Harvard researchers seek improved privacy for financial data

(Mar 31, 2020) Researchers at Harvard University's Mossavar-Rahmani Center for Business and Government released a report outlining potential updates to U.S. regulatory frameworks for consumer financial data privacy. In addition to examining consumer protections in existing laws, the report also includes a proposal for the Comprehensive Consumer Financial Data Act. The researchers explained the proposal aims "to model our optimal set of consumer rights and business requirements, balancing the appropriate tradeo... Read More

Updated Apple Card privacy policy increases data sharing

(Mar 25, 2020) TechCrunch reports Apple amended the privacy policy for its Apple Card, paving the way for more data sharing. The policy updates allow Apple to share anonymized and aggregated data with Goldman Sachs for credit-related purposes. Apple is also working on an opt-in option for cardholders willing to share personal data to improve their chances of receiving extended credit lines.Full Story... Read More

SEC: Consolidated Audit Trail won't contain investors' sensitive data

(Mar 25, 2020) The U.S. Securities and Exchange Commission is exempting personally identifiable information from the Consolidated Audit Trail, Financial Advisor IQ reports. In a statement, SEC Chairman Jay Clayton said broker-dealers will only need to report an account holder’s name, not their Social Security number, individual taxpayer identification number, birthdate or account number. It “represents an important step in significantly reducing the risk of retail investor identity theft associated with the (C... Read More

Study: 33% of financial firms lack privacy risk mitigation

(Mar 17, 2020) Accenture has released a study revealing that 33% of privacy executives at financial firms believe their companies are not fully prepared to address privacy risks. The study reflects responses from 100 U.S. and EU executives and also found 70% of respondents view privacy as a risk while 72% employ consent with all customer-facing activities. In terms of necessary privacy risk remediation, 51% of respondents cited privacy risk monitoring as an area of focus.Full Story... Read More

Croatian DPA issues 20M euro GDPR fine

(Mar 16, 2020) Croatia's data protection authority, AZOP, has handed down a 20 million euro fine to a credit institution for violating the EU General Data Protection Regulation. AZOP alleges the institution breached Article 15(3) of the GDPR with its refusal to honor requests of nearly 2,500 clients who sought to access the personal information shared in credit documents held by the institution. Additionally, AZOP found the institution did not take the proper steps to protect the rights and freedoms of the dat... Read More

Se imponen multas a dos bancos en Perú por no contar con el consentimiento previo de los consumidores al realizar comunicaciones comerciales

(Mar 3, 2020) La Comisión de Protección al Consumidor Nº 3 del Instituto Nacional de Defensa de la Competencia y de la Protección de la Propiedad Intelectual (Indecopi, por su acrónimo) emitió en enero de 2020, las Resoluciones Nº 002-2020/CC3 y Nº 007-2020/CC3 sancionando al Banco Falabella S.A. y al Banco Ripley Perú S.A. con 45 y 49,8 unidades impositivas tributarias (UIT), respectivamente, por realizar comunicaciones comerciales a sus clientes para promover la adquisición de tarjetas y préstamos sin conta... Read More

EU banking industry calls for legal guidance on data law interpretations

(Feb 27, 2020) The European banking industry has called for legal guidance on how banks should interpret data protection laws for anti-money-laundering purposes, S&P Global Market Intelligence reports. European Banking Federation Senior Policy Adviser Roger Kaiser said the EU General Data Protection Regulation has created uncertainty for banks as they implement processes to fight financial crimes. "There are situations in which the processing of personal data could be highly beneficial for AML purposes. Ho... Read More

857K customers caught in Slickwraps data breach

(Feb 25, 2020) ZDNet reports online retailer Slickwraps has revealed a data breach involving the personal data of 857,611 customers. Customer names, email addresses, physical addresses, phone numbers and purchase histories were exposed due to data security vulnerabilities. "There is nothing we value higher than trust from our users," Slickwraps CEO Jonathan Endicott said. "We've made a mistake in violation of that trust." Meanwhile, the U.K. Financial Conduct Authority has revealed sensitive information, inclu... Read More

ICO, FCA, FSCS warn insolvency practitioners about handling data

(Feb 13, 2020) The U.K. Information Commissioner’s Office, Financial Conduct Authority and Financial Services Compensation Scheme issued a joint statement warning insolvency practitioners and claims management companies to be responsible when handling personal data. The agencies state when insolvency practitioners sell personal data to CMCs, they may end up violating the EU General Data Protection Regulation and Data Protection Act. CMCs must also be mindful of the Privacy and Electronic Communications Regulat... Read More

1.26M Danish citizens have ID numbers exposed

(Feb 11, 2020) ZDNet reports a five-year software error allowed open access to the identification numbers of 1.26 million Danish citizens. A bug inserted onto the login for the Danish tax administration's official self-service portal helped collect citizens' identification numbers. The Danish Agency for Development and Simplification, which discovered the error during an audit, said there was no danger for potential cases of fraud, adding the data "most likely" was only collected by a pair of analytics compani... Read More