Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 54

Data privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including personal data but also other confidential data, such as certain financial data and intellectual property data, to meet regulatory requirements as well as protecting the confidentiality and immutability of the data.[83] Based on this definition of data privacy, we define data privacy risk as the risk that unauthorised parties get access to confidential information which is protected by privacy laws. This can either happen accidentally during internal processes or intentionally as part of a cyberattack aimed at stealing customer data.

Data privacy risk can be viewed as an extension of data confidentiality risk to a specific situation. It refers to the situation of violating the rights of the individual regarding the individual’s data, for example using the data outside the scope of given consent, like the use in a marketing algorithm. This would not violate data confidentiality but data privacy. In the EU, the GDPR[84] provides the regulatory basis for this, an example in the US is the CCPA.[85]