Hyperledger Fabric Blockchain Integrates ‘GDPR Compliant’ Privacy Solution

Hyperledger Fabric Blockchain Integrates 'GDPR Compliant' Privacy Solution
cryptocurrency-event-2018

A ‘GDPR Compliant’, In-Built Solution Woven in to the Fabric

With the release of Hyperledger Fabric V1.2, they introduce the concept of private data. Of all the things to solve in the world of technology, the issues surrounding confidentiality and privacy are the most important words coming out of the space.

While professed to be ‘GDPR Compliant’, the user is at their discretion as to whether it is in fact compliant.

Private Data and SideDBs on Blockchain? Sounds Counterintuitive

One of the earlier ways that you could ensure some level of confidentiality is through different channels. But while this does offer some scope of privacy, creating a large volume of private channels is generally discouraged on a large network.

Why is that? It’s because while it does assure some security, more channels brings more complications such as managing policies, chaincode versioning, and Membership Service Providers. And all of that data would need to be either public and private and transactions between the two would be time-consuming.

This is where private transactions come into the equation, with private data comes the ability to create collections of data but also use policies in order to interdict who has access to this data and who doesn’t.

This access can simply be managed by adding policies to the collections. This allows for some data to be public and some to be private for some parties.

Sounds good so far right? Well, this is where the difficulty stems.

The Issue

Imagine you’re shuffling a deck of cards made up of the cards of multiple people, how would you go about remember whos cards are who’s?

All of those cards can be free to observe to the public, but for privacy reasons, who owns what can’t be made public for privacy reasons. But, for example, if you want to buy one of these cards, you’ll need access to this otherwise private data because you intend to buy one, in which case, you’ll need to know who the real owner of specific cards are.

In this case, a card auditing system will be a partner in this to check validity. If you’re not using channels, in 1.1, everything you do will be recorded to state of the ledger. This is not GDPR compliant.

Looking at the top example, the ‘Channel Read-Write sets’ are what the system looks like currently, with every transaction being recorded in state and history.

What it shows is a private state between two individuals, while the second set (second one down) shows a private state between two peers, divided by their organizations. This state is replicated across these peers according to policies.

By the third state, the power of these transactions become more apparent, with collections being subject to omission by certain members, meaning that seperate private collections for every seller-auditor relation can be made. These collections allow for some data to be added, while the main data is still stored in the main state and ledger.

Only authorized peers can see the hash of data on on the main ledger, with the true data on the private system. Anyone unauthorized will not be able to see it, by comparison, and will only see the hash on the ledger. As a result, they’ll never be able to see the information due to hash’s being irreversible. Hows does that work? It’s resolved through this system:

Where Does GDPR Come Into This?

This Hyperledger Fabric helps to address some of the key problems within the system the prevents it from being fully GDPR compliant.

The Problem

Any information added to the ledger can’t be deleted, this is where GDPR comes in; any personal information added can’t be deleted either. One method is to store this data off-chain, but this is an overly-complex solution because you have to look up the validity of the data manually, as well as the links to the data on the blockchain.

Private Data as a Solution?

Private data can be the solution, as it, in a sense, can solve inconsistencies with GDPR. How? It comes back to the phrase ‘you shouldn’t have access to data you’re not using.

Data and Use Limitation

Private data solves this issue by not controlling access using policies similar to endorsement. By using this logic, we can use operators to define which parties have access.

As for collections of data, you can specify a blockToLive in the policy. This provides you with the data you need for a specified amount of time. This system means that any blocks going unused are purged to save space.

GDPR Disclaimers

These systems are only GDPR compliant when:

  • Parties aren’t malicious: This is where the rules in your consortium come in. You need to have clear rules with clear consequences defined to make sure nodes do not get malicious.
  • When incorrectly implemented: As previously mentioned in the article, so long as it’s implemented properly, then it will be GDPR compliant.
crypto training course

Related:

  • No Related Posts

Insurance blockchain alliance leaves IBM and Hyperledger for R3’s Corda

Our privacy commitments

This Privacy Policy outlines the information we may collect about you in relation to your use of our websites, events, related publications and services (“personal data”) and how we may use that personal data. It also outlines the methods by which we and our service providers may (subject to necessary consents) monitor your online behaviour to deliver customised advertisements, marketing materials and other tailored services. This Privacy Policy also tells you how you can verify the accuracy of your personal data and how you can request that we delete or update it.

This Privacy Policy applies to all websites operated by Exporta Publishing & Events Ltd (as indicated on the relevant website).

This privacy statement does not cover the activities of third parties, and you should consult those third-party sites’ privacy policies for information on how your data is used by them.

Any questions regarding this Policy and our privacy practices should be sent by e-mail to privacy@gtreview.com or by writing to Data Protection Officer at, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, United Kingdom. Alternatively, you can telephone our London headquarters at +44 (0) 20 8673 9666.

Who are we?

Established in 2002 and with offices in London and Singapore, Exporta Publishing & Events Ltd is the world’s leading trade and trade finance media company, offering information, news, events and services for companies and individuals involved in global trade.

Our principal business activities are:

  • Business-to-Business financial publishing. We provide a range of products and services focused on international commodities, export, supply chain and trade finance markets including magazines, newsletters, electronic information and data
  • Organisers of seminars, conferences, training courses and exhibitions for the finance industry

Exporta Publishing & Events Ltd is a company registered in the United Kingdom with company number 4407327 | VAT Registration: 799 1585 59

Data Protection Policy

This Data Protection Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Why do we collect information from you?

Our primary goal in collecting personal data from you is to give you an enjoyable customised experience whilst allowing us to provide services and features that will meet your needs.

We collect certain personal data from you, which you give to us when using our Site and/or registering or subscribing for our products and services. However, we also give you the option to access our Sites’ home pages without subscribing or registering or disclosing your personal data.

We also collect certain personal data from other group companies to whom you have given information through their websites (including, by way of example, Exporta Publishing & Events Ltd and subsidiaries, in accordance with the purposes listed below). Should we discover that any such personal data has been delivered to any of the Sites, we will remove that information as soon as possible.

Why this policy exists

This Data Protection Policy ensures Exporta Publishing & Events Ltd:

  • Complies with data protection law and follow good practice
  • Protects the rights of staff, customers and partners
  • Is open about how it stores and processes individuals’ data
  • pretexts itself from the risk of a data breach

We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Data protection law

The Data Protection Act 1998 described how organisations – including Exporta Publishing & Events Ltd – must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with the law, personal information collected must be stored safely, not disclosed unlawfully and used fairly.

The Data Protection Act is underpinned by eight important principles. These say that personal data must:

  • Be processed fairly and lawfully
  • Be obtained only for specific, lawful purposes
  • Be adequate, relevant and not excessive
  • Be accurate and kept up to date
  • Not be held for any longer than necessary
  • Processed in accordance with the rights of data subjects
  • Be protected in appropriate ways
  • Not be transferred outside the European Economic Area (EEA), unless that country of territory also ensures an adequate level of protection

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about products and services, when you register for an event, register to receive eNewsletters, subscribe or register for a trial to our GTR magazine/website.

Types of Personal Data Held and its Use

1. Customer Services and Administration

On some Sites, Exporta Publishing & Events Ltd collects personal data such as your name, job title, department, company, e-mail, phone, work and/or home address, in order to register you for access to certain content, subscriptions and events. In addition, we may also store information including IP address and page analytics, including information regarding what pages are accessed, by whom and when.

This information is used to administer and deliver to you the products and/or services you have requested, to operate our Sites efficiently and improve our service to you, and to retain records of our business transactions and communications. By using the Sites and submitting personal information through the registration process you are agreeing that we may collect, hold, process and use your information (including personal information) for the purpose of providing you with the Site services and developing our business, which shall include (without limitation) the purposes described in the below paragraphs.

2. Monitoring use of our Sites

Where, as part of our Site services, we enable you to post information or materials on our Site, we may access and monitor any information which you upload or input, including in any password-protected sections. Subject to any necessary consents, we also monitor and/or record the different Sites you visit and actions taken on those Sites, e.g. content viewed or searched for. If you are a registered user (e.g. a subscriber or taking a trial), when you log on, this places a cookie on your machine. This enables your access to content and services that

are not publicly available. Once you are logged on, the actions you take – for example, viewing an article – will be recorded (subject to any necessary consents). We may use technology or a service provider to do this for us. This information may be used for one or more of the following purposes:

  • to fulfil our obligations to you;
  • to improve the efficiency, quality and design of our Sites and services;
  • to see which articles, features and services are most read and used
  • to track compliance with our terms and conditions of use, e.g. to ensure that you are acting within the scope of your user licence;
  • for marketing purposes (subject to your rights to opt-in and opt-out of receiving certain marketing communications) – see paragraph 3 below;
  • for advertising purposes, although the information used for these purposes does not identify you personally. Please see paragraph 5 below for more details;
  • to protect or comply with our legal rights and obligations; and
  • to enable our journalists to contact and interact with you online in connection with any content you may post to our Sites.

Please see paragraph 5 below for more information on cookies and similar technologies and a link to a page where you can turn them on or off.

3. Marketing

Some of your personal data collected under paragraphs 1 and 2 above may be used by us to contact you by e-mail, telephone and/or post for sending information or promotional material on our products and/or services and/or those of our other group companies. We give you the opportunity to opt-out of receiving marketing communications. Further detail can be found on the applicable Site and in the footer of each marketing communication sent by us, our group companies or service providers. See also “Consents and opt-outs” section below. We will not share your information with third parties for marketing purposes.

4. Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you.

5. Cookies and similar technologies

All our Sites use cookies and similar technical tools to collect information about your access to the Site and the services we provide.

What is a cookie?

When you enter some sites, your computer will be issued with a cookie. Cookies are text files that identify your computer to servers. Cookies in themselves do not identify the individual user, just the computer used.

Many sites do this whenever a user visits their site in order to track traffic flows, recording those areas of the site that have been visited by the computer in question, and for how long.

Users have the opportunity to set their computers to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. Selecting not to receive means that certain personalised services Exporta Publishing & Events Ltd offers cannot then be provided to that user.

Why do we use cookies?

  1. Log In – Where we provide log in mechanisms for site users a cookie is created at login and for the duration of the session. Each cookie contains a unique reference number only (no personal information) which is used to confirm you are authorised.
  2. Analytics – To allow us to keep track of traffic to our website we use cookies. The cookies simply tell us if you have previously visited our website so we can get more accurate figures for New vs Returning visitors.

Find and control your cookies

All of the major browser providers offer advice on setting up and using the privacy and security functions for their products. If you require technical advice or support for a specific browser/version please contact the provider or visit their website for further details: www.microsoft.com / www.mozilla.com / www.apple.com

/ www.opera.com / www.aol.com / www.netscape.com

/ www.flock.com / www.google.com

We may use cookies to:

  • remember that you have used the Site before; this means we can identify the number of unique visitors we receive to different parts of the Site. This allows us to make sure we have enough capacity for the number of users that we get and make sure that the Site runs fast enough
  • remember your login session so you can move from one page to another within the Site;
  • store your preferences or your user name and password so that you do not need to input these details every time you visit the Site;
  • customise elements of the layout and/or content of the pages of Site for you;
  • record activity on our Sites so that we understand how you use our Sites enabling us to better tailor our content, services and marketing to your needs;
  • collect statistical information about how you use the Site so that we can improve the Site; and
  • gather information about the pages on the Site that you visit, and other information about other websites that you visit, so as to place you in a “market segment”. This information is only collected by reference to the IP address that you are using, but does include information about the county and city you are in, together with the name of your internet service provider.

Most web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that, or to notify you each time a cookie is set. You can also learn more about cookies in general by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser. Please note however, that by blocking, deleting or turning off cookies used on the Site you may not be able to take full advantage of the Site.

6. E-mail tracking

E-mail tracking is a method for monitoring the e-mail delivery to those subscribers who have opted-in to receive marketing e-mails from GTR, including GTR Africa, GTR Asia, GTR Americas, GTR Europe, GTR Mena, GTR eNews, Third party e-mails and GTR Ventures.

Why do we track e-mails?

So that we can better understand our users’ needs, we track responses, subscription behaviour and engagement to our e-mails – for example, to see which links are the most popular in newsletters. They enable us to understand the consumers journey through metrics including open rate, click-through rate, bounces and unsubscribes. Any other purposes for which Exporta Publishing & Events Ltd wishes to use your personal data will be notified to you and your personal data will not be used for any such purpose without obtaining your prior consent.

How do you track GTR eNewsletters?

To do this, we use pixel GIFs, also known as “pixel tags” – these are small image files that are placed within the body of our e-mail messages. When that image is downloaded from our web servers, the e-mail is recorded as being opened. By using some form of digitally time-stamped record to reveal the exact time and date that an e-mail was received or opened, as well the IP address of the recipient.

7. Consents and opt-outs

You can give your consent to opt-out of all or any particular uses of your data as indicated above by:

  • Indicating at the point on the relevant Site where personal data is collected
  • Informing us by e-mail, post or phone
  • Updating your preferences on the applicable Site or eNewsletter (unsubscribe and preference options are available in the footer of each eNewsletter)

To turn cookies and similar technologies on and off, see the information in paragraph 5 above. Any questions regarding consents and opt-outs should be sent by e-mail to privacy@gtreview.com or by writing to Data Protection Officer at, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, United Kingdom. Alternatively, you can telephone our London headquarters at +44 (0) 20 8673 9666.

8. Disclosures

Information collected at one Site may be shared between Exporta Publishing & Events Ltd and other group companies for the purposes listed above.

We may transfer, sell or assign any of the information described in this policy to third parties as a result of a sale, merger, consolidation, change of control, transfer of assets or reorganisation of our business.

9. Public forums, message boards and blogs

Some of our Sites may have a message board, blogs or other facilities for user generated content available and users can participate in these facilities. Any information that is disclosed in these areas becomes public information and you should always be careful when deciding to disclose your personal information.

10. Data outside the EEA

Services on the Internet are accessible globally so collection and transmission of personal data is not always limited to one country. Exporta Publishing & Events Ltd may transfer your personal data, for the above-listed purposes to other third parties, which may be located outside the European Economic Area and/or with a different level of personal data protection. However, when conducting transfers, we take all necessary steps to ensure that your data is treated reasonably, securely and in accordance with this Privacy Statement.

Who has access to your information?

Confidentiality and Security of Your Personal Data

We are committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration.

However, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features described above to try to prevent unauthorised access.

We have implemented information security policies, rules and technical measures to protect the personal data that we have under our control from:

  • unauthorised access
  • improper use or disclosure
  • unauthorised modification
  • unlawful destruction or accidental loss

All our employees, contractors and data processors (i.e. those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of your personal data, are obliged to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us.

Responsibilities

Everyone who works for or with Exporta Publishing & Events Ltd has some responsibility for ensuring data is collected, stored and handled appropriately. Each team handling personal data must ensure that it is handled and processed in line with this policy and data protection principles. However, the following people have key areas of responsibility. The board of directors is ultimately responsible for ensuring that Exporta Publishing & Events Ltd meets its legal obligations.

Name of Data Controller

The Data Controller is Exporta Publishing & Events Ltd. Exporta Publishing & Events Ltd is subject to the UK Data Protection Act 1998 and is registered in the UK with the Information Commissioner`s Office.

How to access, update and erase your personal information

If you wish to know whether we are keeping personal data about you, or if you have an enquiry about our privacy policy or your personal data held by us, in relation to any of the Sites, you can contact the Data Protection Officer via:

  • By writing to this address: Data Protection Officer, Exporta Publishing & Events Ltd, 4 Hillgate Place, London, SW12 9ER, UK
  • Telephone: +44 (0) 20 8673 9666
  • E-mail: privacy@gtreview.com

Upon request, we will provide you with a readable copy of the personal data which we keep about you. We may require proof of your identity and may charge a small fee (not exceeding the statutory maximum fee that can be charged) to cover administration and postage.

Exporta Publishing & Events Ltd allows you to challenge the data that we hold about you and, where appropriate in accordance with applicable laws, you may have your personal information:

  • erased
  • rectified or amended
  • completed

Disclosing data for other reasons

In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, Exporta Publishing & Events Ltd, will disclose requested data. However, the Data Controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisors where necessary.

Changes to this Privacy Statement

We will occasionally update this Privacy Statement to reflect new legislation or industry practice, group company changes and customer feedback. We encourage you to review this Privacy Statement periodically to be informed of how we are protecting your personal data.

Providing information

Exporta Publishing & Events Ltd aims to ensure that individuals are aware that their data is being processed, and that they understand.

  • How the data is being used
  • How to exercise their rights

To this end, the company has a privacy statement, setting out how data relating to individuals is used by the company. This is available on request and available on the company’s website.

Review of this policy

We keep this Policy under regular review. This Privacy Statement was last updated in April 2018.

Related:

  • No Related Posts

Tel Aviv Stock Exchange Launches Blockchain-Based Securities Lending Platform

In using this website you are deemed to have read and agreed to the following terms and conditions:

The following terminology applies to these Terms and Conditions, Privacy Statement and Disclaimer Notice and any or all Agreements: “Client”, “You” and “Your” refers to you, the person accessing this website and accepting the Company’s terms and conditions. “The Company”, “Ourselves”, “We” and “Us”, refers to our Company. “Party”, “Parties”, or “Us”, refers to both the Client and ourselves, or either the Client or ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner, whether by formal meetings of a fixed duration, or any other means, for the express purpose of meeting the Client’s needs in respect of provision of the Company’s stated services/products, in accordance with and subject to, prevailing English Law. Any use of the above terminology or other words in the singular, plural, capitalisation and/or he/she or they, are taken as interchangeable and therefore as referring to same.

Privacy Statement

We are committed to protecting your privacy. Authorized employees within the company on a need to know basis only use any information collected from individual customers. We constantly review our systems and data to ensure the best possible service to our customers. Parliament has created specific offences for unauthorised actions against computer systems and data. We will investigate any such actions with a view to prosecuting and/or taking civil proceedings to recover damages against those responsible.

Confidentiality

We are registered under the Data Protection Act 1998 and as such, any information concerning the Client and their respective Client Records may be passed to third parties. However, Client records are regarded as confidential and therefore will not be divulged to any third party, other than Finance Magnates, if legally required to do so to the appropriate authorities.

We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by this Company will only be in connection with the provision of agreed services and products.Disclaimer

Exclusions and LimitationsThe information on this web site is provided on an “as is” basis. To the fullest extent permitted by law, this Company:excludes all representations and warranties relating to this website and its contents or which is or may be provided by any affiliates or any other third party, including in relation to any inaccuracies or omissions in this website and/or the Company’s literature; andexcludes all liability for damages arising out of or in connection with your use of this website. This includes, without limitation, direct loss, loss of business or profits (whether or not the loss of such profits was foreseeable, arose in the normal course of things or you have advised this Company of the possibility of such potential loss), damage caused to your computer, computer software, systems and programs and the data thereon or any other direct or indirect, consequential and incidental damages.Finance Magnates does not however exclude liability for death or personal injury caused by its negligence. The above exclusions and limitations apply only to the extent permitted by law. None of your statutory rights as a consumer are affected.

Log Files

We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. Additionally, for systems administration, detecting usage patterns and troubleshooting purposes, our web servers automatically log standard access information including browser type, access times/open mail, URL requested, and referral URL. This information is not shared with third parties and is used only within this Company on a need-to-know basis. Any individually identifiable information related to this data will never be used in any way different to that stated above without your explicit permission.

Cookies

Like most interactive web sites this Company’s website [or ISP] uses cookies to enable us to retrieve user details for each visit. Cookies are used in some areas of our site to enable the functionality of this area and ease of use for those people visiting.

Links to this website

You may not create a link to any page of this website without our prior written consent. If you do create a link to a page of this website you do so at your own risk and the exclusions and limitations set out above will apply to your use of this website by linking to it.

Links from this website

We do not monitor or review the content of other party’s websites which are linked to from this website. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and should not be regarded as the publisher of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content, of these sites. We encourage our users to be aware when they leave our site & to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site yourself, before disclosing any personal information to them. This Company will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

Copyright Notice

Copyright and other relevant intellectual property rights exists on all text relating to the Company’s services and the full content of this website.

Communication

All rights reserved. All materials contained on this site are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published or broadcast without the prior written permission of Finance Magnates. You may not alter or remove any trademark, copyright or other notice from copies of the content. All information on this page is subject to change. The use of this website constitutes acceptance of our user agreement. Please read our privacy policy and legal disclaimer. Trading foreign exchange on margin carries a high level of risk and may not be suitable for all investors. The high degree of leverage can work against you as well as for you.Before deciding to trade foreign exchange you should carefully consider your investment objectives, level of experience and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. You should be aware of all the risks associated with foreign exchange trading and seek advice from an independent financial advisor if you have any doubts. Opinions expressed at Finance Magnates are those of the individual authors and do not necessarily represent the opinion of Fthe company or its management. Finance Magnates has not verified the accuracy or basis-in-fact of any claim or statement made by any independent author: errors and omissions might occur. Any opinions, news, research, analyses, prices or other information contained on this website, by Finance Magnates, its employees, partners or contributors, is provided as general market commentary and does not constitute investment advice. Finance Magnates will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information.

Force Majeure

Neither party shall be liable to the other for any failure to perform any obligation under any Agreement which is due to an event beyond the control of such party including but not limited to any Act of God, terrorism, war, Political insurgence, insurrection, riot, civil unrest, act of civil or military authority, uprising, earthquake, flood or any other natural or man made eventuality outside of our control, which causes the termination of an agreement or contract entered into, nor which could have been reasonably foreseen. Any Party affected by such event shall forthwith inform the other Party of the same and shall use all reasonable endeavours to comply with the terms and conditions of any Agreement contained herein.

Waiver

Failure of either Party to insist upon strict performance of any provision of this or any Agreement or the failure of either Party to exercise any right or remedy to which it, he or they are entitled hereunder shall not constitute a waiver thereof and shall not cause a diminution of the obligations under this or any Agreement. No waiver of any of the provisions of this or any Agreement shall be effective unless it is expressly stated to be such and signed by both Parties.

Notification of Changes

The Company reserves the right to change these conditions from time to time as it sees fit and your continued use of the site will signify your acceptance of any adjustment to these terms. If there are any changes to our privacy policy, we will announce that these changes have been made on our home page and on other key pages on our site. If there are any changes in how we use our site customers’ Personally Identifiable Information, notification by e-mail or postal mail will be made to those affected by this change. Any changes to our privacy policy will be posted on our web site 30 days prior to these changes taking place. You are therefore advised to re-read this statement on a regular basis.

These terms and conditions form part of the Agreement between the Client and ourselves. Your accessing of this website and/or undertaking of a booking or Agreement indicates your understanding, agreement to and acceptance, of the Disclaimer Notice and the full Terms and Conditions contained herein. Your statutory Consumer Rights are unaffected.

© Finance Magnates 2015 All Rights Reserved

Related:

  • No Related Posts

Privacy Please

EMC logo


Privacy is an American norm, but did you know it wasn’t an American law until 1977? The war to protect our image, our data and our humanity rages as hot as ever – now more digital than ever. In this episode, we’ll take a look at the mechanisms in place that preserve our autonomy.

For more on these stories go to delltechnologies.com/trailblazers. Please let us know what you think of the show by leaving us a rating or review in Apple Podcasts.



ENCLOSURE:http://tracking.feedpress.it/link/16581/8825671/7afbccfd.mp3?CID=311880

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Cyber Risk Quantification & Privacy II

EMC logo


In my previous blog about cyber risk quantification and privacy, I suggested that there is a role for assessing risk using cyber risk quantification and assessing risk from a privacy orientation.  Let me explain further.  Cyber risk quantification is hugely important to an organization!  Cyber risk quantification is used to answer these kinds of questions:

  • What would be the monetary impact on the organization, if it experienced a cyber breach?
  • How much, in monetary terms, is risk reduced if a particular control is implemented?
  • What’s the monetary value of implementing this control over that control?
  • How much cyber insurance should be purchased to cover the organization’s cyber risk (what should be the dollar limit of the insurance policy on a single and aggregate loss basis)?

These are extremely important questions that every organization needs to answer.  When these questions can be answered in monetary terms, it is much easier for executives and the board to prioritize the allocation of scarce human and capital resources in the management and transfer of risk.

Privacy laws change the orientation of risk assessment from the impact of a cyber incident on the organization to an assessment of how the cyber incident would impact an individual.  Originally, privacy laws were very prescriptive about the obligations to individuals, as can be seen in these two regulatory obligations:    

  • The Australian Privacy Principles state that an “entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorized access, modification or disclosure.”
  • Section 501 of the U.S. Gramm-Leach Bliley Act states that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information.

Contrast these rather prescriptive requirements with the EU General Data Protection Regulation, effective this May.

  • The EU-GDPR was designed to “protect [the] fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”

The EU General Data Protection Regulation broke from the older, more prescriptive, requirements of the Australian Privacy Principles and the U.S. GLBA, and expanded the scope to include “fundamental rights” of EU citizens.  In the United States, this would be analogous to equating GLBA with the Declaration of Independence, where you might end up with a privacy statement like “institutions have an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic personal information so as to not infringe upon the individual’s unalienable right to life, liberty, and the pursuit of happiness.”

As I said, The EU-GDPR was designed to “protect [the] fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”  There happen to be fifty fundamental rights identified in the Charter of Fundamental Rights of the European Union.   Not all 50 of these fundamental rights could be infringed by poor information security but a thorough risk assessment requires the assessor to evaluate the likelihood and impact that an information security incident could have on the individual’s fundamental rights.

The change in orientation from assessing the impact of a breach to the organization to one of assessing the impact on the individual ultimately influences an organization’s cyber risk appetite too.  An organization may have an appetite for $10 million in cyber breach-related costs but zero tolerance for an information security breach that could compromise the life and safety of employees.  Both risk appetite statements are perfectly logical. However, to assess the risk requires two different but complimentary approaches: Cyber Risk Quantification and Privacy Risk Assessment.


Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

GDPR – Marketer’s Nightmare or Springboard for Brand Loyalty?

EMC logo


With only two months to go until the May 25 deadline, news of the General Data Protection Regulation (GDPR) is everywhere. While companies scramble to implement strict internal policies and journalists fill their columns with dire warnings for non-compliance (monetary fines are up to four percent of annual global turnover), one aspect at the very heart of the upcoming regulation has been largely overshadowed – its impact on the customer.

man's hands with data illustration floating between

To get the most out of GDPR, companies need to think in terms of respect, not ramifications. As its name suggests, GDPR is by definition a regulation, and as such it is thought of by most as a punishment of sorts, to be adhered to or risk the consequences. But that perspective reflects what GDPR does, not what it is. At its core, GDPR is a protective measure, meant to rekindle trust in the modern consumer. There’s a “P” in its title for a reason.

A Brief History of Privacy Protection

Though largely characterized in the press as a sweeping new legislation, in point of fact GDPR is only the latest – albeit the most powerful and far-reaching – in a series of data protection regulation initiatives. To truly understand the intent of GDPR, we need to investigate the foundations on which its primary principles are built.

What many do not realize is that data protection regulation within the EU is over two decades old. Today’s EU data protection standard is spelled out by the 1995 Data Protection Directive (DPD), which, while well-meaning, lacked a unified level of commitment by EU privacy regulators. While some members such as Spain and Germany imposed strict privacy compliance requirements, others had few, if any. To a large extent, this left customers feeling vulnerable, to be used by companies as simply a means to an end. This proliferated a sense that there was a lack of respect on the part of companies toward their customers.

Basically, GDPR is DPD 2.0, giving the old regulations sharper teeth and greater reach in an effort to address the legitimate concerns and growing fears of an increasingly connected customer. It also enlarges its reach to include the needs of an expanding global market by seeking to promote “the improvement of corporate data transfer rules outside the European Union,” such as with companies residing in the United States. Taken this way, GDPR should not be viewed as a penalty imposed upon single-minded companies, but as a protective measure meant to safeguard the ever-expanding mountain of personal data brought to light by the proliferation of emerging technologies. After all, new methods call for new governance.

Respect is Earned, Not Enforced

The ways in which GDPR will require companies to make significant and often costly changes to the methods they use to acquire, store, analyze and use personal data have already been well documented. Some organizations have gone so far as to invest in a dedicated department to ensure internal compliance. This is the price the market demands for allowing us access to the information we need to gain a better understanding of our customer base. But companies who view GDPR as a gauntlet to be run are missing the big picture. GDPR was created for the simple reason that privacy is a delicate matter and, like any exercise in trust, it should be handled with care. Giving control of personal data back to the individual is simply the right thing to do.

Looked at from this perspective, GDPR becomes not so much about how we extract the data itself, but how we communicate with our customers. It is not only about regulating information, it is also about regulating emotions. Rather than highlight what we must do to avoid the penalties, we should emphasize our desire to protect our customers, who now have more choice on  how their personal data is collected and shared with us. The focus shifts from “doing to” our customers to “doing with” them. When we are transparent and respectful, we are effective.

Just as in implementing a solid CSR initiative (see my earlier two-part CSR series), companies with the foresight to view GDPR from the outside-in gain the power to transform this regulation from a collection of legal hurdles to be overcome into a golden opportunity to form a bond of trust with the customer and open new and potentially powerful channels of dialogue. In this way, GDPR turns from regulatory nightmare into stellar opportunity for customer engagement. If we must spend the money and allocate the resources to establish compliance, why not build a bridge between company and customer in doing so?

A recurring theme throughout my blogs involves the power shift within the customer/company relationship. Digitization has given customers greater control over how companies communicate, how they operate, even what raw materials and production methods they use. The advent of GDPR now gives them control over their own personal information as well. By being transparent in our approach to information gathering, customers see that we care about them, not just the data they represent. And to today’s hyper-connected customer, that makes all the difference.



ENCLOSURE:https://blog.dellemc.com/uploads/2018/03/Margaret-blog-March_1000x500.jpg

Update your feed preferences


   

   


   


   

submit to reddit
   

Related:

  • No Related Posts

Hyperledger Adds 14 New Members to Blockchain Consortium

In using this website you are deemed to have read and agreed to the following terms and conditions:

The following terminology applies to these Terms and Conditions, Privacy Statement and Disclaimer Notice and any or all Agreements: “Client”, “You” and “Your” refers to you, the person accessing this website and accepting the Company’s terms and conditions. “The Company”, “Ourselves”, “We” and “Us”, refers to our Company. “Party”, “Parties”, or “Us”, refers to both the Client and ourselves, or either the Client or ourselves. All terms refer to the offer, acceptance and consideration of payment necessary to undertake the process of our assistance to the Client in the most appropriate manner, whether by formal meetings of a fixed duration, or any other means, for the express purpose of meeting the Client’s needs in respect of provision of the Company’s stated services/products, in accordance with and subject to, prevailing English Law. Any use of the above terminology or other words in the singular, plural, capitalisation and/or he/she or they, are taken as interchangeable and therefore as referring to same.

Privacy Statement

We are committed to protecting your privacy. Authorized employees within the company on a need to know basis only use any information collected from individual customers. We constantly review our systems and data to ensure the best possible service to our customers. Parliament has created specific offences for unauthorised actions against computer systems and data. We will investigate any such actions with a view to prosecuting and/or taking civil proceedings to recover damages against those responsible.

Confidentiality

We are registered under the Data Protection Act 1998 and as such, any information concerning the Client and their respective Client Records may be passed to third parties. However, Client records are regarded as confidential and therefore will not be divulged to any third party, other than Finance Magnates, if legally required to do so to the appropriate authorities.

We will not sell, share, or rent your personal information to any third party or use your e-mail address for unsolicited mail. Any emails sent by this Company will only be in connection with the provision of agreed services and products.Disclaimer

Exclusions and LimitationsThe information on this web site is provided on an “as is” basis. To the fullest extent permitted by law, this Company:excludes all representations and warranties relating to this website and its contents or which is or may be provided by any affiliates or any other third party, including in relation to any inaccuracies or omissions in this website and/or the Company’s literature; andexcludes all liability for damages arising out of or in connection with your use of this website. This includes, without limitation, direct loss, loss of business or profits (whether or not the loss of such profits was foreseeable, arose in the normal course of things or you have advised this Company of the possibility of such potential loss), damage caused to your computer, computer software, systems and programs and the data thereon or any other direct or indirect, consequential and incidental damages.Finance Magnates does not however exclude liability for death or personal injury caused by its negligence. The above exclusions and limitations apply only to the extent permitted by law. None of your statutory rights as a consumer are affected.

Log Files

We use IP addresses to analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. Additionally, for systems administration, detecting usage patterns and troubleshooting purposes, our web servers automatically log standard access information including browser type, access times/open mail, URL requested, and referral URL. This information is not shared with third parties and is used only within this Company on a need-to-know basis. Any individually identifiable information related to this data will never be used in any way different to that stated above without your explicit permission.

Cookies

Like most interactive web sites this Company’s website [or ISP] uses cookies to enable us to retrieve user details for each visit. Cookies are used in some areas of our site to enable the functionality of this area and ease of use for those people visiting.

Links to this website

You may not create a link to any page of this website without our prior written consent. If you do create a link to a page of this website you do so at your own risk and the exclusions and limitations set out above will apply to your use of this website by linking to it.

Links from this website

We do not monitor or review the content of other party’s websites which are linked to from this website. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and should not be regarded as the publisher of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content, of these sites. We encourage our users to be aware when they leave our site & to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site yourself, before disclosing any personal information to them. This Company will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

Copyright Notice

Copyright and other relevant intellectual property rights exists on all text relating to the Company’s services and the full content of this website.

Communication

All rights reserved. All materials contained on this site are protected by United States copyright law and may not be reproduced, distributed, transmitted, displayed, published or broadcast without the prior written permission of Finance Magnates. You may not alter or remove any trademark, copyright or other notice from copies of the content. All information on this page is subject to change. The use of this website constitutes acceptance of our user agreement. Please read our privacy policy and legal disclaimer. Trading foreign exchange on margin carries a high level of risk and may not be suitable for all investors. The high degree of leverage can work against you as well as for you.Before deciding to trade foreign exchange you should carefully consider your investment objectives, level of experience and risk appetite. The possibility exists that you could sustain a loss of some or all of your initial investment and therefore you should not invest money that you cannot afford to lose. You should be aware of all the risks associated with foreign exchange trading and seek advice from an independent financial advisor if you have any doubts. Opinions expressed at Finance Magnates are those of the individual authors and do not necessarily represent the opinion of Fthe company or its management. Finance Magnates has not verified the accuracy or basis-in-fact of any claim or statement made by any independent author: errors and omissions might occur. Any opinions, news, research, analyses, prices or other information contained on this website, by Finance Magnates, its employees, partners or contributors, is provided as general market commentary and does not constitute investment advice. Finance Magnates will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information.

Force Majeure

Neither party shall be liable to the other for any failure to perform any obligation under any Agreement which is due to an event beyond the control of such party including but not limited to any Act of God, terrorism, war, Political insurgence, insurrection, riot, civil unrest, act of civil or military authority, uprising, earthquake, flood or any other natural or man made eventuality outside of our control, which causes the termination of an agreement or contract entered into, nor which could have been reasonably foreseen. Any Party affected by such event shall forthwith inform the other Party of the same and shall use all reasonable endeavours to comply with the terms and conditions of any Agreement contained herein.

Waiver

Failure of either Party to insist upon strict performance of any provision of this or any Agreement or the failure of either Party to exercise any right or remedy to which it, he or they are entitled hereunder shall not constitute a waiver thereof and shall not cause a diminution of the obligations under this or any Agreement. No waiver of any of the provisions of this or any Agreement shall be effective unless it is expressly stated to be such and signed by both Parties.

Notification of Changes

The Company reserves the right to change these conditions from time to time as it sees fit and your continued use of the site will signify your acceptance of any adjustment to these terms. If there are any changes to our privacy policy, we will announce that these changes have been made on our home page and on other key pages on our site. If there are any changes in how we use our site customers’ Personally Identifiable Information, notification by e-mail or postal mail will be made to those affected by this change. Any changes to our privacy policy will be posted on our web site 30 days prior to these changes taking place. You are therefore advised to re-read this statement on a regular basis.

These terms and conditions form part of the Agreement between the Client and ourselves. Your accessing of this website and/or undertaking of a booking or Agreement indicates your understanding, agreement to and acceptance, of the Disclaimer Notice and the full Terms and Conditions contained herein. Your statutory Consumer Rights are unaffected.

© Finance Magnates 2015 All Rights Reserved

Related:

  • No Related Posts