How Will Data Privacy and Governance Work in CUDX?
The Credit Union Data Exchange (CUDX) is a credit union-owned cooperative that allows credit unions to share data in order to uncover insights. While having access to more data is an exciting prospect, your credit union may be hesitating to participate over data privacy concerns. In this blog, we’ll review the privacy and data governance systems CUDX has in place in order to keep your credit union and its members safe.
CUDX: Dedicated to Security
CUDX is dedicated to protecting credit union data and safeguarding member privacy. In fact, the existence of CUDX depends on meeting the privacy concerns of participating credit unions head on. To do so, CUDX leverages best-in-class technology, an approach rooted in industry best practices, and governance driven by the credit unions participating in the exchange.
Here’s how it works: credit unions participating in CUDX are able to upload their data to a private locker, where it is anonymized and combined with the data of other participants and used to deliver analytics use cases. Other credit union participants can also request access to the underlying data, and the credit union providing the data is able to review and approve or deny every request. A providing credit union can deny a request at any time for any reason. All requestors are monitored by a CUDX council for proper use and compliance with data privacy and security regulations.
The Technology Powering CUDX
CUDX is deployed on Microsoft Azure and Snowflake, allowing participating credit unions to take advantage of top tier security features which are constantly monitored and updated to keep security risks at an absolute minimum. In addition to protecting from unauthorized access, these platforms offer encryption and anonymization features that make it easy to ensure no personally identifiable information (PII) is available in the Lakehouse used to inform the analytical products offered to CUDX members. The platforms also allow for the management of data in layers as well as the delivery of data in distinct environments, in order to prevent exposure of any personal data. Tight controls ensure any raw data uploaded into individual credit union lockers cannot be accessed by any other participants, and participants must consent to what data gets curated and shared in other layers of the platform.
CUDX’s Approach to Security
The underlying philosophy that is driving privacy policies and practices is simple: The value of analytics comes from the ability to observe trends, draw comparisons, and make predictions related to key product and member metrics important to credit unions. These use cases do not depend on personally identifiable information, so that information doesn’t even need to be pulled into the data Lakehouse used to deliver them. Any case that involves personal data is an exception that requires special handling and controls to ensure the credit union leaders’ consent and tight controls around the movement of such data. CUDX employs a common data model that enables credit unions the flexibility to participate without even uploading PII into their data locker if their member privacy agreements prevent doing so.
Data Governance with CUDX
Data governance, including privacy risk and compliance, is driven by Advisory Councils made up of nominees from participating credit unions. These councils meet frequently, including quarterly in-person workshops, to collaborate and iterate on the policy and procedural guidance that CUDX uses. Council membership represents the diversity of views and concerns that exist across the credit union community, ensuring CUDX is protecting member privacy while also delivering value to Credit Union Movement.
We know how important it is to keep your credit union’s members’ data safe. We’ve considered data security at every step of the construction of CUDX, and our Data Governance Council ensures that we keep looking at how to keep your members safe in the future. For more information on CUDX and how your credit union’s data will be protected, contact me, Adam Wright at [email protected].