Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Design Challenges for GDPR RegTech

The Accountability Principle of the GDPR requires that an organisation can demonstrate compliance with the regulations. A survey of GDPR compliance software solutions shows significant gaps in their ability to demonstrate compliance. In contrast, RegTech has recently brought great success to financial compliance, resulting in reduced risk, cost saving and enhanced financial regulatory compliance. It is shown that many GDPR solutions lack interoperability features such as standard APIs, meta-data or reports and they are not supported by published methodologies or evidence to support their validity or even utility. A proof of concept prototype was explored using a regulator based self-assessment checklist to establish if RegTech best practice could improve the demonstration of GDPR compliance. The application of a RegTech approach provides opportunities for demonstrable and validated GDPR compliance, notwithstanding the risk reductions and cost savings that RegTech can deliver. This paper demonstrates a RegTech approach to GDPR compliance can facilitate an organisation meeting its accountability obligations

The Federal Rules of Civil Settlement

The Federal Rules of Civil Procedure were originally based upon a straightforward model of adjudication: Resolve the merits of cases at trial and use pretrial procedures to facilitate accurate trial outcomes. Though appealing in principle, this model has little relevance today. As is now well known, the endpoint around which the Federal Rules were structured — trial — virtually never occurs. Today, the vast majority of civil cases terminate in settlement. This Article is the first to argue that the current litigation process needs a new regime of civil procedure for the world of settlement This Article begins by providing a systemic analysis of why the Federal Rules inadequately prevent settlement outcomes from being distorted relative to the underlying merits — as defined by reference to substantive law — of a given dispute. It then explains how the Federal Rules can actually amplify these distortions. Indeed, notwithstanding the well-worn adage that settlement occurs in the “shadow of the law,” scholars have shown that non-merits factors exert significant influence on settlement outcomes. However, these insights have not been considered together and combined with a systemic focus on the ways in which the influence of these factors on settlement outcomes is actually a product of the basic structural features of the Federal Rules. This Article takes these next steps to explain that the “shadow of the law” that is cast on settlements is fading. Further, this Article discusses a new phenomenon in the current litigation environment — namely, that litigants’ increased reliance on prior settlements as “precedent” for future settlement decisions may move settlement even further out of the “shadow of the law” and into the “shadow of settlement” itself. This Article then traces these problems to three foundational assumptions underlying the Federal Rules of Civil Procedure, all of which have become outmoded in a world of settlement. In rethinking these assumptions, it provides a new conceptual account that contextualizes previously isolated procedural reform proposals as challenges to these foundational assumptions. It also explains how these reform efforts ought to be refined and extended with a specific view toward systematically redesigning the basic model and operation of the Federal Rules for a world of settlement. Lastly, it sets forth new proposals that seek to reorient current rules expressly toward the goal of aligning settlement outcomes with the merits of underlying claims. What emerges is a new vision of procedure — one in which the application of pretrial procedural rules do not merely facilitate trial but are designed to provide litigants with guidance regarding the merits of claims and are used to align settlement outcomes more meaningfully with the dictates of the substantive law. In describing this vision, this Article lays the groundwork for the design of a new Federal Rules of Civil Settlement

Lex Informatica: The Formulation of Information Policy Rules through Technology

Historically, law and government regulation have established default rules for information policy, including constitutional rules on freedom of expression and statutory rights of ownership of information. This Article will show that for network environments and the Information Society, however, law and government regulation are not the only source of rule-making. Technological capabilities and system design choices impose rules on participants. The creation and implementation of information policy are embedded in network designs and standards as well as in system configurations. Even user preferences and technical choices create overarching, local default rules. This Article argues, in essence, that the set of rules for information flows imposed by technology and communication networks form a “Lex Informatica” that policymakers must understand, consciously recognize, and encourage

What’s behind the ag-data logo? An examination of voluntary agricultural-data codes of practice

In this article, we analyse agricultural data (ag-data) codes of practice. After the introduction, Part II examines the emergence of ag-data codes of practice and provides two case studies—the American Farm Bureau’s Privacy and Security Principles for Farm Data and New Zealand’s Farm Data Code of Practice—that illustrate that the ultimate aims of ag-data codes of practice are inextricably linked to consent, disclosure, transparency and, ultimately, the building of trust. Part III highlights the commonalities and challenges of ag-data codes of practice. In Part IV several concluding observations are made. Most notably, while ag-data codes of practice may help change practices and convert complex details about ag-data contracts into something tangible, understandable and useable, it is important for agricultural industries to not hastily or uncritically accept or adopt ag-data codes of practice. There needs to be clear objectives, and a clear direction in which stakeholders want to take ag-data practices. In other words, stakeholders need to be sure about what they are trying, and able, to achieve with ag-data codes of practice. Ag-data codes of practice need credible administration, accreditation and monitoring. There also needs to be a way of reviewing and evaluating the codes in a more meaningful way than simple metrics such as the number of members: for example, we need to know something about whether the codes raise awareness and education around data practices, and, perhaps most importantly, whether they encourage changes in attitudes and behaviours around the access to and use of ag-data

EU Privacy seals project: Inventory and analysis of privacy certification schemes

The objective of this report is to comprehensively inventory and analyse privacy and related certification schemes in the European Union and, where relevant, at the international level. The report will provide insights into the importance of privacy seal schemes and present information on the operational aspects of these schemes. The report will also help understand the privacy and data protection elements of the analysed schemes and provide and initial analysis of their shortcomings. The report specifically aims to understand whether (if at all) the analysed schemes address the requirements proposed under the GDPR. It will highlight the main convergences and differences between the schemes, who benefits from such schemes and what the impact of such schemes is.JRC.G.7-Digital Citizen Securit

Nature et impacts juridiques de la certification dans le commerce électronique sur Internet

Le sujet sur lequel porte la présente étude est inspiré de la problématique à la base du développement du commerce électronique : la confiance. En effet, l’accroissement exponentiel du nombre d’internautes et des sites Web commerciaux pose un sérieux problème à ce niveau. Ces sites présentent au public une information et des services divers, mais peu vérifiables. Ainsi, le principal obstacle au développement du commerce électronique avec les particuliers est le manque de confiance qu’inspirent les lieux visités. En effet, comment savoir si l’entreprise existe, quelles sont ses politiques concernant la sécurité ou la gestion des renseignements personnels, etc. La vérification et la certification des sites apparaissent comme une solution de plus en plus attrayante et utilisée pour ajouter cet élément de confiance. Déjà, de nombreux sceaux de qualité sont apparus sur les sites commerciaux. Certains sceaux portent sur la confidentialité tandis que d’autres ciblent la protection des consommateurs. La certification peut provenir de la compagnie même, d’un tiers certificateur ou d’un organisme public. Ces éléments constituent des balises et repères importants pour le consommateur sur Internet. Toutefois, les incidences légales sont multiples et certains concepts demeurent flous. Pour apporter une réponse à ces questions, nous définirons le concept de certification des sites Web et ses enjeux dont plus particulièrement la problématique de la confiance des consommateurs. Les différents objets de la certification seront analysés, tant au niveau de l’entité, du contenu du site que de la dimension transactionnelle de celui-ci. Les processus possibles et les impacts de la certification occupent la seconde partie du travail. Il s’agit d’examiner successivement les étapes menant à la certification, soit l’établissement des standards, de l’évaluation de l’entité et de la certification elle-même. L’analyse des impacts de la certification, tant sur le plan de la portée, de la responsabilité légale et des effets sur la concurrence de la certification constitue quant à eux, l’aboutissement de la recherche, soit de savoir quel est l’impact juridique d’un tel mécanisme. Le but de la recherche est de permettre au lecteur de mieux cerner ce phénomène de l’utilisation de la certification sur Internet avec ses avantages et ses limites. Certes, cet outil peut s’avérer très utile pour bâtir la confiance des consommateurs, promouvoir l’essor du commerce électronique et constituer une forme d’autoréglementation. Toutefois, mal utilisé ou mal encadré, il peut engendrer l’effet inverse et détruire cette confiance si fragile à construire dans un environnement dématérialisé.This study focuses on the major issue refraining the development of electronic commerce on the Internet: TRUST. As the Internet gains popularity and the number of people surfing its networks increases exponentially, the problem of confidence in electronic commerce and more specifically in commercial websites grows as a very sensitive issue. Commercial websites give out a very large spectrum of information. However, this information is difficult to verify and unfortunately sometimes inaccurate. From that point, the principal obstacle to e-commerce development on the Web is the lack of confidence in the information consumers find on websites. How will a person know if the business he/she wants to deal with really exists or not, what are its practices regarding security or privacy, etc. In that situation, the certification of Web sites appears as an attractive solution to build the consumers' trust. Many seals of approval designed for websites have already appeared on commercial sites. Some of them focus on confidentiality, others on consumers' protection. Certification can arise from the company itself, or from a private or public third party. These elements are important guides for the consumer on the Internet. The legal implications of certification are numerous and not quite so clear. To bring some elements of answer, the author starts by defining the concept of website certification and its use, particularly the problem of building consumers' trust. Website certification is discussed, from the identification of the certified party to the different aspects involved at a transactional level. The second part of the study focuses on the different mechanisms available and the impacts of certification. The author examines the successive steps to follow toward certification, which are the establishment of comprehensive standards, the evaluation by the certifying authority and the certification itself. Finally, the author analyses the legal impacts of a website certification, considering the level of certification, the effects on potential liability and on competition. The purpose of this study is to give an overview of the phenomenon of website certification, its positives aspects and its limits. Certification is an interesting tool to build consumers' confidence, promote e-commerce and self-regulate some industries. However, incorrect use of the tool can result in an opposite effect, that is to destroy a trust which is so hard to build, especially in a virtual environment