GDPR is triggered to benefit both citizens and businesses by streamlining the digital landscape. GDPR applies to any corporation that operates within the EU, and that offers goods or services to consumers. GDPR states that every major corporation should ensure strict and legitimate surveillance during the collection of personal information such as the names, addresses, and photos. The responsible data collectors are obliged to protect it from any form of misuse and exploitation. GDPR further expands the clarity of personal data to sensitive information such as IP address, genetic and biometric data.<h2 id="the-need-for-gdpr">The Need for GDPR</h2>The European Union is obliged to ensure every individual is permitted to respect his privacy and family life. As a result of the radical technological advancement, the European regulators were prompted to strengthen both business? and individuals' fundamental rights. In April 2016, the European Parliament substituted the dated data protection directive and adopted the GDPR.The regulation required all European Union members to comply contrary to the dated directive, which advocated for each of the twenty-eight countries to take a customized law that would fit its citizens.However, this didn't imply that they were pulling down the directive, but it was irrelevant in today's digital age. It failed to discourse how data should be stored and conveyed in this digital era. The enactment of GDPR highlighted two significant protective rights, the right of erasure for an individual who doesn?t want his data out there, and the right of portability, which calls for clear and precise opt-in/opt-out notices for users.<h2 id="key-legislative-points">Key Legislative Points</h2>At the core of GDPR are seven fundamental principles that are laid out in <a href="https://advisera.com/eugdpracademy/gdpr/principles-relating-to-processing-of-personal-data/">Article 5</a> of the legislation. The full version of the seven principles entails a detailed regulation, as discussed below.1. Lawfulness, fairness, and transparencyIt conditions that organizations should give clear notice of what the concept is all about. It further says that the data subject must precisely know what the organization intends to do with their information and who is obliged to access it.2. Purpose limitationOrganizations should provide a specific and legitimate purpose for collecting an individual?s personal information. Moreover, it should affirm that the data will only be used for the stipulated intentions unless the client has provided explicit consent.3. Data minimizationThis means organizations should store the slightest and relevant data and should provide a justification for the stored information.4. AccuracyOrganizations should regularly amend the outdated contacts, and Individuals are permitted to request the erasure of inaccurate data. The organization is expected to comply with such requests in 30 days.5. Storage limitationThis principle conditions that personal data should be stored in a form that allows a flawless identification. Therefore, organizations are required to have a customized review process for cleansing the old databases.6. Integrity and ConfidentialityThe organization must implement an efficient system that protects the identity of its clients from both internal and external threats such as malware menaces and accidental loss of information.7. AccountabilityThe legislation requires profound documentation of all policies that an organization has taken to validate its adherence to the GDPR.<h2 id="notable-honest-mistakes-and-prosecutions-for-violation">Notable Honest Mistakes and Prosecutions for Violation</h2>Infringement to the GDPR has heavy penalties that escalate to ?20 million or 4% of global annual income depending on whichever is higher. The steepness of the fines depends on the GDPR law that the organization has breached. For instance, violation of the data security is subject to lower fines, whereas a breach of privacy rights is subjected to higher penalties. The GDPR fines are discretionary and are imposed depending on the following.? Nature, gravity and the time frame that the violation has lasted? The deliberate or accidental character of the violation? The action an organization took to reduce the damage suffered by clients.? The security measures that have been implemented by the organization? Whether the organization has any previous GDPR infringement? Whether the organization notified the supervisory authoritiesHowever, there is a multitude of unscrupulous companies that make money by writing off-fines and abusing peoples? data. GDPR design is made to tackle that kind of data abuse and not honest organization mistakes. In such a scenario, the organization should prove its compliance with GDPR together with all the steps it has implemented to do so.For example, Google tops the list of the biggest GDPR fines and data breaches. The NCIL (National Commission on Informatics) on January 21st, 2019 imposed a <a href="https://enterprisetalk.com/featured/the-biggest-data-breaches-and-gdpr-fines-google-tops-the-list/">50 million Euros fine on Google</a>. This was due to the violation of the lawfulness of processing, provision of information where there is no collection of personal data from the subject, processing data principles, and provision of information with a collection of personal data from the subject.Another large fine was on <a href="https://www.cpomagazine.com/data-protection/gdprs-big-moment-has-just-arrived-with-a-228-million-data-breach-fine/">British Airways</a> where they faced a fine of 183 million Euros. This was due to a data breach that was disclosed by the organization in 2018 September. It occurred when British Airways users were redirected to a counterfeit site which caused a breach of around 500, 000 users? data.<h2 id="how-brands-are-now-being-compliant">How Brands Are Now Being Compliant</h2>Businesses have initiated various mitigation measures to avoid getting struck by the GDPR. They have embraced the following aspects to bring about higher transparency.1. Creation of a Data Breach Incident Response PlanThe majority of companies have put place some form of a plan to enact in case of a data breach. A well-structured data response team can minimize any damage that may result in the company being penalized.2. Hiring A Data Protection OfficerTo bring in higher transparency, companies have now endorsed the GDPR requirement of hiring a DPO. The DPOs? are obliged to ensure compliance by monitoring the company?s data protection strategy. Additionally, they are accountable for educating the employees about data processing and conducting security audits.3. Relevant ContentCompanies are now customizing their content by updating the old records. According to Article 30 of GDPR, the furnished content should include the incurred risks and how the organization has curbed those risks.4. Opt-in campaignsBusinesses are Initiating campaigns to re-engage the customer database and to avail the needed opt-ins from the audience. They usually do so by announcing incentives to opt-in to receive your emails. This reinforces the communication process with the clients.<h2 id="gdpr-checklist">GDPR Checklist</h2>Since GDPR is an ongoing process that requires a blend of multiple factors, it is almost impossible to complete it. Understanding the GDPR checklist requires an individual to know the <a href="https://gdpr.eu/what-is-gdpr/">basic structure and terminologies</a> of the law. However, if you have not taken the necessary measure to comply, discussed below is a distillation of everything that you need to achieve GDPR adherence.? Management and Accountability? Your organization appoint a DPO (Data Protection Officer)? Appoint representatives from one of the EU members if your organization is outside the European Union? Awareness creation on GDPR guidelines among the decision-makers? Stuff training on data protection awareness? Ensure that the technical security is updated? Sign data processing agreements between third parties that process personal data on behalf, and your company? Create a GDPR Adherence Project? Appoint a project manager? If necessary appoint a data protection officer? Focus on the standards that will assist with a framework on compliance priorities establishment? In your planning, consider <a href="https://www.itgovernance.co.uk/eu-gdpr-uk-dpa-2018-uk-gdpr">Brexit implications</a>? Conduct assessments on the incorporation of design and default data protection? Data Security? Ensure the availability of an <a href="https://www.itgovernance.co.uk/blog/what-is-an-information-security-policy">information security policy</a>? Where appropriate, use pseudonymization, anonymization, and encryption? Establish basic technical control like that implemented framework such as cyber essentials? Implement procedures and policies to detect, investigate, and report the personal data breach? Privacy Rights? Customers can easily access or request and receive their personal information? Customers can request deletion of their data easily? Customers can correct or update their data easily for accuracy purposes? Customers can easily object to you or stop you from processing their personal informationGenerally, GDPR is a very set of regulations and any organization?s approach to its compliance is very unique. The organization should work together with its advisor in the determination of how best to comply with the GDPR requirement lists.<h2 id="how-gdpr-affects-you-even-if-you-do-not-do-business-in-europe">How GDPR Affects You Even If You Do Not Do Business In Europe</h2>The main aim of GDPR is the protection of data from EU residents and citizens. The organizations that handle this kind of data are controlled by the law whether they?re EU-based or not. It?s known as an ?extra-territorial effect?.GDPR in <a href="https://gdpr.eu/article-3-requirements-of-handling-personal-data-of-subjects-in-the-union/">article 3</a>, 3.1, spells out that it applies to the organizations based in the EU even when the data is used or stored outside the EU. The law in article 3.2 is applied to the organizations outside the EU if they meet these two conditions:? The organizations offer goods and services to the EU citizens? The organizations monitor the online behaviors of the peopleThe GDPR laws have conditioned organizations to change how they store and protect their customers' data. Since all of the regulations laid apply to any business that interacts with EU citizens, the GDPR affects any non-EU company that carries out business with EU citizens. This legislation has had a widespread impact across different industries and has had some unexpected and expected results. It is strongly recommended to consult an attorney to ensure your organization is GDPR compliant.Offering Goods and ServicesYou should strive to be GDPR compliant if you offer services to EU customers but your organization/company isn?t in the EU. Goods and services in far markets can be made accessible anywhere across the world through the internet. You can order a product or a particular service and have it delivered to your place.GDPR tends not to apply for the occasional instances but the regulators, however, tend to find other clues in the determination of whether the company set out to offer goods or services to EU citizens. They focus on things like, for instance, a Canadian organization added pricing in Euros in their websites or designed ads in Germany.Monitoring the Online Behavior of PeopleYou are in the scope of GDPR if your company uses web tools that enable you in tracking the IP addresses or cookies of individuals visiting your website from the European Union countries. For instance, if you run golf courses in Manitoba exclusively focused on your local place, but people in France stumble across your site more often, you be held accountable for tracking that data.

Geoffrey M.

Global Data Protection Regulation

Premium reporting on technology, startups, VC funding, and software from Techfastly tagged with Business. Read about trends and strategies for Business.

Business

How to Use TikTok for Business?

From the previous decades up to the early 2000s, international development was to be <a href="https://www.vox.com/future-perfect/2019/1/15/18182167/microcredit-microfinance-poverty-grameen-bank-yunus">propelled by microloans</a>. The objective was to lend small loans to individuals in developing countries to assist them in developing and also expanding their small businesses hence kicking poverty out of their families. Profits from the returned loans would then be used to lend to more individuals aiming at a very large number of families to do away with poverty.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image002.jpg" class="kg-image" alt loading="lazy"></figure>Many microfinance lending organizations began at those times. Very many organizations started to offer loans as potential donors and investors supplied funds to microcredit. By the end of 2013, there was a rise in the number of borrowers to more than 200 million. Accion US Network is an example of one such institution in the US. It is the largest nonprofit microfinance network in the US and works with people to help them grow their business. <h2 id="what-is-microcredit">What Is Microcredit?</h2>Microcredit is an extension of small loans to poor individuals who lack steady, verifiable, or collateral employment or credit history. In the US, it is generally for loans less than $50,000 to entrepreneurs who cannot borrow from a bank. It was designed to alleviate poverty by promoting entrepreneurship. Many of the beneficiaries of microcredits are illiterate individuals who lack the capacity and paper competence needed in the application of conventional loans.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image004.jpg" class="kg-image" alt loading="lazy"></figure>Microfinance is deemed to be part of <a href="https://www.investopedia.com/articles/07/microfinance.asp">microfinance</a>, although many times they are used interchangeably. It provides a variety of financial services, such as savings accounts for poor individuals.<h2 id="successful-examples-">Successful Examples:</h2>In 2009, an estimated 75 million individuals benefited from microloans that totaled to around US$38 billion. The repayment success rate ranges between 95%-98%, according to the <a href="https://en.wikipedia.org/wiki/Grameen_Bank">Grameen Bank</a> in Bangladesh in the early 1980s. A study found that more than half of US loan recipients escaped poverty in 5 years.Here are some of the successful most influential and largest microfinance institutions today:<h3 id="kiva">Kiva</h3>Kiva is a non-profit microfinance institution operating in the U.S and other 85+ global countries. It is headquartered in San Francisco and was founded in 2005. It uses <a href="https://www.investopedia.com/terms/c/crowdfunding.asp">crowd-funding mechanisms</a> and peer-to-peer methods of lending.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image008.jpg" class="kg-image" alt loading="lazy"></figure>It allows persons to directly lend to borrowers in other nations who don?t have access to the traditional financing sources. Financing for health services, education, and small businesses are interest-free.<a href="https://www.kiva.org/"> Kiva</a> has extended over $1.5 billion microloans to more than 3 billion borrowers in 2020. This platform has around 2 million borrowers and about 1.8 million lenders.<h3 id="grameen-bank">Grameen Bank</h3><a href="http://www.grameen.com/">Grameen Bank</a> is considered to be the origin of the modern microcredit then other banks introduced it despite the initial misgivings. The year 2005 was declared the International year of microcredit by the United Nations. By 2012, microcredit became very common in developing nations. It was presented as an enormous tool of poverty alleviation with a focus on feminization poverty.The bank utilized a form of peer group pressure that helped in ensuring every individual was fiscally responsible. The borrowers were supposed to be groups of fives with the other community members who also needed loans.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image010.jpg" class="kg-image" alt loading="lazy"></figure>The groups capitalized on ideas of social capital and the notion that the communities have behavioral modes, networks, and links that would encourage individuals to repay their loans.Generally, the loans were sequentially issued and had a weekly or biweekly repayment period with very low rates as possible. In 2006, Grameen Bank and <a href="https://www.investopedia.com/terms/m/muhammad-yunus.asp">Muhammad Yunus</a>, the founder, were awarded the Nobel Peace Prize for pioneering in that microcredit work.Currently, there are more than 7000 microcredit institutions globally lend around $2.7 billion to borrowers more than 17 million.<h3 id="brac">Brac</h3>It is another Microfinance Institution founded in Bangladesh in 1972. The institution offers a variety of services in different niches including education, human rights, economic development, and health.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image012.jpg" class="kg-image" alt loading="lazy"></figure>Micro savings services, housing assistance, grants, and small business loans are some of the services provided. <a href="http://www.brac.net/">Brac</a> is known to operate in many developing nations, from Haiti, Myanmar to the Philippines. It has more than 7 million borrowers, and in 2020 its gross portfolio profit has hit over $4 billion.<h3 id="accion-us-network">Accion US Network</h3><a href="https://www.accion.org/clients/accion-microfinance-bank">Accion</a> is an American nonprofit microfinance organization headquartered in New York. It is the largest and only national microfinance network in the US. Its mission is to give people the necessary financial tools they need to create or grow a successful business. It has made nearly 50,000 loans totaling over $450 million as of January 2014. It also lends over $3.7 million to small businesses a month. 97% of businesses remained open one year after receiving a loan from Accion despite challenging economic times.<h3 id="bank-rakyat-indonesia-bri-">Bank Rakyat Indonesia (BRI)</h3>This is the oldest Indonesian Bank founded in Jakarta in 1896. It is established to be one of the largest financial institutions in Indonesia, primarily operating in small-scale and as a microloans lender. <a href="https://bri.co.id/">This bank</a> is majorly owned by the government and has over 30 million clients doing business with the bank through its rural services posts and thousands of branches across South East Asia.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image014.jpg" class="kg-image" alt loading="lazy"></figure><h2 id="challenges-despite-success">Challenges Despite Success</h2>Microfinance faces operational, strategic, compliance, and operational risks, just like any other industry. There?re risks such as over-indebtedness according to the nature of the markets in which these micro-finance institutions operate that are very inherent and more prevalent to microfinance.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image016.jpg" class="kg-image" alt loading="lazy"></figure>Despite the way microfinance is excessively hyped, it does not provide a cure to poverty, but stable job opportunities do. In the journey to help the poor, the focus should not be investing in microfinance but supporting the labor-intensive large industries.A comprehensive study concluded that microloan tends to be more beneficial to the individuals above the poverty line because they are more willing to invest in new technologies that will generate income as compared to the individuals below the poverty line. These individuals only tend to secure a conservative loan that protects their subsistence, and they don't invest in fixed capital, new technologies, or hiring of the labor force.Another study in India about the limitation of entrepreneurship by credit constraints found that there are significant benefits among the ?gung-ho entrepreneurs? (individuals who established businesses before microfinance wave). The effects are unsatisfying to those who had no previous businesses (reluctant entrepreneurs).Model technology choices can generate dynamics matching the ones observed in the data in which the reluctant entrepreneurs only access a diminishing returns technology. In contrast, the gung-ho entrepreneurs can access to high fixed costs technology but with high returns.The chief executive of Basix, Vijay Mahajan, observed that microloans reduce the flow of cash to the poor, and even they do more harm than good due to the high-interest rates charged by some microcredit institutions. If the clients don?t earn higher returns on their investments than the set interests to be paid, then they will just become poor, not wealthier due to microcredit.<h2 id="failure-of-microcredit-in-south-africa">Failure of Microcredit in South Africa</h2>The international development community rushed to South Africa immediately after the end of the apartheid in 1994 to promote the microfinance model. They proclaimed that it would bring new dignity, incomes, jobs, and empowerment to the impoverished South Africans with high expectations of rapid progress.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image018.jpg" class="kg-image" alt loading="lazy"></figure>http://ignatianeconomics.blogspot.com/The result of this market-driven microcredit introduced to post-apartheid South Africa was destructive. It has caused severe damage to the South African society and the economy at large despite being lauded too much.Many investors have left that bloated microfinance sector as it is about to collapse, as argued by many users. The problems induced in the microcredit sector in South Africa were of two forms:First, it is an anti-developmental intervention, meaning that it supports the small scale income generating ideas, but in practice, it supports consumption spending. Its impact on South Africa is that it created a costly and risky way in support of the immediate consumption needs of the poor. There are very few poor people who can repay the microloans using their secure income streams, resulting in very high unemployment rates than it was before the apartheid period.The other major problem with the South African microcredit is the aspect of extensive commercialization. It was introduced in the microcredit sector globally to boost its financial sustainability. It?s estimated that about 40% of the workforce in South Africa is spent on debt repayments.The impoverished South Africans are now trapped in micro debts of unimaginable proportions. The individuals now realize that the objective of these private microfinance institutions wasn?t to help them uplift their lives out of poverty but to reap as much value from them within a short period before getting lost to other business fields.The South African microcredit models and supports have been discredited widely just like their counterparts in other parts of the world. It will be a very difficult task to alleviate the poor from the microcredit sector owing that the country even with the post-apartheid government, has official sanctions of exploiting the most bankrupt black communities.<h2 id="there-is-no-one-size-fits-all-solution">There is No One Size Fits All Solution</h2>In the microfinance sector, there is no one size fits all approaches in the promotion of poverty reduction, empowerment, and development. Practitioners of microfinance need to develop structured approaches on how their target beneficiaries may utilize the services designed to the demographic of the society.<figure class="kg-card kg-image-card"><img src="file:///C:/Users/8460P/AppData/Local/Temp/msohtmlclip1/01/clip_image020.jpg" class="kg-image" alt loading="lazy"></figure>A creative approach should be adopted that meets the financial service needs of the low-income community segments and the poor. Policies that provide the freedom to set payment conditions and terms for various borrowers are more beneficial to income-generating activities and businesses.The borrowers may be more financially empowered and disciplined by tailor fitting the repayment schemes to specific situations. It also reduces the risks of a borrower defaulting on their loan.Communities and practitioners should possess the virtue of saying no, particularly on conditions and terms that will negatively affect a person's ability to repay their loan, whether long or short-term.Erase the misunderstanding, learn the trade! According to Youngquist, a world vision official, addressing the misconceptions in such a manner that microfinance is perceived as an integrated social-developmental tool as it's supposed to be is a very good starting step. Microfinance implementation isn?t for all. The best avenue for success and real opportunities are offered by the development practitioners who have partnered with established microfinance service providers.Microcredit isn?t? a cure-all and a panacea intervention. Money alone can?t solve all the problems within a household or the community at large.

Premium reporting on technology, startups, VC funding, and software from Techfastly tagged with banking. Read about trends and strategies for banking.

Banking

Microcredit - Loose Change for Real Change.

PIPEDA is a Canadian law on <a href="https://en.wikipedia.org/wiki/Data_privacy">data privacy</a> that was implemented in 2004 to govern how a private-sector organization may collect or use or disclose personal info in commercial business. Compliance with the PIPEDA is critical for a private sector organization operating in Canada.<h2 id="what-was-the-need-for-pipeda">What Was The Need For PIPEDA?</h2>The purpose of the PIPEDA act is to establish an epoch where technology is mainly used in the exchange and circulation of information, rules governing the collection uses, and the disclosure of private data in a way that recognizes the rights of individuals? privacy concerning their <a href="https://en.wikipedia.org/wiki/Personal_data">personal information</a> and also the need of an organization to collect, use, and disclose information for purposes that a reasonable individual can consider appropriate in that particular situation.Personal information protection and electronic documents were established to ensure that the personal information of every individual is protected. The information includes:? Names, age, origin, ethnic, income, and blood type? Credit records, medical records, and employment history? Comments, evaluation, disciplinary actions, social status, and opinionsThis doesn?t include data like title, name, telephone numbers, or business addresses of an employee of a certain organization.<h2 id="obligations-of-a-corporation-under-pipeda">Obligations of a Corporation Under PIPEDA</h2>The PIPEDA principles are critical for any organization that relies on the trust of the community, clients, and also donors. A stronger relationship with your clients is established if your organization has a sound privacy policy.The trust is great if you take the appropriate measures to protect the information of the client. They will also have potential loyalty with your organization.The following are the requirements that a business must ensure as under the draft federal regulations.? Appoint a compliance officer of your organization who will ensure PIPEDA compliance and also respond to customer inquiries? Implement these procedures to your clients? personal information when its under your control and when its transferred for processing by third parties:? Give an explanation to your clients about the type and purpose of the personal information you?re collecting? Have the client?s consent before you collect any personal information which can be oral or written but there should be a proof? Don?t require the collection of the information as a condition of provision of services? Don?t collect excess information than you just need, limit only what you need? Collect complete and accurate personal information? Don?t use the individual?s information for other uses other than the intended, or indefinitely retain their personal information.? Educate all the employees on procedures and the importance of personal data protection? Establish breach management strategies including:? Report any breach of security safeguards to the OPC? Notify the individual about the breach; any unauthorized access, disclosure, or loss of their personal information which might cause a great risk of harm to that individual. Ensure also you provide enough details about the breach to help the person understand the significance of the breach and the possible steps they can take to protect themselves? Notify a government institution or another organization about the breach if they can reduce the harm risk to the affected individuals? Assign a team to investigate the breach? Keep records of the breach for approximately 24 months after the occurrence.? Grant access to the individual when they request to access their personal information<h2 id="pipeda-checklist">PIPEDA Checklist</h2>This act comprises of different legislation to guide individuals and businesses o how to approach and protect privacy in Canada properly. This checklist is a tool with a set of standards that medium and large organizations can utilize in monitoring their compliance with the 10-fair-information principles from the PIPEDA schedule 1.<h3 id="accountability">Accountability</h3>It?s the responsibility of an organization to protect the data under its control and shall designate a person who is responsible for the compliance of the organization who is the chief privacy officer, with knowledge relevant procedures and policies, and also deal with complaints.<h3 id="consent">Consent</h3>In the commercial activity, the knowledge and consent of the person are needed for the collection, use, and disclosure of the personal information. Consent is usually implied or expressed. Expressed consent in most instances is recommended by the privacy commissioner.<h3 id="identifying-purposes">Identifying Purposes</h3>At the time of collection or before, the purpose for which the information is being collected should be identified. The organization is supposed to develop a statement of purpose.<h3 id="limiting-collection">Limiting Collection</h3>The information is to be collected and used only for the specifically identified purpose. It can?t be collected by misleading or deceiving the individual about the intended purpose. Moreover, personal information shall be lawfully and fairly collected.<h3 id="limiting-the-use-retention-and-disclosure-of-personal-information">Limiting The Use, Retention, and Disclosure of Personal Information</h3>The information collected shall not be used or disclosed for purposes other than the stated one unless the individual agrees or as required by the law. Retention of personal information is done as long as necessary for that particular purpose fulfillment.<h3 id="accuracy">Accuracy</h3>The information collected shall be up to date, complete, and accurate as necessary for the purpose it was collected for.<h3 id="safeguards">Safeguards</h3>It?s the responsibility of the organization to protect the personal information from theft or loss, modifications, disclosure, unauthorized access, and from being copied. The security level will depend on the sensitivity of the information and the authorized persons shall sign a confidentiality agreement.<h3 id="openness">Openness</h3>The privacy policies of the organization and practices concerning how they manage personal information should be readily available to anybody.<h3 id="individual-access">Individual Access</h3>The owners of the information have the right to request and know the type of personal information that has been collected, whom it has been disclosed to, how it?s being used, and can challenge the completeness and accuracy of the information and correct any errors.<h3 id="challenging-compliance">Challenging Compliance</h3>An individual can address any challenges to the chief privacy officer of the organization concerning the compliance with all the principles above.PIPEDA combines several systems in the protection of personal information of every individual. On e of the important options is to conduct a <a href="https://www.colleaga.org/article/privacy-impact-assessment">PIA (Privacy Impact Assessment).</a> It?s a structured risk management methodology that enables an organization to determine the privacy risks associated with new programs and information systems and strategies to manage them.<h2 id="consequences-of-a-pipeda-violation">Consequences of a PIPEDA Violation</h2>Client privacy is a very critical part of a business. You may be worried about the potential costs and penalties that could accompany non-compliance issues with various legislations' privacy laws if you do your business online. Violation of the PIPEDA laws can attract fines of u to $100, 000 every time a person if affected by the security breaches and the federal government decides to prosecute the case.The OPC (Office of the Privacy Commissioner) tend to oversee compliances with <a href="https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/">PIPEDA (Personal Information Protection and Electronic Document)</a> that implements the privacy obligations to be adhered to by private organizations during commercial activities.An individual or the commissioner initiates <a href="https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/file-a-complaint-about-a-business/">complaints under PIPEDA</a> then the OPC proceeds to determine if the issue is covered by the PIPEDA act. The investigations are then launched.For instance, the New Zealand Company (new Zealand profile technology) violated the rights of more than 4.3 million Canadians by copying and posting the profiles of Facebook users on its website. The commission ruled that the individuals had to give their consent as the Profile Technology used that information to start its social networking website known as the Profile Engine. The commission said that PIPEDA Act had been violated by that company by reusing the information for that particular purpose without the consent of the individuals.Another probe was also carried out by Daniel Therrien, a federal privacy commissioner, on the data management practices of six Canadian data brokers. He said that there were concerns about how the databases of Canadians that detailed personal information was being compiled then disclosed to marketers. The personal information could be inaccurate or used for purposes which the individuals don?t know so the transparency, accountability, openness, means of consent, management of the collected information, use, and disclosure were investigated.<h2 id="pipeda-changes-on-the-horizon">PIPEDA Changes On The Horizon</h2>Following the two major developments from the Canadian government, the data privacy day came along to highlight some of the anticipated important changes and developments in the Canadian privacy laws.In the Canadian private sector, businesses, undertakings, and works regulated by the federal laws, are all subject to the PIPEDA concerning how they collect, disclose, or use of employees? personal information. The territorially and provincially regulated businesses that also collect, disclose, or use personal information during their commercial activities are fully under the Act.In the Canadian government?s digital charter, principled data protection is articulated to digital and data transformations, formulating 10 principles to the PIPEDA changes.These are the proposed amendments:? Ban the bundling of consent into contracts? Improve the enforcement mechanisms with enhancements on non-compliance penalties? Provision of data mobility opportunities in the support of individual control over data and promotion of consumer choices? Make it fairly easier for organizations to utilize personal information in some circumstances through the creation of limited exceptions to the requirement of consent.? Enhance the transparency and control that people have over their personal information through specific standardized plain language requirements on the use of the information.If all the amendments are put in place, they will potentially result in fundamental changes in the manner in which the Canadian private sector businesses collect, disclose, or use personal information. The amendments would also align Canada with the European Union data protection regime under the regulations of the GDPR (General Data Protection Regulation).

PIPEDA Canada - Personal Information Protection and Electronic Documents Act

AI is continually making waves in the news and journalism industry. The work of communicating everything that happens in the society seems like it's something entirely human-dependent. Furthermore, what does a machine have to do with what happens in the news?Journalism, as we know, has a large consumer base and is highly dependent on technology from the collection of data from different news sources to the publication of the content.Despite journalism being one of the consumers of technology, technological advancements change the way the news and journalism are carried out. AI is continuously focused on improving news production, publishing, and sharing ideas in particular.In automated or algorithmic or robot journalism, computer programs are used to generate news articles. Computers, rather than human reporters, automatically produce stories through AI (Artificial Intelligence) software. These programs organize, interpret, and also present the data in a readable manner.Artificial intelligence in journalism involves algorithms that scan large amounts of given data, select from pre-programmed articles, order key points and insert information such as places, amounts, statistics, and names. There is also the potential to customize the output to fit a specific tone, style, and voice.<h2 id="common-worldwide-data-leaks">Common Worldwide Data Leaks</h2>In recent years, investigative journalists had a protective duty between the public sphere and their confidential information sources. However, this duty has been undergoing changes in the last two decades with the introduction of new media.Some instances like Snowden and WikiLeaks show how contemporary the media allows people to directly release data to the global audience, which raises the question of how the operations of journalists are affected by the recent leaks.<ul><li>The Bahamian Files</li></ul>In the Bahamas, some 400,000 documents were leaked from the register of legal entities on offshore companies, including Ukrainians. There was data of about 60 companies on the Ukrainian part of the Bahamian archive. Massive datasets include information on citizens of more than 100 countries who had applied to one of the globally famous offshore zones, the Caribbean jurisdiction for the registration of their businesses.The Bahamian files were publicly made available on midday. The documents had information on different Germans' offshore secrets. The DDoS (Distributed Denial of Secrets) published a full archive of the documents, unlike the ICIJ, who posted the Bahamas leaks, with no documents. The archive posted by the DDoS contained much larger data amounts than the Bahamas Leaks with some of it, namely until 2018, relating to a very recent period.As mentioned earlier, the Ukrainian part of the Bahamian archive contained information of about 60 companies. The companies were mostly founded by Ukrainians, low profile businessmen who were not part of the government, but several names drew public attention.It's not a crime to register companies in offshore jurisdictions. It is a global exercise that occurs for various reasons, such as convenience in the structuring of one's business and quality services in the offshore zones.<ul><li>FDA Data Dump</li></ul>You may have only heard of Panama Leaks or WikiLeaks. However, every few months, there is a leak of information that journalists cover. For example, the <a href="https://www.kvue.com/article/news/investigations/medical-device-dangers/fda-releases-thousands-of-previously-hidden-reports-showing-problems-with-medical-devices/269-a8f43fa7-587f-486d-ab80-065265d044c5">FDA data dump</a> revealed breast and dental implant problems among hidden reports. The majority of the reports about the 5.8 medical device problems that the <a href="https://www.fda.gov/home">FDA</a> accessed were breast and dental implants.Many medical device complaints are kept at the FDA, where they are accessible to the general public. The 5.8 million complaints were the 'alternative summary reports' that were hidden for decades, and the FDA only could access the files; nurses and doctors couldn't even see them.<ul><li>The Luanda Leaks</li></ul>Isabel dos Santos, a businesswoman, was accused of making a fortune at the Angola citizens' expense, as revealed in the <a href="https://www.icij.org/investigations/luanda-leaks/">Luanda Leaks</a>. She moved billions through her shell empire, which was made possible by consultants, lawyers, and accountants.The businesswoman claimed that her success was self-made, but an investigation, Luanda Leaks, by 36 media partners and the ICIJ revealed the true source of her wealth. Isabel dos Santos in her defense, accused the Luanda authorities of using falsified documents to freeze her assets as presented in her evidence.The Luanda authorities denied the claims of Isabel alleging false emails and a fake passport. They further stressed that the estimated damages in the proceedings against her are more than 5 billion dollars by the state's estimates.There have been massive data leaks in recent years from the offshore jurisdictions like the offshore leaks, Panama papers, Bahamas leaks, and paradise papers.<h2 id="incorporation-of-machine-learning-ml-in-journalism">Incorporation of Machine Learning (ML) in Journalism</h2>In some instances, machine learning cannot do something you couldn't; but what machine learning does is accomplish it faster than humans. Machine learning has the potential to find emails, the same as the ones you already have, assist you in finding frames of a given video with a senator, etc. The computer needs to be fed particular knowledge on the questions you are trying to find solutions.This knowledge helps you solve several common problem patterns such as flagging matching things from given sets of documents, filtering complex data point spreadsheets, searching through picture piles, and sorting caches of reader tips.It's up to you to determine whether the images, data points, or the documents found via machine learning are newsworthy or exciting. Still, ML can get you from an unmanageable pile to a manageable one. You should also know that the computer can be mistaken, confused, and fail to understand your question like any other source, so continue with your journalism. ML is continuously being incorporated and advanced in the journalism industry so that it perfectly answers questions that reporters have concerning their data.Machine learning techniques greatly help journalists in daily stories and accomplish some investigations that may involve going through vast piles of documents for months, which can be done in just a week. Journalists have been known to utilize machine learning tools and codes like in the following real-world examples:<ul><li>finding assaults classified as minor but were serious ones</li><li>detecting sexual abuse complaints in disciplinary reports</li><li>detecting political advertising</li><li>finding the discussed topics by the members of congress</li><li>detecting toxic comments</li></ul><h2 id="learning-ml-with-free-hands-on-videos">Learning ML With Free Hands-on Videos</h2>As a journalist, you can learn how to how to incorporate ML in your investigation tasks through several <a href="https://github.com/Quartz/aistudio-workshops/tree/master/notebooks">online coding notebooks</a> and<a href="https://qz.ai/series-machine-learning-videos/"> videos</a>. Get to try your hands in searching images, analyzing text with AI, and sorting images.You can enter these pre-trained machine learning lessons by John Keefe, an editor at Quartz Al Studio, and a member of the Mauritius leaks. There are 15 lessons which are 4-15 minutes. You'll get through a series of project examples focused on journalism like sorting docs into piles, detecting objects in images, and also the extraction of individuals' names from troves of texts.The lessons utilize the <a href="https://www.fast.ai/">fast.ai</a> ML library for python, which makes Machine Learning easy for individuals who are not well versed in computers and math. The videos can be your preferred journalist oriented primer for the free and excellent fast.ai course <a href="https://course.fast.ai/">practical deep learning for coders</a>, which will significantly help you.

Premium reporting on technology, startups, VC funding, and software from Techfastly tagged with AI. Read about themes, trends and strategies for AI.

Artificial Intelligence

AI in Journalism

Pfizer-BioNTech COVID-19 vaccine data hacked during EMA Cyberattack. 

COVID-19 Vaccine Data Hacked

As the coronavirus pandemic increasingly continues to sweep across states globally, researchers have taken a crucial step in developing vaccine for the disease. But unfortunately, as the COVID researchers rush to invent the vaccines, some secretive state-sponsored hackers and cyber mercenaries are quietly watching them.Recently, the European Medicine Agency (EMA), the European Union agency tasked with authorizing the use of medicines across states, was the target. This agency has confidential documents concerning the Pfizer vaccine stored on its servers. Although the attack wasn't clear on how and when it occurred or who was behind it, it was partly successful, and some documents were unlawfully accessed. According to a <a href="https://investors.biontech.de/news-releases/news-release-details/statement-regarding-cyber-attack-european-medicines-agency">statement by the BioNTech</a> pharmaceutical company, they claimed that the accessed documents during the cyber attack were related to the Pfizer-BioNTech COVID vaccine's inventory.During the<a href="https://healthitsecurity.com/news/pfizer-biontech-covid-19-vaccine-data-breached-in-eu-regulator-hack"> incident</a>, no Pfizer or BioNTech systems were breached, although they are unaware of any study participants who might have been identified through the accessed data.The European Medicines Agency confirmed the cyber attack they were subjected to and said they launched a full investigation of that particular breach. On the other hand, the two companies claimed that they would wait for further information concerning the EMA investigations and appropriately respond in compliance with the EU law.The EMA also assured that the attack would have no impact on the timeline for its review.<figure class="kg-card kg-image-card"><img src="https://iaxds62ruoojbg1k4180.cleaver.rocks/images/posts/4b4e2cfc90fad366831cdc436866bde2.jpg" class="kg-image" alt loading="lazy" width="2000" height="3113" srcset="https://techfastly.com/content/images/size/w600/2021/01/hakan-nural-gQd4SRfKs40-unsplash.jpg 600w, https://techfastly.com/content/images/size/w1000/2021/01/hakan-nural-gQd4SRfKs40-unsplash.jpg 1000w, https://techfastly.com/content/images/size/w1600/2021/01/hakan-nural-gQd4SRfKs40-unsplash.jpg 1600w, https://techfastly.com/content/images/size/w2400/2021/01/hakan-nural-gQd4SRfKs40-unsplash.jpg 2400w" sizes="(min-width: 720px) 720px"></figure>The UK suspects Russian hackers while the United States and Spain accuse China. Others have pointed fingers at Iran, Vietnam, and North Korea. It?s even more devastating how the cybersecurity companies are also being hacked. For instance, the FireEye was previously attacked when ABC was interviewing Mr. Tim Wellsmore.There is currently much attention on the hackers targeting the vaccine researchers, but there is very little evidence that most of the attacks have been a success. The EMA attack was one of the first after Pfizer, the target, admitted that their documents had been accessed.These attacks can compromise the development of the COVID-19 vaccine; however, the UK still announced rolling out of the Pfizer vaccines soon.<h2 id="data-protection">Data Protection</h2>There is critical intellectual property and data about different vaccines, but other nations are trying very hard to steal the formulae and disrupt the vaccine supply operations. Many companies and governments don?t go overboard to report breaches for fear of reputational damages, and in other times, the hackers tend to be too intelligent to be detected.CEOs and Board Members should implement some severe measures to prevent the success of such attacks. Is the executive team taking the necessary steps to protect data from cyber-attacks? Here are some of the possible techniques that can be employed to enhance data protection.? Understand the evolving threats from nation-states and risks to the COVID vaccine development and vaccine supply chain. Attackers tend to be persistent, sophisticated, patient, and well funded and have the ability to disrupt the vaccine development through IP theft at the research stage, manufacturing disruptions, and reputational damage.? Have strategies to defend against threats such as managing third parties, segmenting the network access, identifying potential attackers and their tactics, and taking care of the system vulnerabilities.? Establish a response plan for the companies involved with vaccine research, manufacturing, trials, and distribution for remediation in case of a successful attack. A good response plan is formal and clearly defines how they will engage with governmental and law enforcement agencies.It's time hackers are treated as terrorists; they should be hunted and locked for decades, so they understand human life's value. Hacking the regular companies is a different thing from hacking healthcare systems. It's willfully and directly killing individuals globally, so investing significant efforts in identifying these attackers is worth it. If a given country is behind it or is sponsoring cyberattacks, it should be immediately dropped from the global internet to protect critical data.But how do these cyber attackers gain access to the data?<figure class="kg-card kg-image-card"><img src="https://iaxds62ruoojbg1k4180.cleaver.rocks/images/posts/f454862246e2c8de3718af1e64e493a1.jpg" class="kg-image" alt loading="lazy" width="2000" height="3556" srcset="https://techfastly.com/content/images/size/w600/2021/01/pexels-artem-podrez-5878501.jpg 600w, https://techfastly.com/content/images/size/w1000/2021/01/pexels-artem-podrez-5878501.jpg 1000w, https://techfastly.com/content/images/size/w1600/2021/01/pexels-artem-podrez-5878501.jpg 1600w, https://iaxds62ruoojbg1k4180.cleaver.rocks/images/posts/f454862246e2c8de3718af1e64e493a1.jpg 2160w" sizes="(min-width: 720px) 720px"></figure>Several hackers from Russia, North Korea, China, and Iran are engaged in cyber attacks trying to steal the COVID vaccine secret, which is referred to as ?intellectual property war? by security experts.The US company Pfizer and its Germany-based partner BioNTech say their data about the COVID-19 vaccine was accessed unlawfully when the cyber attack on the EMA?s servers occurred. This wasn't the first attempt of cybercriminals to attack an entity associated with coronavirus vaccines.These cyber gangs employ tactics such as ?password spraying? where passwords are tried out on many accounts and ?spear phishing' where targeted emails are designed, inviting an individual to click a link that will eventually install malware into their system. They also use fake emails to trick individuals into providing sensitive information about the company.In another instance, IBM detected a hacking ploy targeted to COVID-19 vaccine distribution to the developing countries, which appeared like a nation-state was involved. The hackers were most likely sponsored by an unknown government <a href="https://arstechnica.com/information-technology/2020/12/covid-vaccine-supply-chain-targeted-by-hackers-say-security-experts/">targeting the cold vaccine chain</a>, which encompasses companies that keep the vaccine at low temperatures to stay effective and stable.In this case, the attackers had designed booby-trapped emails sent in the name of an executive at Haier Biomedical, a Chinese firm that deals with the <a href="https://www.wired.com/story/the-last-ultra-cold-mile-for-covid-19-vaccines/">cold storage supply chain</a> essential in the transportation of viable vaccines. These attackers had already researched the right make, price, and model of different refrigeration units for the message to appear authentic.This IBM research has prompted many organizations to guard themselves against hacking.The development and progress of vaccine research have led to increased cyber attacks on COVID researchers, who are the primary targets. During the past several months, there have been numerous reports of hackers trying to steal data and disrupt vaccine development. Although cybersecurity teams are working tirelessly to identify the criminals and find solutions to data breaches, they say it?s a challenge to stop them as it?s a never-ending and ongoing arms race!

Write for us

Subscribe to Magazine