Search results

After first being issued in draft in July 1998 and then taking a year to go through Parliament, the Financial Services and Markets Act 2000 (FISMA) finally became law on 14th June, 2000. The Treasury, the government department responsible for the UK financial services industry, has, however, just announced that the FISMA will not come fully into force until summer 2001, although some sections may perhaps come into force earlier.

The Economic Secretary to HM Treasury, Miss Melanie Johnson, announced on 15th March that ‘N2’, the date on which most of the Financial Services and Markets Act 2000 will be implemented, will definitely take place before the end of November 2001. That important and long awaited announcement has been followed by a spate of government and parliamentary activity in order to put in place essential elements of the secondary legislation that HM. Treasury has the power to make under the Financial Services and Markets Act 2000 (FISMA). Much of that Act, important as it is to changing the structure, policy grounding and direction of UK financial regulation, is enabling in effect and leaves many key areas, such as, the scope of the general prohibition on carrying on regulated activities without authorisation or exemption, to be detailed by secondary legislation. On 9th May Miss Melanie Johnson made a further significant announcement in response to a parliamentary question, namely that the provisions of FISMA which confer rule‐making powers and status as the sole financial regulator on the Financial Services Authority (FSA) will be commenced on 18th June, 2001. This is necessary in order to enable it legally to ‘make’ and therefore finalise its by now very extensive Handbook of Rules and Guidance so that firms can prepare for N2 on the basis of its content. The following Orders and Regulations have already been made with the main effects as described.

This paper aims to report on a study that aimed at analyzing the relationships between information security and records management (RM), both as programs/functions established in organizations. Similar studies were not found in relevant literature.

The study used the classic grounded theory methodology. Pursuing the general curiosity about the information security-RM relationship in organizations, the study selected the United States (US) Federal Government as its field of entrance and followed the process of the classic grounded theory methodology that starts from the letting of the emergence of the research question to the formulation of a substantive theory that answered the question.

On the emergent question that why, despite the legislative establishment of agency RM programs and the use of the term records in their work, the US Federal Government information security community considered RM a candidate for deletion (CFD), the study coded the truncated application of the encompassing definition of records as the underlying reason. By this code, along with its three properties, i.e. limitations by the seemingly more encompassing coverage of information, insufficient legislative/regulatory support and the use of the terms of evidence and preservation in the records definition, the CFD consideration and the associated phenomena of unsound legislative/regulatory conceptualization, information shadow, information ignorance and archival shadow were explained.

The study results suggested the data for subsequent theoretical sampling to be the operational situations of individual agency RM programs.

The rationale presented in the study regarding the encompassing nature of records and the comprehensive scope of RM program can be used for building strong RM business cases.

The study appears to be the first of its kind, which examined the RM–information security relationship in a very detailed setting.

Information professionals are increasing called upon to provide access and services for information that, by its nature, must be restricted to certain uses or classes of individuals. This paper aims to explore the six major compliance regulations in the USA that information professionals should have a basic understanding of to manage a restricted information environment effectively.

This paper is a general review of laws and requirements in the USA related to information security that may affect information professionals in their work.

The world of information security is complex and there are multiple laws, guidelines and standards that apply. For information professionals managing or deploying digital repositories or information archives, all of these need to be considered because plans and systems are being developed. Information professionals will increasingly be called upon to lend their expertise to emerging preservation problems related to restricted data, so understanding the basics of information security law is a requirement to successful information practice.

This is the first general overview of this area of information practice.

This study aims to develop a framework for cybersecurity risk assessment in an organization. Existing cybersecurity frameworks are complex and implementation oriented. The framework can be systematically used to assess the strategic orientation of a firm with respect to its cybersecurity posture. The goal is to assist top-management-team with tailoring their decision-making about security investments while managing cyber risk at their organization.

A thematic analysis of existing publications using content analysis techniques generates the initial set of keywords of significance. Additional factor analysis using the keywords provides us with a framework comprising of five pillars comprising prioritize, resource, implement, standardize and monitor (PRISM) for assessing a firm’s strategic cybersecurity orientation.

The primary contribution is the development of a novel PRISM framework, which enables cyber decision-makers to identify and operationalize a tailored approach to address risk management and cybersecurity problems. PRISM framework evaluation will help organizations identify and implement the most tailored risk management and cybersecurity approach applicable to their problem(s).

The new norm is for companies to realize that data stratification in cyberspace extends throughout their organizations, intertwining their need for cybersecurity within business operations. This paper fulfills an identified need improve the ability of company leaders, as CIOs and others, to address the growing problem of how organizations can better handle cyber threats by using an approach that is a methodology for cross-organization cybersecurity risk management.

The purpose of this study is to propose a bearer service, which generates and maintains a “digital doppelgänger” for every financial contract in the form of a dynamic transaction document that is a standardised “data facility” automatically making important contract data from the transaction counterparties available to relevant authorities mandated by law to request and process such data. This would be achieved by sharing certain elements of the dynamic transaction document on a bearer service, based on a federation of distribution ledgers; such a quasi-simultaneous sharing of risk data becomes possible because the dynamic transaction document maintain a record of state in semi-real time, and this state can be verified by anybody with access to the distribution ledgers, also in semi-real time.

In this paper, the authors propose a novel, regular technology (RegTech) cum automated legal text approach for financial transaction as well as financial risk reporting that is based on cutting-edge distributed computing and decentralised data management technologies such as distributed ledger (Swanson, 2015), distributed storage (Arner et al., 2016; Chandra et al., 2013; Caron et al., 2014), algorithmic financial contract standards (Brammertz and Mendelowitz, 2014; Breymann and Mendelowitz, 2015; Braswell, 2016), automated legal text (Hazard and Haapio, 2017) and document engineering methods and techniques (Glushko and McGrath, 2005). This approach is equally inspired by the concept of the “bearer service” and its capacity to span over existing and future technological systems and substrates (Kavassalis et al., 2000; Clark, 1988).

The result is a transformation of supervisors’ capacity to monitor risk in the financial system based on data which preserve informational content of financial instruments at the most granular level, in combination with a mathematically robust time stamping approach using blockchain technology.

The RegTech approach has the potential to contain operational risk linked to inadequate handling of risk data and to rein in compliance cost of supervisory reporting.

The present RegTech approach to financial risk monitoring and supervisory reporting is the first integration of algorithmic financial data standards with blockchain functionality.

The fight against financial crime, as we enter the 21st century, becomes daily more complex. Crime is said to be big, international, capable of destabilising small countries and bringing down large companies. It affects us all. At the same time, police powers are being eroded by bleeding‐heart liberal do‐gooders who introduce civil liberties into every argument and rely on the Human Rights Convention at every turn.

The threat of cybercrime is pervasive. Corporations cannot be convinced, out of sheer luck or naïve conviction, that they will remain unaffected. When targeted, the stark reality is that a company also incurs a liability risk. This paper aims to explore the boundaries of liability resulting from a data breach and privacy concerns according to the emerging regulations on cybersecurity.

The nature of cybercrime and its constant evolution is analysed as a threat of liability. Its distinctly modern developments require consideration. In response to the threat of hackers, the protection that a corporation can invoke is also considered as a mitigating factor in ascribing liability.

Preventative steps to protect a corporation from cyberthreats must remain a consistent priority in the running of a company. The influence of human behaviour has become a foreseeable element in cybersecurity and as such the management of unreliable user behaviour is a key determining factor in ascribing liability in hindsight.

Foresight is everything in the prevention of cyberattacks. Cyberattacks can no longer be dismissed as an unlikely eventuality. Legislation on data security and data privacy is demanding higher standards of preventative action, under the duty of care to stakeholders. There is a substantial literature deficit on data security and data liability regulations in light of the liability risk incurred by cyberattacks.

We examine the translation of the concept of privacy in the advent of digital communication technologies. We analyze emerging notions of informational privacy in public discourse and policymaking in the United States. Our analysis shows category change to be a dynamic process that is only in part about cognitive processes of similarity. Instead, conceptions of privacy were tied to institutional orders of worth. Those orders offered theories, analogies, and vocabularies that could be deployed to extrapolate the concept of privacy into new domains, make sense of new technologies, and to shape policy agendas.