Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Navigating personal data rights in an increasingly digital and machine world
Journal of Financial Compliance,
1
(4),
357-363
(2018)
Abstract
Data is the lifeblood of any modern organisation. Data also poses the fastest growing aspect of risk. Over the past few decades, the volume and types of data that are created and collected digitally and by machines have increased exponentially and distinctions have blurred between corporate and personal data. Particularly in the financial services industry, advances in how organisations collect, store and process large volumes of sensitive data make data an ever-growing asset and liability. Because questions can be expected on the quality of the underlying data or the fairness of the model, any data-driven initiative must be approached with caution and an understanding of the evolving regulatory landscape. This convergence — of exponential data growth, the introduction of new data types and processing capabilities, borderless transfers of data, and increasingly complex web of regulations — makes data risk a clear challenge for organisations and requires careful planning and execution. An integrated data risk management strategy is needed at the senior level of each organisation to strike a balance between extracting value from data and appropriately managing the associated risks. This paper explores the impact of advanced data analytics and artificial intelligence to data risk and offer key principles of a data governance programme for data-intensive projects in an increasingly digital and machine world.
Keywords: artificial intelligence; data risk; GDPR; privacy
The full article is available to subscribers to the journal.
Author's Biography
Jeewon Kim Serrato is Head of the Global Privacy & Data Protection Group at Shearman & Sterling LLP where she advises companies on privacy, cybersecurity, data protection and crisis management issues. She has extensive experience in developing and structuring comprehensive data and trade secrets protection programmes, implementing and testing information security controls, and helping companies mitigate cyber risks and handle data breaches. Before joining Shearman & Sterling, Ms Serrato was Chief Privacy Officer of Fannie Mae, where she led the organisation’s privacy risk assessments, reviewed its operations from a privacy and cybersecurity perspective, and handled data security incidents. She also served as the top-level executive in charge of privacy at RELX Group (formerly Reed Elsevier) and currently serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee. Ms Serrato is a Certified Information Privacy Professional.
Marc Elzweig is an associate in the Intellectual Property Transactions and Privacy & Data Protection groups at Shearman & Sterling LLP.
Steven Lee is a Managing Director with Alvarez & Marsal in New York and advises clients internationally on investigations, disputes and regulatory compliance. He brings over 18 years of experience in information technology management, with over 14 years of specialist experience in managing and analysing large and complex data sets. Mr Lee focuses on the use of Big Data and advanced data analytics techniques to effectively manage organisational risks and provide data-driven solutions to business challenges. Having spent six years in London leading the European forensic technology practice, Mr Lee has extensive international experience in navigating complex data protection and data privacy considerations. He is a Certified Fraud Examiner, Certified Information System Security Professional and EnCase Certified Examiner. Mr Lee has acted as an IT forensics expert in court and regularly speaks on information governance and digital investigations.
Andy Gandhi is a Managing Director with Alvarez & Marsal in New York and is a data risk and compliance expert with more than 15 years of experience conducting and leading information risk investigations and compliance exercises. Mr Gandhi specialises in leading global enterprise technology and litigation risk-related engagements with a focus on complex technology assessments and investigations. These matters include financial regulatory inquiries, civil, federal and international courts, transactional data risk/analysis, information security, information governance and electronic discovery. Mr Gandhi is a Certified Information System Security Professional and EnCase Certified Examiner. He has also testified and presented expert reports.
