Financial services firms, traditionally considered leaders in privacy and information security, are discovering that the process of protecting sensitive customer and employee information has become increasingly complex, according to PricewaterhouseCoopers. Based on responses from 665 financial services executives -- part of the sixth annual Global State of Information Security Survey 2008 conducted by PwC in conjunction with CIO and CSO magazines, more than half (54 percent) of financial services respondents indicated that their firm does not have an accurate inventory of where personal data for employees and customers is collected, transmitted or stored. Just over half (51 percent) of financial services respondents said they do not require third-party service providers to comply with their company's privacy policies.

"Financial services firms have been leaders in privacy and security, but their policies and capabilities are being outstripped by changes in technology and business practices," said Sergio Pedro, managing director, PricewaterhouseCoopers, in a press release. "Firms must address customer demand, competitive pressure and stringent, ever-changing regulatory requirements by developing comprehensive, integrated privacy and data protection programs," he said.

Financial services firms' increased use of their non-U.S. locations and offshore third-party service providers to handle and process sensitive data has exposed these international organizations to a maze of privacy-related requirements. Numerous laws have been passed in countries around the world since the late 1990s, covering privacy, data protection, telemarketing, fax and Web communication, and security. The survey found that just 45 percent perform due diligence of third parties that handle the personal data of customers and employees. This appears to be a blind spot for financial services firms: Despite this lack of due diligence, most (81 percent) consider themselves either "somewhat" or "very" confident in the information security practices of their partners and suppliers.