Portability Part 4: A Brief History
This post is Part 4 of a 5-part series on data portability. You can read Part 1 here, Part 2 here and Part 3 here. Stay tuned for the final post coming soon.
Since the presidency of John F. Kennedy, the United States president has utilized something known as the “football,” or more officially known as the “president’s emergency satchel.” What is this satchel (aka football) for, you may wonder? It physically carries identity confirmation information for the current president, allows him to communicate with the Pentagon in case of nuclear threat, and includes a menu of codes for nuclear strike maneuvers. Everywhere the president goes during his presidential term, the football goes too. You can think of it as a mode by which that essential information is transported from place to place so that wherever the president needs to go, he always has access to it.
The need to transport data from one place to another is not a new one. Throughout history it’s been necessary for information to be relayed between different entities for all sorts of reasons. As with the football example above, in the past information has mostly been physically transported, but as we’ve entered an age where data is now digital, different methods for data porting are now required.
Old Methods of Portability
In the beginning, digital data was transferred through sharing files between clients and servers. This way of porting data was introduced in the 1970s and required users to login using unique credentials in order to authenticate themselves, access data on a server, and then send it somewhere else. Another way of transferring digital data from one place to another was referred to as data harvesting. Through method, a set of data is copied from one source in order to be shared with another source. Screen scraping is an additional data transportation formerly used, through which data is copied from one place in order to be used in a second place. Wikipedia describes this as “a technique where a computer program extracts data from human-readable output coming from another program.”
While these methods can indeed facilitate the transferral of digital information from one place to another, they are also fraught with problems. These three methods left data insecure and vulnerable to access from unauthorized parties, and they were often not permissioned by consumers or financial institutions. Screen scraping, for example, requires the storage of username and password information in order to access and then copy information, which puts this information at risk of being infiltrated and manipulated by outsider users. It’s also limited to data in specific formats and is bulky and inefficient, requiring storage space and multiple steps to access and share.
In 2016, for the first time, the European Union introduced legislation that provided strict guidelines for data portability through the General Data Protection Regulation (GDPR). GDPR sets forth very specific ramifications and guidelines for digital data access, privacy, and portability that must be followed by all EU organizations. Then in 2018, the California Consumer Privacy Act (CCPA) emerged in the United States, applying similar principles as GDPR to most American owned and operated platforms. The main tenets of both GDPR and CCPA revolve around disclosure of data collection to consumers, privacy, and a consumer’s right to access and share data between entities of their choosing.
Portability compliance according to CCPA requires that organizations disclose specifically what data they’re collecting on consumers and for what reason. Consumers must be able to access their data in a format that they can understand and share with other platforms. It gives consumers the power to choose what data is collected about them and shared with other parties as well as delete personal data if they want to.
Portability for Financial Data
Being able to port financial data creates unique opportunities for consumers. For example, let’s say a consumer uses a big-name bank app like Bank of America to do their online banking. On their website, Bank of America states explicitly what kind of data they’re collecting about their users, which includes basic info like names and addresses but also income, assets, debt, account balances, transaction history, credit, employment, insurance, etc. According to CCPA guidelines, all of this personal data must be available to the consumer in a way that they can access and understand. Additionally, the data must be able to be shared with a third party app if the consumer wants it to be – like a budgeting app or a platform that helps a person invest in the stock market or identify rewards they could be receiving. Pentadata bridges the gap between the financial institutions and those third party apps through our banking APIs.
Pentadata ports data without needing access to sensitive consumer usernames and passwords and never stores the data it ports. We strictly adhere to the guidelines put forth in CCPA in order to safely and effectively transport financial data between different platforms. The portability Pentadata conducts is always initiated by consumers – it’s their decision to share their personal financial data to other platforms, and they can opt out at any time for any reason. Whereas in the past data portability was clunky (remember the football?), now it’s as easy as clicking to opt-in and almost instantly sharing data to another app.
For more information on how we do data portability at Pentadata, or to see how it could work for your company, click here.