by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Autumn 2012
21 problem, but it has been for a long time. the amount of data collected and the limited, legitimate uses of that data, are also important. the more data collected means there are greater risks of loss and serious damage to clients.” AML in regards to the proposed credit reporting reforms facing the financial and banking sector, jones says there are some underlying issues that also need to be addressed by GrC professionals. “in a rapidly changing online environment, privacy breaches can often lead to instances of fraud and identity theft. this can be addressed by not only understanding the types of electronic fraud and how businesses can be effected, but also by know ing your responsibilities under government legisl ation. under the anti-Money launder ing and Counter- ter rorism Financing act 2006 (aMl/CtF), relevant busines se s must mon itor and repor t any suspicious activit y to the government to increase the chances of detecting fraud a nd privacy bre aches,” he say s. “risk managers should have a sound knowledge of what is required of them under the aMl/CtF so they can effectively comply with these reg ulations and reduce their risk of fraud. adopting an electronic verification strategy – as opposed to a manual 100-point verification process – is also a good idea when it comes to confirming customer identities online because it produces g reater match rates.” Overseas trends since 2010, there h ave been 12 new d ata prot ection laws enacted in the world and Moens says approximately half the world has data protection/privacy laws in place and the update of protection reg ulation is rapidly increasing. “the European Commission is in the process of amending its data protection directive to require that businesses with 250 employees or more have a chief privacy officer. Penalties for data breaches are also severe, with penalties of up to five per cent of worldwide revenue,” s he s ays . “such developments suggest that not only will data protection laws around the world be fur ther accelerated but will become core busi ness issues at the most sen ior level s of busi ness oper ation s.” For australian companies dealing internationally, it is even more important that GrC professionals stay on top of overseas trends, says Moens, and the spread of data breach laws and public awareness of the use and re-use of personal information are emerging risks. “special care needs to be given to the handling of personal inform ation, both locally and offshore. in multinational companies this is especially important with the myriad of data protection laws bei ng enacted globally. GrC profe ssionals need to actively manage data protection with a program of active and regular review within their business.” • •• Facebook: friend or enemy? NATO’S most senior commander, Admiral James Stavridis, was at the centre of a major security alert when colleagues fell for a fake Facebook “friend request” in his name, reported The Telegraph (UK). Although the bogus profile is unlikely to have found genuine military secrets, it gained access to personal details including email addresses, the names of family members and personal pictures. NATO has since told its military officers and diplomats they should open their own social networking pages to prevent a repeat of the security breach. It will be incumbent on GRC professionals to know local current legislation but also keep up- to-date with international and emerging laws to ensure their company stays ahead of regulation. NATO Admiral James Stavridis at centre of Facebook scandal
GRC Summer 2012
GRC Winter 2012