GDPR challenges all organisations to mask EU data by default
Delphix, the market leader in data virtualisation, has issued a strong warning for organisations to re-architect operations and adopt a secure, data-first approach ahead of the introduction of the European General Data Protection Regulation (GDPR). The approval of the GDPR means businesses that store or process European data will be forced to build data protection into system design and infrastructure, or risk fines of up to 4 per cent of global turnover. In particular, organisations need to closely examine the security of non-production data that is used to develop and test systems. Independent research has highlighted that up to 90 per cent of non-production data currently sits unmasked within organisations, posing a significant security and compliance risk.
“The GDPR introduces a punitive structure, similar to the measures introduced to prevent price fixing in competition laws, that puts the risk of non-compliance into sharp focus,” said Iain Chidgey, vice president, international sales, Delphix. “In the last few years, we’ve seen blue-chip companies pay hundreds of millions in fines for price-fixing scandals and it’s even forced non-compliant firms into administration. The GDPR risks having the same effect, so companies must have a complete view of their data, treating non-production data with the same security profile as live data.”
The GDPR requires enhanced data security measures to ensure compliance, in particular referencing the use of “pseudonymisation.” This is the process of masking confidential data in such a way that it can no longer be attributed to an individual – protecting the data should it ever fall into the wrong hands.
The GDPR also incentivises data masking at several different points:
- In the event of a data breach: If the compromised data presents a low risk to the individuals involved (for example, as a result of data masking), then data breach notifications to regulators and affected individuals may not be required. If not, organisations need to notify within 72 hours, a very tight timescale in the event of a serious breach
- In the event of data disclosure requests: If organisations can demonstrate that individuals cannot be identified from masked data they hold without additional information, then they may be exempted from requirements to supply data in response to a data access request or to erase data on request
- In support of data profiling: If businesses use pseudonymised data, this will significantly reduce any privacy impact on the individual. This in turns means explicit consent requirements under the GDPR for automated decision making and profiling are unlikely to apply
“The volume of data copies that are sprawled across non-production environments will require technology that can efficiently protect all data, not only those bits of information that are the most sensitive,” continued Chidgey. “To meet future requirements for data protection, the first step will be understanding where all the data sits in IT environments. The second step will be embracing a new wave of IT innovation to support compliance and reduce the risk of a data breach but without slowing down projects. Combining data masking with data virtualisation is one way organisations can scale up to the security levels that the GDPR requires, ensure compliance and distribute data quickly to accelerate critical business initiatives.”
“The GDPR introduces a carrot and stick approach to promoting data masking. At several points throughout its text, it encourages businesses to adopt pseudonymisation technologies, either as part of good information management or by reducing regulatory burdens in the event of unforeseen events, like security incidents. Contrasted against that, companies that are not in compliance with the GDPR face regulators waving a very big stick – potential fines of up to four per cent of annual worldwide turnover. That’s a very big incentive to do things right,” concluded Phil Lee, a partner in the Privacy, Security and Information team at international law firm Fieldfisher,
Lee breaks down the legal jargon around GDPR pseudonymisation in a new paper here.
Read the blog post by Jes Breslaw, Delphix EMEA director of strategy, for additional background on the impact GDPR will have to customers.
WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired
WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across 37 markets, has joined Microsoft’s AI for Accessibility programme to accelerate WeWALK’s capability by developing and validating a human behaviour model for visually impaired users and creating a Voice Assistant designed for the visually impaired, providing the right mobility information when needed and allowing for even greater control of the WeWALK mobility experience.
Microsoft’s AI for Accessibility $25 million 5-year programme is aimed at harnessing the power of AI to amplify human capability for the more than one billion people around the world with disabilities. Through grants, technology, and AI expertise, the program aims to accelerate the development of accessible and intelligent AI solutions and build on recent advancements in Microsoft Cognitive Services to help developers create intelligent apps that can see, hear, speak, understand and interpret people’s needs.
WeWALK’s new Voice Assistant will be released later in 2020 and will have immediate usability benefits, improving the user’s confidence as they mobilise. The assistant will be built on clearly derived requirements and natural usage patterns and the challenge that WeWALK is seeking to overcome is to make the assistant truly ‘smart’ and dynamic, where it will effectively categorize and deliver on the user’s commands in a host of different environments.
WeWALK’s human behaviour model is due for release in 2021 and is of significant importance as currently there are no accurate models for how a person who is blind moves and how their mobility holistically evolves, especially after receiving orientation and mobility training. As a result, healthcare, government, and mobility trainers cannot effectively track how a person who is blind mobilizes and whether or not intervention has had benefit. By using WeWALK’s built-in IMU (inertial measurement unit) sensors, including the gyroscope, accelerometer, and compass, as well as data collected from a connected smartphone, the model can be implemented and expanded organically through daily usage. The first stage will be rigorous data collection and user testing, followed by data manipulation and classification to ensure that optimum reliability and system usability can be achieved.
Commenting upon WeWALK’s entry into the program Jean Marc Feghali, R&D Lead at WeWALK. “By working on these two objectives, WeWALK can set the standard for visually impaired mobility for both the individual user and the organisations that support them. We are now rigorously collecting mobility data with novel experimentation, validating our work by continuously engaging our users to ensure an exceptional product powered by Microsoft’s best. Being a part of the Microsoft family truly excites us, bringing us closer to mobility trainers, researchers, and the global visually impaired community.”
Mary Bellard, principal innovation architect lead at Microsoft adds “At Microsoft, we believe AI solutions built thoughtfully by and with the disability community have incredible potential to offer meaningful independence in people’s daily lives. That’s why we’re thrilled to support WeWALK on this important assistive tool that stands to empower the millions of people around the world who use a white cane.”
With the power of Microsoft AI, WeWALK’s impact will be wide-reaching explains Kürşat Ceylan, WeWALK’s co-founder & CPO “As a blind person from birth, I know that it is very important to get the right habits of using a cane from a young age. It is amazing to see how WeWALK can enhance this aspect of our lives with high tech, making training and orientation more effective. I believe that the smart cane will be a symbol for the fully independent journey people who are blind or with low vision.”
Selected as one of the best inventions of 2019 by TIME Magazine, WeWALK is a member of YGA Ventures, which is an ecosystem of impact entrepreneurs. The team envisions WeWALK as a platform for continuous and collaborative development, putting it at the forefront of cutting-edge assistive technologies. This is exemplified through WeWALK’s collaboration with Microsoft, where WeWALK participated in Microsoft’s 2019 AI for Good in the UK.
The WeWALK smart cane is currently available on the market and can be purchased on the company website www.wewalk.io. The free WeWALK mobile app which provides various features such as VIP friendly navigation and public transport tracking capabilities is also available for immediate download on both iOS and Android devices.
Everything you need to know about APIs for business
By Omar Javaid, president, Vonage API Platform, Vonage
If your work brings you into close proximity with technology, chances are that you’ve come across APIs. Like many of the tech acronyms we hear – DNS, VOIP, SaaS – APIs fall into a category of terms that most of us would consider best left to the IT department. However, APIs are a vital tool for any tech-enabled business, and a basic understanding of them at management level can help to drive sales, increase customer satisfaction, and improve the user experience.
Although they seem daunting, getting to grips with APIs is surprisingly straightforward. API stands for Application Programming Interface, and can be simply defined as a software tool used to control programmes. Essentially, APIs create sets of rules that allow applications to communicate with each other – they are the part of the server that receives requests and sends responses. Today, when data is transferred between a pair (or more) of programs or applications, an API normally makes it happen.
To give a real-world example: when a user types Instagram’s URL into their browser and hits the Return key, a request is subsequently transmitted to Instagram’s remote servers. That browser then processes the response code it receives and displays the page. For the browser, Instagram’s server is an API – allowing it to communicate and relay information back to you without interruption or delay.
The job of the API is to simplify the complex data exchanged between these servers, and to make the interaction as seamless as possible for the end user. Considering that the vast majority of our business and personal lives now take place virtually, any solution that optimises the online experience is extremely valuable.
Using APIs to improve the customer experience
One of the core benefits of APIs is that they enable businesses to free themselves from the time consuming and costly process of developing in-house software to power a single core application. Instead, developers can outsource certain tasks to remote “off-the-shelf” APIs, saving time, money, and allowing resources to be channeled elsewhere. These add-on services allow businesses to offer a more complete, one-stop solution to customers, whilst streamlining the process to optimise user experience.
Although we may not always realise it, APIs are playing a vital silent role in almost every purchase and interaction we have online. Take booking a holiday for example. As we browse comparison sights, APIs are working furiously behind the scene to aggregate information from airline databases, hotel websites, and excursion providers. The API performs the back and forth needed to retrieve the information, whilst we are able to sit back and view all of the results on the same page. Simplifying this process enables travel comparison websites to make the search for holidays quick and easy, and encourages customers to stay on the site by offering all that they need in one easy to consume package.
APIs also allow smaller businesses to utilise tools provided by some of the world’s largest and most successful companies. Google’s Calendar API for example could be used within a beauty salon website to enable customers to book and schedule treatment reminders, whilst Apple’s weather tool could be plugged-in to an events company website to give customers real-time weather updates. While the API’s developer does retain ultimate control over how the API is used, there are still countless ways to integrate these tools to benefit your business and improve the functionality of your website.
The recent Covid-19 pandemic in particular has highlighted the value of an API class that normally receives little attention; communication APIs.
Today, companies are boosting spending on unified communications-as-a-service (UCaaS), along with video conferencing, collaboration, and voice technology solutions given the exponential growth in home and remote working as a result. Where face-to-face contact is limited by necessity, businesses need to be able to communicate with employees and customers in ways which are secure, simple, and cost-effective.
Given how rapidly the technology landscape changes, APIs are the clear solution to avoiding the expense of developing tools from scratch, in addition to harnessing the power of the advanced features offered by established API providers.
Using them, businesses are able to adapt to suit changing customer preferences; for example offering an online chatbot to handle customer queries, or by using multi-channel messaging to connect with customers via WhatsApp or Messenger. These tools are not only useful, but can also allow you to gain intelligence into a customer’s preferences and habits – both useful marketing gauges.
On the other hand, comms APIs can also help to address problems that may crop up internally within organisations and workforces. There are APIs which allow callers to automatically sync calendars, meaning that meetings will only be scheduled when all parties can attend. There are also APIs for timezone conversion, permissions requests, and for video link calls and messaging. With the work from home trend continuing for the foreseeable future, investing in these areas is critical if businesses want to keep delivering at the highest levels.
Considering all of the above, it’s clear that we can expect to see the adoption of APIs continue. Developers are constantly working to create increasingly sophisticated products, and many have moved towards exclusively building and hosting APIs, rather than building the apps themselves – creating a so called “API Economy” of sorts.
This focus on creating the best possible APIs has allowed smaller businesses to harness the collective expertise of the world’s largest and most successful companies, and the chance to use these tools represents a fantastic opportunity for growth. The reach of APIs extends far beyond the IT department, and with a basic understanding, they can be used by senior management and leadership teams to optimise all areas of the business – not bad for three small letters.
Unexplained Wealth Orders: Rightly Celebrated or Over-Rated?
By Nicola Sharp of financial crime specialists Rahman Ravelli considers the attention given to unexplained wealth orders – and emphasises that they can be challenged.
There is little doubt that many sectors of the media – and their readers – enjoy a story that involves an unexplained wealth order (UWO). They do, after all, have many of the ingredients that many look for in a good tale: allegations of wrongdoing on a large scale, someone being made to hand over assets worth more than most people will earn in a lifetime and the sense that justice has been seen to be done.
In the latest UWO, which was widely covered in the media last week, Leeds businessman Mansoor Mahmood Hussain was compelled to hand over property worth just short of £10M, after being accused of acting as a money launderer. He has been ordered to surrender the assets because the National Crime Agency (NCA) believed his wealth was the proceeds of crime, and so considered him a suitable target for a UWO.
Introduced by the Criminal Finances Act 2017, UWOs give law enforcement agencies powers to require persons to explain how they came to possess their assets, and to show that their wealth has come from legitimate sources. A UWO can be sought without any civil or criminal proceedings having begun. There is no need for the subject of a UWO to have been convicted of an offence or to have had a civil law judgement against them. Agencies can apply to the High Court for a UWO against any property valued at over £50,000, if the person owning it is reasonably suspected of being involved in serious crime (or connected to a person who is) and there are reasonable grounds to suspect that a person’s lawfully-obtained income would be insufficient to allow that person to obtain that property.
Like Zamira Hajiyeva before him, Mansoor Hussain’s inability to provide a credible, innocent explanation for his wealth has cost him – and generated headlines. Hajiyeva may be best known for somehow racking up £16M of expenditure at Harrods. But this only became known when she was the first person to be the subject of UWOs. The NCA expected her to explain how she had bought a £11.5M Knightsbridge house and a £10.5M golf course in Ascot, bearing in mind her husband is the former head of the state-owned International Bank of Azerbaijan, had a salary of no more than $70,000 and was convicted of fraud and embezzlement. Earlier this year, she lost her appeal against the UWOs, thus enabling the media to re-run her story and giving the NCA the chance to make approving noises about UWOs being a valuable tool in tackling illicit finance.
But before there is a rush to applaud UWOs, it should be said that the NCA’s relationship with them has been a chequered one, to say the least. Since becoming available to the NCA, the agency’s success rate with UWOs has been patchy. This is despite the standard of proof for UWOs being significantly lower than that required in criminal cases. Last year saw the NCA granted three UWOs for London property valued at £80M. Yet less than a year later, these UWOs were discharged, with a judge criticising the NCA’s “unreliable’’ assumptions and “artificial and flawed’’ reasoning. The Court of Appeal then refused the agency permission to appeal this decision.
While a UWO is a tool that enables law enforcement agencies to seize assets they believe are the proceeds of crime without anyone ever being convicted, it does not yet appear to have become the great weapon against illicit wealth that many would have hoped. Of the four cases begun since UWOs were introduced, two are still being contested. Mansoor Hussain’s case is the first time a UWO has successfully led to the recovery of assets from an individual.
Although, a UWO can be seen as effective in certain situations, it will often be considered the most (and perhaps only) viable option when a prosecution has failed or when the authorities do not believe there is enough evidence for a realistic chance of a conviction.
When being faced with an UWO it should be remembered that whilst agreeing to settle and hand over property is not an admission of guilt, anyone facing a UWO must consider carefully how they respond to the authorities. It is vitally important to take the right advice. Deciding how to proceed when assets worth millions are at stake can be the biggest decision a person ever has to make.
In such circumstances it will often be the case that an intelligent, robustly-argued challenge to a UWO – and, in particular, to the allegations being made by the law enforcement agency seeking the UWO – will bring success. But that success will depend on knowing precisely how to respond – and who to turn to – if and when you become the intended target of a UWO.
The Bank is Where the Heart Is
By Nick Barnes, Practice Director, Financial Services & Customer Success at JRNI When unexpected events occur, people turn to their banks to...
Will COVID-19 accelerate the transition to banking alternatives
By Gael Itier – CEO & Founder at akt.io The COVID-19 crisis has led us to witness what will be...
Using payments to streamline everyday transport
By Venceslas Cartier, Global Head of Transportation & Smart Mobility at Ingenico Enterprise Retail Once upon a time the only...
WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired
WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across...
Adoption of tech in private markets lags behind industry trends
Nine out of ten financial institutions have accelerated their digitisation strategy as a result of Covid-19. Yet just 26% of...
Covid-19 disruption drives five new retail supply chain trends
The business disruption caused by COVID-19 has resulted in four out of five (82%) retailers changing their approach to stock...
Remote leadership anxieties
It’s a difficult time to be navigating the complex world of business. Whilst adapting to new ways of working remotely,...
Online jobs soar by 14% in third quarter 2020, Freelancer.com’s Fast 50 reports
Freelancer.com (ASX: FLN), the world’s largest freelancing and crowdsourcing marketplace by number of users and jobs posted, today released the...
One third of money management tools face closure by the end of the year if they do not embrace open banking
New research from Yolt Technology Services shows 35% of Personal Finance Managers aren’t using any open banking technology Imminent screen...
Pivoting growth strategy to rebuild consumer trust and confidence
By Richard Steggall, the CEO of Urban FT Trust is essential to all relationships, whether personal or professional. And in...