With data privacy generally in flux across industries, Mastercard is taking a crack at getting everyone in line with a set of universal standards to follow.

The Six Data Responsibilities


Security & Privacy: Companies must uphold best-in-class security and privacy practices.


Transparency & Control: Companies should clearly and simply explain how they collect, use, and share an individual’s data and give individuals the ability to control its use.


Accountability: Companies must keep consumer interests at the center of their data practices.


Integrity: Companies must be deliberate in how they use data in order to minimize biases, inaccuracies, and unintended consequences.


Innovation: Companies should be constantly innovating to ensure individuals benefit from the use of their data through better experiences, products, and services.


Social Impact: Companies should use data to identify needs and opportunities to make a positive impact on society.


Source: Mastercard

The payments services provider on Oct. 24 announced the launch of its Data Responsibility Imperative designed to “advance a dialogue around how organizations can work together” to address individuals’ privacy. Mastercard is opening the door for other companies to join their pledge, striking the tone of a call to action as privacy practices have drawn more scrutiny since the launch of the EU’s General Data Protection Regulation (GDPR) in May 2018.

Mastercard’s initiative (see sidebar) is spurred in part by the results of a survey it commissioned. In that survey, just 26 percent of nearly 2,500 respondents felt companies are doing a good job handling individuals’ data.

Recent data breaches, most notably among financial services providers, seem to justify that belief. In July, Capital One announced a hacker obtained the personal information of approximately 100 million individuals in the United States and approximately six million individuals in Canada—a level of harm on par with that of the breach credit-reporting agency Equifax suffered in 2017 (147 million).

In the wake of that breach, Equifax on July 22 settled with the Federal Trade Commission, the Consumer Financial Protection Bureau, and a coalition of 50 attorneys general—comprising 48 states, the District of Columbia, and the Commonwealth of Puerto Rico—for well north of $500 million.

Mastercard itself is no stranger to breaches, revealing in August it is investigating two relating to a loyalty program it ran in Germany following a leak of personal information that saw customers’ names, addresses, and credit card numbers circulating on the internet. Though the loyalty program was administered by a third-party firm, the onus ultimately falls on Mastercard.

“In today’s fast-paced digital economy, we’re facing never-before-seen circumstances that test our ethics on a daily basis,” said JoAnn Stonier, chief data officer at Mastercard, in a release. “We need high data standards that allow us to face these situations head-on, knowing that our practices are sound, consistent and based on treating individuals and their data with decency. For Mastercard, this commitment starts at home, and we’re embedding these principles into how we do business – every day.”

Mastercard’s President and CEO, Ajay Banga, was one of 51 business leaders to sign off in September on a letter to Congress urging the passing of a comprehensive U.S. consumer data privacy law.