Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-8448b6f56d-42gr6 Total loading time: 0 Render date: 2024-04-24T15:38:46.697Z Has data issue: false hasContentIssue false
This chapter is part of a book that is no longer available to purchase from Cambridge Core

24 - Data security and privacy

from PART V - DATA MANAGEMENT TECHNOLOGIES

By
Michael J. McCabe
Edited by
Margarita S. Brose ,
Mark D. Flood ,
Dilip Krishna  and
Bill Nichols
Michael J. McCabe
Affiliation:
Deloitte Financial Advisory Services LLP
Dilip Krishna
Affiliation:
Deloitte & Touche, LLP
Get access

Summary

Introduction

Data security and privacy in the financial industry is a complex topic impacted by a number of state and federal laws. This chapter will review the landscape with a focus largely on the US regulatory environment. Where appropriate the non-US environment will be covered. A survey of state and federal laws is an ongoing project with evolution of the statutes and their interpretation a basic reality. Two concepts are addressed: data security and privacy. Data security is focused on the need to keep information secure and safeguarded. It addresses the question and methods of how to keep information protected from unauthorized access and misuse. Privacy, in contrast, is a discussion of the rights and limitations associated with the collection, use, maintenance and lifecycle of personal information. Any discussion of privacy needs to address what can be kept from individuals other than the owner and what cannot. Privacy has its roots in the concept of “the right of the individual to be let alone.” Through a long history of cases the US courts have recognized the individual's constitutional right to privacy. While this does not necessarily extend to financial information, starting in the 1970s laws were adopted to protect the privacy of information. Interestingly, the USA takes the approach of specific laws governing specific data questions instead of broad encompassing rules. Typically the USA has addressed concerns through specific laws and regulations. This is in contrast to the EU where a broad directive provides the basis for protection.

Type
Chapter
Information
Handbook of Financial Data and Risk Information II
Software and Data
 , pp. 356 - 380
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Council Directive 95/46 of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, 1995, Official Journal of the European Communities, (L281) 31.
Holtzman, D., 2006, Privacy Lost: How Technology is Endangering Your Privacy, Wiley.Google Scholar
International Organization for Standardization (ISO), 2005, ISO/IEC 27002:2005 Information Technology – Security Techniques – Code of Practice for Information Security Management.
National Institute of Standards and Technology (NIST), 2004, Standards for Security Categorization Federal Information and Information Systems, Federal Information Processing Standards Publication (FIPS), Publication 199.
National Institute of Standards and Technology (NIST), 2006, Minimum Security Requirements for Federal Information and Information Systems, Federal Information Processing Standards Publication (FIPS), Publication 200.
National Institute of Standards and Technology (NIST), 2009, Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations.
PC World Business Center, 2012, Cost of Data Breaches Falls for First Time in Seven Years, March 20.
Salomon, D., 2003, Data Privacy and Security, Springer-Verlag.CrossRefGoogle Scholar
Schwartz, P. and D., Solove, Smith, E., 2012, Compilation of State and Federal Privacy Laws with 2012 Supplement, Privacy Journal.Google Scholar
Solove, D., 2008, Understanding Privacy, Harvard University Press.Google Scholar
Solove, D., 2011, Nothing to Hide: The False Tradeoff between Privacy and Security, Yale University Press.Google Scholar
Soma, J. and S., Rynerson, 2008, Privacy Law in a Nutshell, Thomson/West.Google Scholar
Trcek, D., 2006, Managing Information Systems Security and Privacy, Springer-Verlag.Google Scholar

Save book to Kindle

To save this book to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×