Privacy Research    Finance

40 Years of Experience with the Fair Credit Reporting Act

This report gives a brief overview of the FTC’s role in the enforcement and the interpretation of FCRA, followed by an FTC Staff Summary of Interpretations of the FCRA in a section-by-section format. It was created in 2011 to assist the CFPB as it took on many of the interpretive functions of FCRA.

ICO Data Breach Trends Study

This web page shows data breach incidents by incident type and sector for the year beginning April 1 to track trends.The UK Information Commissioner’s Office will update the data quarterly.

2013 Cyber Security Forecast

In this paper, Kroll outlines the top four cybersecurity concerns organizations that may blindside organizations in 2013.

Evolution of a Prototype Financial Privacy Notice

Six of the federal agencies that enforce the Gramm-Leach-Bliley Act initiated a project to explore the development of paper-based, alternative financial privacy notices—or components of notices—that are easier for consumers to understand and use. This report presents the research-based rationale for a “prototype” privacy notice iteratively designed over the course of the project. It discusses the methodology used for the qualitative research; presents the findings and analysis from eight test sites; describes the evolution of the prototype through a 16-month iterative process, and outlines key themes that contribute to the success of the project and to the clarity and usability of the prototype. (2006)

Evaluating Privacy Impact Assessments

This article by Kush Wadhwa and Rowena Rodrigues first outlines the evaluation criteria established under the EU Privacy Impact Assessment Framework project and attempts to find the best means of extending their application to help assess PIAs, based on good practice.

The Insider Threat: Why Chinese hacking may be the least of corporate worries

In this paper, Kroll offers real life examples of breach incidents involving insider threats to businesses, identifying steps companies can take to reduce their risk.

Study on Data Collection and Storage in the EU

The overall objective of this ENISA study is to serve as a starting point for a pan-European view on the rules relating to the collection and storage of personal data in the European Union and on their implementation in Member States legislation.

Managing Customer Data Privacy: Issues, perspectives and possibilities for 2013 and beyond

This whitepaper from UnboundID aims to address questions and concerns about the privacy of personal information that have been raised by the emergence of the “Identity Economy.”

2013 Verizon Data Breach Investigation Report

The 2013 Data Breach Investigations Report analyzes more than 47,000 reported security incidents and 621 confirmed data breaches from 2012 and brings to bear the perspective of 19 global organizations on studying and combating data breaches in the modern world.

The Right To Be Forgotten—Between Expectations and Practice

This paper complements two other recent ENISA publications in this area and focuses on the technical means to enforce or support the right to be forgotten in information systems; “there are technical limitations and there is a further need for clear definitions and legal clarifications.” In this paper ENISA reviews relevant existing technology and identifies the technical limitations and challenges to enforcement as well as the need for additional definitions and legal clarifications.

The Pursuit of Privacy in a World Where Information Control is Failing

This article by Adam Thierer and originally published in the Harvard Journal of Law and Public Policy focuses on privacy rights in relation to private enterprise and suggests that expanded regulation is not the most constructive way to ensure greater online privacy. The article introduces the notion that “Legislative and regulatory efforts aimed at protecting privacy must now be seen as an increasingly intractable information control problem.”

The economic cost of publicly announced information security breaches

This 2003 study by Katherine Campbell, Lawrence Gordon, Martin Loeb and Lei Zhou of the University of Maryland examines the economic effect of information security breaches reported in newspapers on publicly traded U.S. corporations.

Privacy Risk Management: Building privacy protection into a Risk Management Framework

This paper from the Information & Privacy Commissioner of Ontario and co-authored by Dan Ruch, Monica Merrifield, Fariba Anderson and Jeff Kirke introduces the concept of Privacy Risk Management. It begins by examining characteristics indicative of an organization’s privacy and risk management maturity. Identifying the growing significance of privacy risk, it describes the manner in which Privacy by Design may be integrated within an organization’s existing risk management process.

Whitepaper series on the proposed EU Data Protection Regulation

This series of three whitepapers by the Future of Privacy Forum addresses some key components of the proposed EU data protection Regulation, namely the costs and paradoxes of explicit consent; the definition of personal data, and jurisdiction and applicable law under the EU general data protection regulation.

Privacy trends 2013: The uphill climb continues

This report by Ernst & Young details privacy’s increasing effect on businesses in the new year and highlights three primary categories that the firm predicts will shape the new privacy era: governance, technology and regulation. It also calls on organizations and regulators to work together to shape privacy within the digital landscape and to “appreciate the governance role they must play in safeguarding personal information.”

Page 3 of 7 pages  < 1 2 3 4 5 >  Last ›