Survey: Europeans lag behind US, Asian firms in privacy compliance

(Mar 21, 2019) A survey conducted by The Economist Intelligence Unit reveals the U.S., China and Southeast Asia are better prepared and equipped to take on data privacy regulations compared to European nations, Business Insider Singapore reports. The EIU polled 250 executives across China, Southeast Asia, the U.S. and Western Europe. Respondents were asked to rank their levels of preparedness to face data privacy regulations and the likelihood they would adopt new measures in response to the rules. U.S. execut... Read More

Study: 60 percent of consumers would share info with insurers for lower rates

(Mar 19, 2019) The results of Accenture's Financial Services Consumer Study state while the majority of consumers would share personal information with their insurer for lower prices on services, they also have privacy concerns, Insurance Business reports. Of the 47,000 consumers polled across 28 markets, 60 percent said they should divulge their personal data with insurers and banks for lower rates; however, 75 percent said they were cautious about the privacy of their information. "Although consumers want ba... Read More

Equifax Canada survey: citizens lax on protecting financial data

(Mar 15, 2019) A survey conducted by Equifax Canada found Canadian citizens have not done enough to protect their financial information, IT World Canada reports. It found only 28 percent of citizens said they check their credit reports, and 35 percent install and update security software on their computers. The survey comes after the U.S. Senate Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations criticized Equifax for its failure to prevent its 2017 data breach. “The impact in ... Read More

Tully voices concerns with updated NS credit union bill

(Mar 15, 2019) Nova Scotia Information and Privacy Commissioner Catherine Tully has called for a delay to update the law governing the province’s credit unions, CBC News reports. Tully cited four issues she had with Bill 97 in a letter to Finance Minister Karen Casey. Tully noted a provision to allow the superintendent of credit unions "to provide personal information to other governmental or regulatory authorities inside and outside of Canada without any of the protections afforded in the Freedom of Informati... Read More

CNIL offers guidance on gathering payment card data through remote transactions

(Mar 8, 2019) France’s data protection authority, the CNIL, released updated guidance on payment card data gathered via a remote transaction. The CNIL advises companies to reconsider their payment card systems with the EU General Data Protection Regulation in effect. The DPA offers recommendations for what payment card data a company should hold onto in a remote transaction and the retention periods for various types of transactions. Should a merchant wish to hold onto customers’ card data beyond a transactio... Read More

FTC seeks comments on proposed GLBA Privacy, Safeguards Rules amendments

(Mar 6, 2019) The U.S. Federal Trade Commission announced it will seek comments on proposed amendments to change the Privacy Rule and Safeguards Rule under the Gramm-Leach-Bliley Act. The amendments would put the two rules in line with the changes implemented through the Dodd-Frank Act and FAST Act. The FTC also proposed to expand the definition of financial institutions in both rules to include “finders” that charge fees to match consumers to lenders. The FTC states the notices for comments will be published... Read More

UK financial services see fivefold increase in data breaches

(Feb 28, 2019) According to the U.K.’s Financial Conduct Authority, financial services companies in the U.K. experienced a fivefold increase in data breaches for 2018 when compared to 2017, the Financial Times reports. Companies reported 145 breaches for the year, compared to just 25 reported breaches in 2017. The article notes that while the EU General Data Protection Regulation’s breach-reporting requirements are likely to explain part of the increase, bank executives also cite an increased and constant hack... Read More

EDPS podcast explores 'Being a DPO in the public sector'

(Feb 28, 2019) European Data Protection Supervisor Head of Inspection Ute Kallenberger hosts a podcast titled “Being a Data Protection Officer in the public sector: the EU side of things.” Kallenberger spoke with European Central Bank Data Protection Officer Barbara Eggl for the episode of the pilot podcast. Kallenberger asked Eggl about her daily activities as the bank’s DPO, whether the increased attention toward data privacy has made her job easier or harder and how she has worked to implement data protecti... Read More

Credential-stuffing attack targets tax data

(Feb 27, 2019) Financial software company Intuit announced hackers targeted tax return information within TurboTax via a credential-stuffing attack, Dark Reading reports. Intuit said in its breach disclosure letter to the Office of the Vermont Attorney General that hackers took usernames and passwords “from a non-Intuit source” to conduct the attack. If hackers were able to log in to a user’s TurboTax account, they could have had access to the person’s name, Social Security number, address, birthdate, driver’s... Read More