor for reasons that benefit the investor.

• The safeguarding of consumers’ personal information is paramount. Data stewards keep current on best practices, including continuous monitoring, encrypting and de-identifying data. As the threats to consumer data security become more sophisticated, so too must the means of protection. We must continue to innovate in the realm of data security to ensure we stay ahead of the risks.

• When a fiduciary adviser is not involved in the data sequence, data stewards still take care to provide protections. Even when non-fiduciary data has been de-identified or anonymized, data providers take steps to ensure the data is never “re-identified.”

• Data stewards exert governance over the technology-powered tools to which the consumers have granted permission to access their data. They require recipients of consumer-permissioned data to use it only in accordance with whatever consent was provided and monitor data recipients for risk-based compliance.

These principles are meant to provide consumers with peace of mind knowing they are protected as they use tools to improve their financial health. Consumer data is valuable — to individuals, to their advisers, and to financial enterprises and wealth-tech providers who can better tailor their services to help investors achieve financial wellness.

We encourage all providers and users of consumers’ financial data to adhere to the principles of data stewardship and to treat consumer data like the valuable asset it is.

[More: BlackRock data leak highlights the human side of cybersecurity]​

Jud Bergman is chief executive officer and chairman of Envestnet.