Episode 130 – Privacy Regulation and the High Stakes of Compromise – Scott Giordano, Spirion

George Peabody

August 11, 2020

POF Podcast

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.


Privacy.

It’s a huge issue. Many of us are concerned as individuals with how our personal data – our personally identifiable information or PII – is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.

As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe – i.e. it applies to thousands of US companies.

In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:

* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.

Any business doing business in CA will be affected by the CCPA, including data brokers.

These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.

The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.

We are living in a world where the social implications of wide data sharing are obvious.

What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.

Recent Payment Views

Payments Post #16: The Apple Drops

Payments Post #16: The Apple Drops

It’s time for another edition of Payments Post and (surprise!) we’re thinking about the Visa Flexible Credential again. Now that Apple has plans to open up the NFC chip and Secure Element to third party developers, we’re scratching our heads. Who benefits from this newfound NFC access? What opportunities can fintechs unlock? How will conventional financial institutions react? And to tie it all back, does the VFC still matter?

read more
Payments Post #16: The Apple Drops

Payments Post #15: BNPL Battles

In this month’s Payments Post, we revisit the prime use case for Visa Flexible Credential (VFC): BNPL. How are buy now pay later providers positioning themselves in the current environment, how are consumers using their tools, and how are regulators and issuers responding?

read more
Payments Post #16: The Apple Drops

Payments Post #13: At the Intersection of Tech, Regs, and Business Partnership

This month, Cici Northup joins regular contributor Justin Pituch to recap positive news in the form of fast payments growth, new fraud mitigation strategies, and evolution in cross-border transfers. All reflect, to varying degrees, the unique dynamic in the payments industry created by the intersection of technology, regulation, and new business partnerships.

read more

Glenbrook Payments Boot CampTM

Register for the next Glenbrook Payments Boot CampTM

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot CampsTM workshops tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

GlenbrookTM Company Press

Comprehensive books that detail the systems and innovations shaping the payments industry.

Launch, improve & grow your payments business