Connect with us

Technology

The Fundamentals of Data Privacy in America

The Fundamentals of Data Privacy in America

In the last few years, data privacy, network security, cyber attacks etc. have all become buzz words. Zuckerberg’s trial and sudden emails from companies saying “We have updated our privacy policy” have got us all thinking about what this is all about. Today we will provide you with a simple guide to understand the data privacy space in America and how it is (or not) regulated.

What is Data Privacy?

Data privacy does not have a set definition. Even the EU’s General Data Protection Regulation (GDPR), which is considered as the most comprehensive piece of law in data privacy has not defined it. But to understand it in simple terms, let’s break down the two words:

  1. Data: Data in the context of data privacy can include any of your personal information. Ranging from sensitive personal information like passwords, social security numbers, address etc. to other personal information like your chats, photographs, even your usage of emojis. Thus, every movement of yours can be converted into data and be monetised.
  2. Privacy: Privacy is your right to protect your personal space and be in control of what others are allowed to see.

Thus, data privacy means your right to protect and have control over any personal data. In the booming era of technology, your right to data privacy extends to online spaces, which means you must have the right to control the data online companies store about you. This idea has now emerged into a greater set of rights like the right to access, right to correct, right to be forgotten etc.

Why does Data Privacy Matter?

A question that often arises in the minds of people is that why is so much hue and cry over data privacy even necessary. And why should I be scared of sharing my personal details if I’m not doing anything wrong?

Let’s think of this, say you are put in the room with 4-5 CCTV cameras constantly monitoring and broadcasting your activities. Will there not be a difference in your behaviour immediately? Data storage by corporations works in the same way. Corporations collecting and monetizing your online activities is not only unethical but is also no different from a virtual CCTV. Hence, it is your right to not be under constant surveillance even if there is no tangible harm being done to you.

It’s not like data storage cannot lead to tangible harms. Data leaks across the world have led to major crimes like phishing, stalking, financial crimes etc. Hence, data privacy matters not only in and of itself but it is also a means to protect you from any other crimes.

What is the Legal Framework for Data Privacy in America?

Unlike the EU, America does not have an all-encompassing law on data privacy. But it has several other laws at the federal and state level, which protect and deal with data privacy. This framework, however, is incomplete and there are many areas like Right to be forgotten, Right to erasure etc., which are still not available to every American. Here is a guide to all the laws concerning data privacy in the USA.

Federal Laws

  1. Privacy Act, 1974

This is one of the first privacy legislation around the world. It deals with the collection, use and distribution of “personally identifiable data”.But the caveat here is that it only deals with information collected by the government. It provides citizens with a restricted right to obtain the data stored by the government, a right to correct data collected. It also ensures that only limited and necessary people within the government have access to your personally identifiable information.

But, as mentioned, this only deals with governments. Hence private corporations are not bound by this.

  1. USA PATRIOT Act

An acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, 200, this act was brought in immediately after the 9/11 attacks. An act that was initially aimed to counter terrorism has now become a tool for unnecessary governmental surveillance.

This law allows the government to collect and store any personal information about any person if they feel that they may be engaging in terrorist activities. With regards to data privacy, this act becomes relevant because it has provisions where the governments can seek personal information about any individual from third parties upon a mere doubt. Simply put, this means that the government can ask Facebook to deliver personal information about you, without your consent and Facebook will be bound to deliver it. Let alone consent you probably might not also be made aware of your data being shared by the government.

This act has become an important concern in the data privacy space not just in America but also in Europe and other jurisdictions with strict data privacy laws.

  1. Federal Trade Commission (FTC) Act

This is the Act behind all the heavy fines imposed on Facebook, Uber etc. for privacy violations. Ironically, this act does even directly deal with data privacy! FTC is an independent law enforcement agency aimed to prevent unfair competition and protect consumers. Here is how the FTC increased its scope to deal with data privacy.

Now Section 5 of this Act prohibits companies from practising any deceptive activities in the marketplace. In the case of Facebook, it acted against its privacy policy and allowed third parties to use the personal data of individuals without their consent. Since the privacy policy was different from their actual actions, this was termed to be “deceptive” and FTC was allowed to take an action.

What this means for data privacy is that unless there is a clear violation of company policy, the FTC cannot take any action. So in cases where companies sneakily make you agree to their terms and conditions, the FTC cannot do anything.

  1. Sector-based laws

There are several other sector-based regulations which deal with information of a certain group or sector of individuals. They do not directly deal with data on the internet but are indirectly applicable. Here are a few:

Children’s Online Protection of Privacy Act (COPPA): This restricts the collection of data of children under the age of 12. Data can only be collected upon explicit consent by the parents.

Health Insurance Portability and Accountability Act (HIPAA): This act was designed to protect medical and health-related information of patients, It allows only those involved in treatment and other medical processes to access your health information. It requires your consent before it is shared with anyone else.

State laws

  1. Data Breach Notification

This is common between all 50 states in America. If there is a data breach i.e. a loss or accidental publication of data, the company who suffers from such a breach is mandated to notify it with the state governments. This helps in making consumers aware if there is any data breach by a company which stores their information.

  1. California Consumer Privacy Act, 2018

This is one of the most comprehensive laws on data privacy in the USA. Although it is only applicable to people in California, this act is a good blueprint for a federal law. This act provides consumers with a right to access and delete any personal information held by corporations. Additionally, it also requires companies to provide reasonable security of data to consumers. However, it still does not impose any mandatory security procedures or fines on corporations. How useful and effective this act becomes is something only time will tell.

  1. Others

Maryland, New York, Hawaii, Massachusetts etc. are also in the process of getting their own data privacy laws. Most of them have relied on the GDPR and CCPA and are designing their law accordingly.

However, the problem of data privacy cannot be completely resolved there is a federal law on it. As powerful as state laws can be, they still will always have restrictions when it comes to global data collections and cross-border data transactions.

How Can You Protect Your Data?

Perfect laws have never existed. There are always going to be some loopholes and difficulties in every law. It is then important for us to take preventive measures to protect ourselves. Here are a few ways in which you can protect your data:

  1. Choose proper passwords: We know it is very difficult to have different passwords for every website. But having just one password for every website can do a lot of damage. So use different passwords every time. Store them in a secured place offline so you do not forget.
  2. Use VPN: Public WiFi’s are great, but they can be mine for data hackers. Always use a VPN when using public WiFi in order to protect your information. VPN i.e. Virtual Private Network gives you a private mechanism to surf the internet. You can also use it to browse content from other countries, so it’s a win-win!
  3. Review App Permissions: You can adjust these in your settings. Review and decline permissions which are unnecessary for an app to function.

Cyberspace is still evolving and there are many things that the American law still does not cover. But we hope this gave you a brief understanding of the current data privacy space in America. Your data is very important and needs to be protected. So ensure you take appropriate measures to protect yourself.

Technology

How sustainable AI improves the triple bottom line

How sustainable AI improves the triple bottom line 1

An investment in green AI enables financial services firms to align people, profit, and planet

By Nick Dale, EVP business development, Verne Global

Green investing is widely regarded as a mega trend, with chief executive Larry Fink of BlackRock, the world’s largest money manager, stating, “Climate change has become a defining factor in companies’ long-term prospects … awareness is rapidly changing, and I believe we are on the edge of a fundamental reshaping of finance.”

The recent seismic shift in public opinion about climate change has not only increased attention on the sustainability and societal impact of investing in a company, it’s also influencing the decisions being made in finance industry boardrooms overall, whether that’s implementing innovative business models or adopting new partnerships and technologies. However, as business leaders strive to make green choices, many are unaware of the hidden environmental costs of the technologies they are employing.

AI in the finance industry

The use of AI has become ubiquitous across industry sectors, and is now an integral part of the technologies being used in financial services, from optimising asset portfolios and underwriting loans to assessing risks.

AI is especially beneficial for things like quantitative trading, which uses large data sets to identify patterns that can then inform strategic trades. AI’s machine learning models can analyse vast and complex data and make predictions accordingly. But AI models are not only data-hungry, they are power hungry.

Power-hungry AI

Supercomputers train and test mountains of data for AI models, and can run 24-hours a day, for hours, days, or even weeks. These applications consume huge amounts of energy, and as AI technology continues to grow and develop, the computations behind it are also increasing in size and complexity. The carbon emissions from training a single AI model for language translation is roughly equivalent to 125 round-trip flights from New York to Beijing (AI Now 2019 Report).

The carbon cost of AI becomes even higher when you factor in the energy required to keep the computing equipment housed in data centres cool – overheating can impact performance and damage equipment. As a result, in a conventional data centre, at least 40% of all energy consumed goes towards cooling.

But sustainable AI is possible if financial services organisations take positive steps to minimise its environmental impact.

Minimising AI’s carbon footprint

Location, location, location

Many tech giants are committing to reducing their carbon footprint, with Amazon pledging to reach 80% renewable energy by 2024, and Google investing in data centres in Nordic countries specifically for better energy efficiency.

Nick Dale

Nick Dale

This is because in the Nordics, data centres are largely powered by renewable energy sources. Iceland, in particular, uses 100% renewable hydroelectric and geothermal power – with no nuclear power sources – and is connected to a reliable power grid. These renewable energy sources are much less harmful to the environment because, unlike fossil fuels, they don’t cause pollution and don’t generate greenhouse gases. Not to mention, renewable energy is based on natural resources that can be replenished within an average human lifetime, as compared to fossil fuels, which can take thousands—or even millions—of years to replace.

Over 80% of compute doesn’t need to be near the end-user, and in those situations, choosing data centre locations in cool climates has a significant impact on carbon emissions. AI compute can be located in places like Iceland, which can utilise all-year-round, free cooling due to its temperate climate.

Data centres that are located in hot climates, like Arizona in the US, require high-powered cooling systems in operation around the clock. With average high temperatures of 40° Celsius in the summer, these data centres can use up to 4 million gallons of water a day to absorb heat through evaporation into cooling towers. Consequently, when location doesn’t hamper performance or accessibility, housing AI compute in data centres with natural cooling is a no-brainer.

Energy efficient and cost-effective

Many in the financial sector have traditionally viewed sustainability as a trade-off between profit and planet, but when it comes to green AI, financial services firms can have it both ways. By housing the servers that train AI models in data centres powered by renewable energy sources, businesses can substantially reduce energy expenses and benefit from long-term, fixed pricing.

And when renewable energy sources are combined with year-round, cool climates, the energy demands and costs of AI can be dramatically reduced. AI is here to stay, but by making the right choices, companies in the finance sector can still drive profitability whilst making real and measurable progress on sustainability.

Continue Reading

Technology

Survey of IT decision makers exposes the increased pressures IT organisations face amidst covid-19

Survey of IT decision makers exposes the increased pressures IT organisations face amidst covid-19 2

Independent Survey Uncovers the Limitations Traditional IT Infrastructure Imposes, Exacerbated by a Remote Workforce

Nebulon, Inc.®, the pioneer of Cloud-Defined Storage, released today the results of an independent survey completed by IT decision makers at 500 companies in the IT, financial services, manufacturing, retail, distribution and transport industries across the UK, US, Germany and France. Conducted in June of this year, the survey exposes the biggest challenges enterprises face in transforming their on-premises application storage environments, which have only been exacerbated during this COVID-19 era. While IT organisations cite multiple restrictions, the survey reveals limited infrastructure automation and high CAPEX as the most significant challenges for those deploying enterprise storage array technology, forcing them to re-examine IT spending and operations even more so than usual amidst the pandemic.

While increasing automation and reducing costs may seem like mainstream initiatives for any large organisation, the pandemic and resulting workforce restrictions mandate significant progress in days or weeks, versus months or quarters. The results of the survey, undertaken by Vanson Bourne, further reinforce this as respondents also highlighted their on-premises application storage environments are difficult to maintain, and reveal that they lacked the in-house expertise necessary to manage them. Even more disconcerting, respondents indicate that their traditional external storage arrays are not suited to handle new workloads, including containers and NoSQL databases. This is unsurprising as modern workloads have been architected for local versus shared storage resources.

British IT decision makers specifically ranked “expensive” highest, with 57% making this one of their top three challenges, followed by “time consuming to maintain” (50%) and “difficult to automate at scale” (49%). Respondents from smaller organisations (1,000-2,999 employees) were more likely to mark “lack of in-house expertise” highly compared to larger organisations (3,000+employees) (59% compared to 31%) while these larger companies were more likely to consider cost a top challenge (61% compared to 35%).

“The impact of the pandemic is forcing CIOs worldwide to reconsider their operations,” said Siamak Nazari, Co-Founder and CEO of Nebulon, Inc. “Reducing costs through server-based storage alternatives without the restrictions of hyperconverged infrastructure, and reducing operating cost pressure through cloud-based management of the application storage infrastructure are crucial initiatives for IT organisations looking to survive this new normal.”

For companies with a growing class of mission-critical data that cannot or should not move to the public cloud, Cloud-Defined Storage is an alternative to expensive storage arrays, offering enterprises a cloud-managed, server-based approach for mission-critical storage. By combining a cloud-based control plane, called Nebulon ON, with server-based storage that is powered by the Nebulon Services Processing Unit (SPU), Nebulon enables organisations to reduce cost for enterprise storage by up to half without compromising on enterprise data services. This is made possible by Nebulon’s unique architecture that makes use of commodity SSDs in industry standard servers, Ethernet in favour of Fibre Channel, and by eliminating operational complexities by moving management to Nebulon ON with an as-a-service model.

Nebulon ON uses AI to analyse application workloads during operations, provides actionable recommendations for IT organisations and provides a single API endpoint that greatly streamlines automation at-scale. Customisable application templates, tailored for customer’s application clusters, eliminate the guesswork in configuring infrastructure and produce repeatable, reliable infrastructure services for modern, mission-critical workloads. With the architectural and operational simplicity of Cloud-Defined Storage, application owners gain a self-service infrastructure provisioning that is unmatched with existing on-premises storage solutions.

“IT organisations have been seeking a cost-effective alternative to external storage arrays for years,” said Nazari. “With our Cloud-Defined Storage offering, they finally have the opportunity to reduce costs while also deploying a self-service solution for application owners that also reduces the operational burden.”

Continue Reading

Technology

Are you ‘prescribing’ the right security solution to your merchants?

Are you ‘prescribing’ the right security solution to your merchants? 3

By Sandra Higgins, Chief Marketing Officer at Sysnet Global Solutions, draws parallels between taking multivitamins for the body to keeping small businesses ‘healthy’ using an all-in-one security solution

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs to ensure it is working as effectively as possible. To combat this, a doctor might suggest taking a daily multivitamin as an insurance policy, to guarantee the body gets all the minerals and vitamins it needs, avoiding any shortfalls. Makes sense, right?

This same logic can be applied to businesses and the importance of cybersecurity and compliance solutions, especially in the current climate and the risks associated with remote working. Like a doctor prescribing a multivitamin to help their patients’ minds and bodies function effectively, in the same way, acquirers can offer security ‘prescriptions’ to help merchants keep on top of business health. The prescription is then deployed by a security software provider, much like a pharmacy would, dispensing the multivitamin of data security services and tools to help keep businesses in good health.

Just what the doctor ordered

With a wide variety of data security and compliance solutions available, like the streams of vitamins you see on pharmacy shelves, smaller businesses can often become overwhelmed by the sheer volume of available tools and may forego sourcing their business ‘medication’ altogether.

Taking the stress out of trying to understand what the business needs, it’s an acquirer’s responsibility to prescribe one solution that allows merchants to stay security fit and prevents them from becoming overwhelmed at the choice available. That way, merchants don’t end up buying the wrong solutions or supplementary add-ons at additional cost, that they don’t actually need.

The benefits of an all-in-one solution

Like with medicine, merchants need to know the long-term benefits of prescriptions before administering it, and with an all-in-one solution, the benefits are vast. In addition to easy compliance with payments standards such as PCI DSS and access to security tools that are appropriate to business set-up, other benefits of all-in-one security solutions include;

  1. Increased energy levels. With business security taken care of, business owners will have more time to focus on what matters, giving them more energy to run other areas of the business.
  2. Reduced fatigue. If a business has to work hard to manage its security levels, or its owner is losing sleep over not managing it at all, resulting in overdrive just to perform simple tasks, being compliant with regulations, like the PCI DSS standard, becomes much harder.
  3. Long-term healthy lifestyle. By taking an all-in-one security solution, businesses will become ‘compliance and security fit’. Everything will run more efficiently, without security issues slowing things down and preventing a business from moving forward.
  4. Improved mood. Certain studies have shown that a daily multivitamin has positive effects on a person’s mood and emotional well-being. Not having to think so much about security and compliance lifts a burden and has the same effect – business owner don’t feel guilty about not paying it enough attention and there’s no need to worry about breaches or facing fees from not being PCI compliant.
  5. Reduced stress and anxiety. Similar to having an improved mood, by simply attending to security matters, businesses will have one less thing to worry about.

Strength in numbers

Not only is there a multitude of long-term benefits attached to having a fully managed data security solution prescribed by acquirers, allowing businesses to be faster, simpler and more profitable, it also means that costs are kept low. Many people buy vitamins in bulk to help share the cost with family or close friends. By buying security tools at scale, costs are kept down for merchants. This means that when a business is weighing up their budgets, they can be sure their compliance and security cost is entirely affordable.

When buying a multivitamin, customers will likely buy from a reputable brand so that you can rely on the quality and effectiveness of the daily dose, as reputable multivitamin providers undergo meticulous analysis and rigorous quality controls during the manufacturing process. In the same vein, humans wouldn’t want a substandard multivitamin for their own body, so businesses wouldn’t expect this from an acquirer’s prescription.

Easy to consume

Multivitamins can provide patients with numerous health benefits but the biggest benefit of all is having these solutions in one place. It makes it easier to ensure the body gets all it needs to stay healthy. It is the same thing for businesses. Taking a security ‘multivitamin’ will greatly take the stress out of addressing compliance and security, and provide a business with more time to focus on other pressing tasks.  If small businesses, in particular, can get into the habit of taking a regular multivitamin, a straightforward all-in-one solution, to address compliance and security at their business, they will be more open to trying other things too that may lead to an evolution of the business.

Continue Reading

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Return to work: Flexibility, preparation and communication are key 4 Return to work: Flexibility, preparation and communication are key 5
Business2 days ago

Return to work: Flexibility, preparation and communication are key

By Matt Weston, Managing Director, Robert Half UK As lockdown restrictions ease for the foreseeable future, conversations across the business...

How sustainable AI improves the triple bottom line 6 How sustainable AI improves the triple bottom line 7
Technology2 days ago

How sustainable AI improves the triple bottom line

An investment in green AI enables financial services firms to align people, profit, and planet By Nick Dale, EVP business...

The impact and implications of Covid-19 on financial reporting 8 The impact and implications of Covid-19 on financial reporting 9
Finance2 days ago

The impact and implications of Covid-19 on financial reporting

By Mark Billington, Regional Director, Greater China & South-East Asia, ICAEW The economic consequences of Covid-19 have been unprecedented, affecting...

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   10 Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy   11
Business2 days ago

Contis enters RBS Capability and Innovation Fund bid seeking £35 million for disruptive SME growth strategy  

Leading payments provider, Contis, has applied for two grants from the RBS & BCR Alternative Remedies Package, totalling £35 million.   Unlike most applicants who...

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 12 Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver 13
Business2 days ago

Four years of digital transformation in four weeks: UK lockdown puts pressure on brands to digitally deliver

Nearly a third (32%) of consumers would switch providers if a brand’s website is unavailable for more than 24 hours...

Demonstrating the value of collaborative leadership during crises 14 Demonstrating the value of collaborative leadership during crises 15
Business3 days ago

Demonstrating the value of collaborative leadership during crises

By Jean Stephens, CEO, RSM International In 2000, a leading expert in behavioural science, Daniel Goleman, outlined the six key...

Empowerment Accelerates Continuous Improvement 16 Empowerment Accelerates Continuous Improvement 17
Business3 days ago

Empowerment Accelerates Continuous Improvement

By Larry Sternberg, JD, Fellow, Talent Plus, Inc. Empowerment First, let me clarify how I am using the word “empowerment”...

What is loneliness and how can you manage it? 18 What is loneliness and how can you manage it? 19
Top Stories3 days ago

What is loneliness and how can you manage it?

By Iris Schaden Your Business and Personal Coach A mere century ago, almost no one lived alone. Today, many do...

How banks can build digital transformation into business continuity 20 How banks can build digital transformation into business continuity 21
Business3 days ago

How banks can build digital transformation into business continuity

By Andrew Warren, Head of Banking & Financial Services, UK&I, Cognizant Businesses around the world are falling victim to the...

Akerton Partners 22 Akerton Partners 23
Finance3 days ago

Akerton Partners

Akerton Partners S.L. is a Spanish independent mid-market corporate finance advisor founded over a decade ago, in 2008, amid a...