Episode 130 – Privacy Regulation and the High Stakes of Compromise – Scott Giordano, Spirion

George Peabody

August 11, 2020

POF Podcast

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.


Privacy.

It’s a huge issue. Many of us are concerned as individuals with how our personal data – our personally identifiable information or PII – is shared by social media and throughout today’s massive data ecosystem without our knowledge or without our case by case granting of permission.

As a result of those concerns, various jurisdictions around the work have enacted privacy-focused legislation that has teeth. The EU’s General Data Privacy Regulation (GDPR) focuses on data protection and privacy where consent for PII is required. It also addresses data domicility, where the data about an EU system must reside. GDPR applies to entities doing business in Europe – i.e. it applies to thousands of US companies.

In the US, one of the leading regulatory steps is on the ballot this year in California. Its proposed data privacy regulation, the California Consumer Privacy Act (CCPA), would provide for:

* The right to know about the personal information a business collects about them and how it is used and shared;
* The right to delete personal information collected from them (with some exceptions);
* The right to opt-out of the sale of their personal information; and
* The right to non-discrimination for exercising their CCPA rights.

Any business doing business in CA will be affected by the CCPA, including data brokers.

These regulations are an attempt to return a measure of control to individuals over the sea of personal data that makes it possible, for instance, for an entity to correlate the data of a handful of payment transactions to identify an individual with high confidence.

The ramifications of these regulations are many. In this podcast, we hear of how a Midwest bank, that does not business itself in the EU, became subject to GDPR regulations because of the activities of one of its clients.

We are living in a world where the social implications of wide data sharing are obvious.

What’s not so clear are the business ramifications of privacy regulations and the data custodianship they demand.

In this Payments on Fire® George and Scott Giordano, VP and Sr. Counsel, Privacy and Compliance at data privacy management firm Spirion, talk about what can and has gone wrong, the high cost of sanctions for failure, and how to reduce the risks attendant with the handling of personal data.

We are at the beginning of a decades long evolution of how privacy is supported and data is managed. Shaping that path will be regulations, the decisions reached through multiple lawsuits, and the response by technology and data providers.

Recent Payment Views

Payments Post #13: At the Intersection of Tech, Regs, and Business Partnership

Payments Post #13: At the Intersection of Tech, Regs, and Business Partnership

This month, Cici Northup joins regular contributor Justin Pituch to recap positive news in the form of fast payments growth, new fraud mitigation strategies, and evolution in cross-border transfers. All reflect, to varying degrees, the unique dynamic in the payments industry created by the intersection of technology, regulation, and new business partnerships.

read more
Payments Orchestration: What Comes Next?

Payments Orchestration: What Comes Next?

Orchestration providers have certainly come a long way, and can enable powerful capabilities and benefits for the merchants that employ them. This post explores some of the possibilities Glenbrook has been thinking about for where Orchestration (and even orchestration) can go next.

read more
Payments Post #13: At the Intersection of Tech, Regs, and Business Partnership

Payments Post #12: Lessons from Change

In this month’s Payments Post, we want to draw your attention to several recent fraud incidents that underscore the criticality of effective risk management to your business and the safety and soundness of the payments industry.

read more

Glenbrook Payments Boot CampTM

Register for the next Glenbrook Payments Boot CampTM

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot CampsTM workshops tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

GlenbrookTM Company Press

Comprehensive books that detail the systems and innovations shaping the payments industry.

Launch, improve & grow your payments business