At a glance.
- AFA warns financial advisers that client data is at high risk for theft.
- Canadians would like to be more forgettable.
- India scraps its data privacy bill.
AFA warns financial advisers that client data is at high risk for theft.
Australia’s Association of Financial Advisers (AFA) hosted a webinar in which AFA national chair Ashley Mahadeea warned advisers of the growing risk of being targeted by cyberattacks. Mahadeea explained, “Financial advice firms are 300x more likely to be hacked than other firms, it’s a valuable treasure chest of information. Clients give so much information because they trust the adviser to look after it and that would be very valuable for a hacker.” Money Management explains that client data are hot commodities for cybercriminals seeking to use the info for gambling or drug syndicates or even tax fraud. Fraser Jack, founder of the Cyber Collective Australia, offered recommendations on what advisers should do if they discover that client data has fallen into the wrong hands. “Number one, they are obligated to let their clients know that their information has been taken, especially if i’s credentials so they can update their passwords and protect them,” Jack stated. “Then there’s reporting obligations for breaches within the Corporations Act that’s about notifying their licensee and reporting obligations for other government agencies.” Firms would do well to follow all required protocols on responsible reporting of data breaches, as failure to do so could lead to fines as high as $525 million, not to mention litigation costs. Jack says the price of staying up-to-speed on cybersecurity protections and reporting pale in comparison: “The cost of putting something like this in place is less than 1% of their turnover and less than 1% of their time so it’s not a big cost to implement. The stakes are too high, the chances of it happening are very high and the cost to fix it is reasonably low.”
Canadians would like to be more forgettable. (Us too, sometimes.)
CTVNews reports that a survey commissioned by cybersecurity and VPN provider NordVPN has found that 36% of Canadians wish they could completely wipe their data from the internet. The study involved 10,800 participants from eleven countries, including one thousand Canadians, and at 60%, Canada had the largest percentage of respondents who wanted their financial information deleted. Canucks also said they wished to erase undesirable photos, dating and social media profiles, and previous employment history. Digital privacy activists have been urging Canadian lawmakers to affirm citizens’ "right to be forgotten,” and last year during a case involving a man who asked Google to de-index articles linked to searches of his name, a federal judge made a landmark ruling that Google search results fall under Canada's privacy laws. In a press release, NordVPN digital privacy expert Daniel Markuson commented on the study’s findings: “While removing yourself from the internet sounds like a good idea for those concerned with having their personal information exposed to the wrong entities, you have to ask yourself if wiping the slate totally clean is even possible in our digital-dominant world.”
India scraps its data privacy bill.
A work in progress since its introduction in 2019, India's Personal Data Protection Bill has been withdrawn, the Register reports. The government says it's working on a new alternative to what was to have been India's version of Europe's GDPR. Ilia Kolochenko, Founder of ImmuniWeb and a member of the Europol Data Protection Experts Network wrote to observe that extraneous events (economic crises, the pandemic, etc.) have made it difficult to implement certain forms of sweeping legislation:
“Fostered by the success of GDPR, many countries around the globe started implementing national legislation to protect the personal data of their residents. Brazil, South Africa and some states in the US may serve as good examples of GDPR-inspired legislation. The sudden pandemic, however, stringently halted implementations of new privacy legislation in many other countries, as lawmakers and governments were struggling with unprecedented emergencies.
"Today, amid the unfolding economic slowdown, we should expect more efforts aimed to rescue economies, while postponing privacy protection for later. The Personal Data Protection Bill, if implemented, would likely have caused considerable financial hardship for technology companies and other businesses across the country. Proper enforcement and policing of its provisions across the country would likely also be cost-prohibitive. Thus, the decision of the Indian government is, of course, regrettable but is perfectly understandable if regarded through the prism of economic well-being of the country amid the economic turbulence.”