There is much to be welcomed in the uk's latest revision to data legislation, which has had a multi-yaar marathon from inception as the Data Protection & Digital Information Bill And other iterations to its new form as the Data (Use & Access) Bill,
Perhaps ForeMost in the Benefits Within The Bill is the Explicit Encouragement for Organizations to Share Data to Combat Financial Crime, In Particular The Move “Legitimate Interest” Legitimate Interest ”.
In Essence this allows organisations to work on the assumption that data can be shared in set circumstances. This then allows for automated data sharing in real time, essential in a world of faster payments where human intervention is not realistic.
The bill also goes a long way to create the exciting new Smart data economyIt builds, as its regulatory impact assessment Notes, all smart data on the success of Open Banking,
The uk has been a pioneer in open banking and as april's global fintech week attested, the UK's Fintech Scene Continues to be a World Leader and a Hug Contributor to the GORWTH Agenda.
As Last Year's Report with then Lord Mayor Michael Maineli Notes, The Data Bill will move the uk “Beyond Fintech to Ubiquitech“This creates Opportunities for Many Other Smart Data Sector to Follow in Fintech's footsteps and create burgeon new industrys – Medtech, Insurtch, or any of the other sector that is that are built on Ubiquitous technologies that underpin the digital ear.
One bill to rule them all
As the report describes, the data bill is the “one bill to rule them all”. Many other acts of parloement passed rely relayed almost entrely on the data provisions within the new bill to optimise their performance.
The Economic Crime & Corporate Transparency Act, For Example, Relies on the “Recognized Legitimate Interest” to Allow It to Scale, and the Companies House Reforms Require the verification of directors to be defined. Unfortunately, this is where the Standards Envisaged and SignPosted to are a dramaatic failOpening up not only to future abuse but baking in existing fraudulent activity.
Regular readers of Computer Weekly Over the Last Few Decades May Well Recall the Ongoing Debate as to Whitor British Gas Bills (Other Utility Documents are available) Security, an issue on which the financial services sector has been opined to be counters to effective security.
Yet the Current “Trust” Framework – which you can't Trust as there is no liability model behind it – is still harking back to the Gov.uk verify era good practice guidelines (GPGS).
For there uninitiated with the gpgs, they are so calleded
For there that of you who follow the Excellent Dark Money FilesWe can all agree that even the disorganized criminals need no more help in practicing their online filing. However, reference to gpgs in the data (use & access) Bill would cement these flaws into the system.
Given that bill now builds on open banking it is somewhat counter-enturator that addition of all other Smart Datsets onto Open Banking Should Weaken Security Controls COKUROLS ACOROSS The Board Just Other datasets do not currently have to meet Financial Services Security Controls.
Security vulnerabilities
Outside Financial Crime, Failure to Address Cyber Security Vulnerabilites Risks The General Public's Trust in the Handling of his data. Some will recall the Collapse of the nhs national program for it In 2012, In Large Part Due to the Public's Justified Concerns about the Lack of Security Over how their data was being handled.
Secretary of State for Health and Social care wait Be realized without brings public trust and confidence with it.
With the majority of the population having been a victim of finance Such services, and this urgently needs to beomed.
Meanwhile, we heard from the office for National Statistics Last Month That Fraud – Alredy the Larget Form of Crime, Responsible for 41% of all crime – is still accelerating. Moreover, this is despite the Stronger Sector-Specific Security Standards that Exampted Financial Services from the Network Infrastructure Systems Directive (NIS
The juxtaposition of Nis2 and the Digital Operational Resilience Act (Dora)Coming through from the European Union, with a Watering Down of Alredy Lax Financial Services Controls does not bode well for a uk “Trust framework”.
The forthcoming Cyber Security & Business Resilience Bill is to be welcomed in aiming to address the vulnerability in uk critical national infrastructure, a concern highlighted recently by heathrow airport's closure and the switch-of Spanish and Spanish and Spanish and Spanish and POWFFF Grids.
Even here, howyver, Strong Authentication is Critical, as Shown in the Analysis of the Colonial pipeline shutdownDiscovered to be a basic failure of multi-factor authentication.
Know Your Customer (KYC) and Anti-Money Laundering (AML) Controls Ought to be set at a bare minimum, but even beyond that final services really OUGHT to be implemented Finance adopted back in 2018 as part of its committee to the Payment Systems Regulator'S Payment Strategy Forum's Financial Crime Working Group.
Regulatory guidelines
While British Standards was adopted at the time as meeting the need for regulatory guidelines, these security measures haveres have yet to be effectively implemented in any Organization, WITH DISPARETE ELIMENTES MERELIMENTES Patched togeether in disjointed fashion.
If that was to actually manifest then the uk group has a True Drednough Moment, Providing Actual Identity Security, Potentially Offred Internationally, For a Robust, Result, Resilient and ACTULLY Trusted Framework. But until then, we have a lowest common denominator which will ensure that Organized Crime Flourishes on the back of photos of photoshopped Driving Licenses and Gas Bills.
And for that who are heartned by the inclusion of International Biometric Chip Passports, A Quick Note that Many of Our Key Adversaries are State-Sponsored Organized Crime Gangs.
While access to corrupt officials in certain nations have always been a concert, we don't have multiple states actively attacked Uk Services. For there, you who follow Dark Money Files, You Will Be Aware of the Scourge of Innocent members of the public having their home addresses utilized for fraud.
The Economic Crime and Corporate Transparency Act is supposed to tackle this, but the currently envisaged verification “Solutions” Solutions “Solutions” will simply allowed adolf Hitler to Verify THEE DES Indeed Health ATEEDEDE JETEE HE DOS Indeed Twives ATER ATER ATE Having done so this will likely make it even digital for you to have his companies that are registered at your home to be taken down.
Ill-Fated Fiasco
In conclusion, the data (use & access) bill has much in it which would prove to be a gamecher both in combating financial crime and cyber second flaws, but also in alloping a new Swathe of Smarting Applications to transform the Uk Economy and Drive Growth.
But if Trust in the Verification of Individuals and Organizations is Fundamentally Undermined by Inapprite and Provable Vulnerable Processes then we Risk the Ill-Fated Gov.uk verify fiasco dragging on For yet another decade.
Andrew churchill is policy director at the Cyber Security & Business Resilience Policy Center And Author of the British Standard in Digital Identification & Strong Customer Authentication (BSI PAS499).