Cryptocurrency

Understanding Tech Terms: Cybersecurity, Crypto, And Data Privacy — Part IV – Fin Tech



To print this article, all you need is to be registered or login on Mondaq.com.

In today’s fast-paced and interconnected world,
understanding the terminology surrounding data privacy,
cybersecurity and cryptocurrencies has become essential. New
concepts are constantly emerging, from the advent of airtagging to
the complexities of cross-border data transfers and the evolving
EU-U.S. Data Privacy Framework. Recent cybersecurity breaches and
data leaks have underscored the importance of implementing
effective “KYC” (Know Your Customer) practices that
mitigate risks from malicious actors. The increasingly digital
nature of our world has also increased concerns surrounding
sensitive personal information (SPI) and how it is collected, used
and shared with third parties. Recent regulatory changes and
international disputes have brought these issues to the
forefront.

As our reliance on technology deepens, the need for a common
understanding of these concepts becomes increasingly vital. We hope
that this Part IV of our series on Understanding Tech Terms will
serve as a guide to offer insight and clarity on the innovations,
events and regulations that are shaping our digital future.

Cybersecurity Terms










Bring Your Own Device
(BYOD):
An organization’s policy that allows employees to bring and
use their own personal devices for work purposes instead of using
similar devices provided by the organization itself. Most commonly,
employees are allowed to use their own smartphones to access
emails, connect to the organization’s network, and utilize
other apps or data that are shared on the organization’s
network. Employees may also be allowed to use their own laptops,
tablets, and USBs. Because of security concerns, an
organization’s BYOD policy typically outlines what activities
and devices the organization permits on its network, how to operate
personal devices effectively and appropriately, whether IT support
is provided for personal devices, and how to prevent cyber threats
such as ransomware and data breaches.
Generative AI: Algorithms such as ChatGPT that utilize machine learning to
create content and media, including text, images, audio, videos,
and code by recognizing patterns in (usually very large) datasets
to create new outputs without the need for direct human interaction
or commands. Some practical uses so far include diagnosing medical
conditions, designing product brands and logos, optimizing business
processes, and producing art and music.
NIST Cybersecurity Framework
(CSF):
A voluntary cybersecurity framework based on existing
standards, guidelines, and practices for organizations to better
manage and improve their overall cybersecurity posture and exposure
to risk. The framework was created by The National Institute of
Standards and Technology (NIST), a federal agency and
non-regulatory body under the United States Department of Commerce.
It was initially published in 2014 and has since been widely
adopted by governmental agencies and by various industries such as
finance and banking, energy and utilities, and healthcare.
Typically, the CSF is used as a starting point and then customized
to meet the specific cybersecurity needs of individual
organizations regardless of their size or sophistication.
The Health Insurance Portability and
Accountability Act (HIPAA):
A U.S. federal law that regulates the use and disclosure of
sensitive patient health data, focusing on privacy protection,
security, and breach notification. Covered entities such as
healthcare providers, health plans and healthcare clearing houses
that handle protected health information (PHI) are required to have
physical, network, and process security measures in place to
protect PHI and to ensure that the privacy rights of individuals
are protected.


Data Privacy Terms

*Note that some data privacy statutes or regulations, or
interpretations of them, may define the following terms
differently.










Airtagging: A method of tracking personal objects such as keys, bags, and
small digital devices by attaching a device that uses Bluetooth
instead of GPS. The most common tracking device is the AirTag by
Apple. While initially designed for practical uses such as finding
lost objects, malicious actors use airtagging to track and follow
their victims, potentially for the purposes of personal stalking,
stealing whatever object they are tracking, or gaining access to a
location or device to execute a cyberattack.
Cross-Border Data Transfer
(CBDT):
The movement or transmission of personal data from one
jurisdiction or country to another. The term most often refers to
the transfer of personal data by controllers located in the EU to
recipients outside the EU who act as controllers or processors,
which is governed by the GDPR (“controller,”
“processor,” and “GDPR” are defined in Part I of this series). The GDPR imposes
significant obligations on the sender and recipient of such
personal data and sets forth acceptable ways of transferring such
data securely. Some of the appropriate safeguards enumerated in the
GDPR for CBDTs include legally binding and enforceable written
contracts between the transferor and transferee, binding corporate
rules and standard data protection contractual clauses adopted by a
supervisory authority (“binding corporate rules” is
defined in Part III and “supervisory authority”
is defined in Part II of this series).
EU-U.S. Data Privacy Framework
(DPF):
A legal mechanism for personal data transfers between the EU
and the U.S. that aims to ensure an adequate level of protection
for transferred personal data with the basic principles of
transparency, accountability, and oversight safeguards. The EU-U.S.
DPF is meant to replace the prior EU-U.S. Privacy Shield, which was
struck down by the EU, and is intended to address the EU’s
concerns about U.S. intelligence agencies gathering data on
individuals, in particular, the rights of data subjects, certain
transfers, exemptions, bulk collection of data, etc. On July 10,
2023, the European Commission announced its adequacy decision for
the DPF, which concludes that measures taken by
the United States under the new framework ensure an adequate level
of protection for Europeans’ personal data transferred across
the Atlantic for commercial use. Thus, unless obstacles or
challenges are encountered, US companies that comply with and
participate in the DPF will be able to transfer personal data from
the EU to the United States as they once did under the Privacy
Shield framework.
Sensitive Personal Information
(SPI):
Highly confidential and private data about an individual, such
as personally identifiable information (e.g., name, Social Security
number), financial details, health records, biometric data, or
other sensitive identifiers that, if exposed or misused, could lead
to harm, identity theft, or other adverse consequences. Specific
state and international laws may vary in their interpretation of
what constitutes SPI and may require that additional protections be
afforded to individuals and consumers regarding their SPI,
including data breach notifications, data security requirements,
and consent and opt-out procedures.


Crypto Terms










Bridge: A tool that serves as a connection between multiple
blockchains, allowing assets to be sent from one blockchain to
another. Because blockchain assets are typically not compatible
with one another, a bridge enables token and coin transfers, smart
contracts, and data exchanges between the different sets of rules
coded on multiple blockchains to permit access, enhance
interoperability, and expand the reach of blockchains.
Unfortunately, any transfer of assets to or from a blockchain may
compromise the security of such assets during the transfer because
some protection is lost when moving from the original blockchain
and crossing a bridge. In some instances, cybercriminals have been
able to hack and steal assets while they were being transferred
across a bridge. For example, a hacker stole $100 million from
Harmony’s Horizon Bridge during a transfer when the assets were
more vulnerable.
Central Bank Digital Currency
(CBDC):
A digital form of a government-issued currency that would be
available to the general public and is not pegged to a physical
commodity. CBDCs would be issued by central banks which support
financial services for a government and its banking system,
monetary policy, and issued currency. CBDCs are theoretically
similar to stablecoins (“stablecoin” is defined in Part I of this series) but they would not be
pegged to another currency, commodity, or financial instrument,
and, unlike general cryptocurrencies which are decentralized, would
be state issued, operated, and controlled.
Know Your Customer (KYC): A verification process used by financial institutions in the
U.S. and other countries to confirm the identity of customers in
order to, among other things, prevent money laundering, terrorism
financing, and financial fraud. KYC may require proof of address or
other identifying information. Crypto exchanges often use KYC to
gain a better understanding of an individual’s activities and
determine whether their actions are legal. Many central exchanges
(CEX) require KYC to admit new customers and may impose KYC to
connect an individual to a cryptocurrency wallet.
Mining Contract: An agreement whereunder a miner is paid for their services in
the form of mining power from computer hardware that is used to add
new blocks to a blockchain (“mining” is defined in Part II of this series). Rather than the
conventional scenario of any miner independently adding new blocks
onto a blockchain via solving complicated algorithms to receive
tokens or coins (as first practiced with Bitcoin), a mining
contract permits a sponsor to hire a miner to add new blocks onto a
blockchain so that the sponsor may passively receive tokens or
coins without mining themselves. The advantages of using a mining
contract include: (i) potentially earning money without personally
mining blocks and maintaining adequate hardware and servers; (ii)
avoiding electricity costs; and (iii) expanding the pool of
investors involved in mining and blockchain by simplifying the
entry into mining and making the process more accessible. Since the
cost of certain cryptocurrencies is incredibly volatile, the return
on investment may vary widely depending on the current value of the
coins being mined and the maintenance costs and service fees under
the mining contract.


The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States

AI Regulations In Employment Decisions (Video)

Akin Gump Strauss Hauer & Feld LLP

In this installment of LaborSpeak, we discuss the rise of artificial intelligence (AI) in the workplace and the subsequent wave of new regulations employers should be aware of, including New York City’s…

Government Enforcement

Proskauer Rose LLP

The last webinar in our series concerned AI and government enforcement. Companies are currently gauging how government will focus enforcement efforts in this new…

SEC Cracks Down On Crypto

Alto Litigation

Gary Gensler, the chair of the Securities and Exchange Commission, keeps his promises, at least when it comes to cracking down on crypto trading. And not everyone is happy about it.



Source link

Leave a Response