Privacy and data protection
- prior authorisation
- transborder data flows
Identity and signatures
- Certification Authority infrastructure
- validity and effectiveness of electronic signatures
Financial institutions which undertake transactions via the Internet will also need to take heed of other types of regulation which, although not specific to the financial sector, are nonetheless of vital relevance to their activities. Perhaps the most important of these regulations are those which relate to data protection, and to the certification of identity and its related topic, electronic signatures.
Data protection regulation is found in many jurisdictions, including Canada, Japan and the European Union, though not in the US. Most data protection laws require prior authorisation before personal data can be collected, stored and processed, and impose specific restrictions on the use which can be made of that data. These laws will potentially impact on all financial institutions which collect data from customers within jurisdictions where they apply, even if the institutionís home country has no such regulation. Additionally, data protection laws normally restrict the export of personal data to countries which do not provide similar protection. Compliance becomes increasingly difficult when doing business via the Internet, because of the distribution of the enterprise across different legal entities and jurisdictions and the use of intermediaries to collect and process data on behalf of the enterprise.
Identification of customers is also a fundamental issue, both for the enforceability of transactions and because financial regulation often requires such identification. Certification Authorities are organisations which take physical evidence of identity and provide electronic certificates of that fact. These are often used as an element of electronic signature technology. Regulation in this area is just beginning to develop, through significant instruments such as the draft EC directive, the ABA Guidelines, and national laws in e.g. Germany, Singapore and Utah. Interestingly, the basis of regulation is very similar to that of the regulation of financial institutions, and analogous cross-border issues also arise.