Tag Archive for: Clarity

Will FM provide further clarity, direction on plans for digital rupee?


Budget 2024 Expectations: Will FM provide further clarity, direction on plans for digital rupee?

Representational image. Moneycontrol.

With Union Budget approaching, the talk of securing and ensuring ease of transaction in Central Bank Digital Currencies (CBDCs) is further gaining ground.

Central Bank Digital Currencies (CBDCs) are the talk of the town and would soon see the light of day. With pilots in the Digital Rupee already running in the wholesale (e₹-W) as well as the retail digital Rupee (e₹-R), there is a growing expectation that the upcoming Union Budget will provide further clarity and direction on the government’s plans for the digital rupee.

Digital currency could be a gamechanger for financial system

The increased interest in CBDCs is also a result of the shift in global budget focus towards digitalization and technology in order to be more efficient and cost-effective. The advent of a digital currency (DC) would signify a transformative shift towards a cashless economy in India, and could potentially revolutionize the country’s financial infrastructure and could be a potential game changer for the Indian financial system.

The ongoing economic uncertainty and the potential for monetary policy challenges in the wake of the COVID-19 pandemic have led many governments and central banks to explore the possibility of issuing CBDCs as a means of ensuring financial stability and promoting economic growth.

The potential benefits of a CBDC, underpinned by blockchain technology and backed by the government’s full faith and credit, cannot be ignored. It could provide individuals with a secure and convenient mode of digital transactions, and be a more stable and reliable form of currency.

One of the most significant advantages of CBDCs is their potential to enhance efficiency. By reducing transaction costs and making it easier for individuals, particularly those in underserved areas or without access to traditional banking services, to access financial services, CBDCs have the potential to increase financial inclusion. Additionally, CBDCs could also augment the stability of the financial system by providing a…

Source…

Breach Clarity Data Breach Report: Week of March 15


Each week Breach Clarity, recently acquired by Sontiq, compiles a list of what it considers to be notable data breaches—those that are worth highlighting because of the increased intensity of the risk to personal information. The Breach Clarity score identifies the level of risk on a scale of 1 to 10—the higher the score, the more severe the breach and level of risk.

For many high-risk breaches, we recommend that victims freeze or lock their credit report. A credit report freeze is unique in that it can single-handedly slash consumers’ risk of fraudulently opened new credit/loan accounts – something that can’t be said for many other safeguards. Unfortunately, this can give an exaggerated importance to this measure. While most consumers who don’t expect to need a credit inquiry in the near future can benefit from locking or freezing their credit report, breaches create clusters of risk that go beyond any single fraud type. A breach that exposes victims’ Social Security numbers heightens their risk of fraudulently opened credit cards typically exposed, but also makes it much easier for fraudsters to gain access to their financial accounts, apply for government benefits, or take over a mobile phone account.

That’s what makes breach notifications that stop at credit monitoring or freezes so dangerous. Breach victims need to understand the breadth of identity safeguards available to them – many at no or low cost. Even beyond other core measures, like alerts and strong authentication, services like USPS informed delivery, IRS identity protection PINs, and secure e-commerce platforms can meaningfully protect consumers from a variety of identity risks. Knowing the top risks posed by a data breach can help victims prioritize which of these measures makes the most sense for them.

Breach Clarity’s Weekly Spotlighted Breaches

New breaches added: 44

PEI-Genesis, Inc.
BreachIQ Score – 10
Unauthorized access to an employee email account at PEI-Genesis exposed personal information contained in messages and attachments that passed through the account. The information exposed varied by victim and included Social Security numbers, driver’s license numbers, financial account…

Source…

Breach Clarity can show you how serious data breaches can be – Komando

Breach Clarity can show you how serious data breaches can be  Komando

This year has brought one major data breach after another. In fact, 2019 will likely surpass 2018 in the number of breaches and the billions of consumer …

“data breach” – read more

GDPR Penalties Prove Why Compliance Isn’t Enough—And Why Companies Need Clarity

The legal uncertainty created by the General Data Protection Regulation (GDPR) is becoming so common, it’s starting to go unnoticed. In yet another recent example, Poland’s data protection authority (DPA), UODO (“Urząd Ochrony Danych Osobowych” in Polish), fined a European company over €220,000 for failing to comply with a GDPR requirement that companies provide individuals with privacy notices. While it hasn’t drawn considerable attention, this case could have considerable implications for many other European companies. The sanction cuts through expectations that data protection authorities (DPAs) will play a constructive role of both regulators and advisors under the GDPR, and it illustrates that the need to clarify the European privacy law is ever more urgent.

Bisnode, a European digital marketing company that specializes in data analytics, had collected and processed personal data from publicly available registers on six million individuals to provide creditworthiness scores to banks. The company used its access to the email addresses of about 679,000 users to inform them of the processing of their personal data—to which, out of a sample of 90,000 users, only 10 percent objected. But the operational costs of sending letters to the remaining 5.7 million users whose emails were unavailable would amount to €8 million of postal charges, an estimate which did not even include the related administrative costs. As a result, the company decided to publish a general statement on its website to alert the remaining data subjects. However, the Polish DPA decided that Bisnode did not go far enough in upholding its obligations under the GDPR.

The decision to sanction this company is misguided and sets a worrying precedent for two reasons. First, this penalty is a direct consequence of the privacy law’s vague provisions and misleading language, which EU policymakers must urgently clarify. Under Article 14 of the GDPR, organizations collecting and processing personal data must provide privacy notices directly to data subjects. But this obligation does not apply in case providing this information is “impossible, or would involve a disproportionate effort.” The Polish company thought it had fulfilled its obligations under the GDPR, as the exorbitant cost of reaching out to the remaining users could trigger this exception. But while accepting the company’s calculations, UODO regulators did not assess that €8 million would constitute a sufficiently “disproportionate effort.” What is more, because the GDPR is not prescriptive about how companies must provide users with information, UODO claimed that the law does not oblige them to inform users specifically via registered post. Hence UODO considered that a public statement was insufficient because the company could have used other solutions such as sending SMS messages, even though Bisnode did not have telephone numbers for everyone and the costs of doing so would have been high.

Second, this decision calls for a clarification of the role of DPAs under the GDPR. The company had taken a number of proactive steps to comply with the GDPR, yet UODO saw it as nothing more than proof that it was aware of its obligations and thus had intentionally violated them. DPAs should not impose penalties when there is ambiguity in the rules and companies are making an honest effort to comply. Instead, DPAs should play the role of educators so as to facilitate companies’ complex journey towards compliance. Before imposing penalties, they should take into account whether companies acted in good faith when establishing compliance strategies, the extent to which they have implemented compliance procedures internally, and the degree of interpretability of the provisions in question.

Many EU companies have yet to comply with the privacy law and do not expect that they ever will. EU policymakers should realize that the privacy law’s strict and complex requirements may be the main reason why. But the Polish decision shows that compliance may not even be enough. Companies cannot interpret unclear regulations, so they will continue to face unpredictable decisions. Even if a company appeals a decision, it will take time before the final outcome establishes jurisprudence.

EU policymakers and data protection authorities should focus on clarifying the legislation, specifying the technical requirements to provide information, and take into account the costs and difficulties compliance may impose on companies in some cases. Otherwise European businesses will continue to face difficulties interpreting and complying with the GDPR.

Eline Chivot is a senior policy analyst at the Center for Data Innovation, based in Brussels. Daniel Castro is the director of the Center for Data Innovation and vice president of the Information Technology and Innovation Foundation.

Permalink | Comments | Email This Story

Techdirt.