Laws and regulations protecting privacy are not new. In Western civilization, case law on privacy extends back to the early 1400’s, when the law prohibited eavesdropping. But what is new is the emergence of comprehensive privacy laws and their supporting regulations. These statutory schemes create broad rights for citizens and impose significant obligations on businesses with respect to collection, use and protection of personal information. Steep non-compliance penalties and short implementation timelines require businesses to build robust compliance programs.
In a global economy, building these new compliance functions is no easy task: each new comprehensive privacy law is different from the last, creating a challenging environment for multi-state or multi-national enterprises. New rights and obligations also have the potential to provide new lines of attack for fraudsters and can limit the ability to detect and prevent fraud. Finally, the global pandemic brings a heightened challenge and creates even more opportunities for bad actors to compromise privacy and evade consequences.
This paper examines two specific privacy requirements in light of an operator’s need to conduct fraud detection, mitigation, investigation, and prevention. Considerations include anti-fraud information collection, sharing, and action. These areas, indeed anti-fraud operations in general, are often overlooked as risk and legal departments draft compliance program guidelines.