Chinese bank fined for major data protection failings

By GRC World Forums2021-03-26T14:27:00+00:00

No comments

The China Banking and Insurance Regulatory Commission has ordered China Citic Bank to pay RMB4.5m ($690,000) in penalties for what the regulator termed major violations of banking laws and regulations.

Among breaches the commission listed in its notice of fine were non-standardised management of collecting customer information and customer data access control not complying with the principles of “must know” and “minimal authorisation”.

There was also querying of and providing personal information to third parties without the customer’s authorisation.

Poor management of customer-sensitive information caused it to flow onto the internet, while customer-sensitive information was stored in violation of regulations, according to the commission.

The regulator also found Citic Bank’s customer information protection system to be unsound and lacked a unified business operation process and necessary internal control measures.

Citic Bank says it has since made improvements to enhance customer information protection.

Register for free to receive the latest data protection and privacy news and analysis straight to your inbox

Topics

No comments

Article
US state legislators driving AI regulation despite resistance from industry chiefs

2024-04-26T12:49:00Z

Lawmakers from various regions across the United States are taking the reins in significant legislative drives to oversee the use of AI technology.
Article
US utilities struggling to meet demand of energy-thirsty AI

2024-04-19T11:53:00Z

In the US, demands for power are outstripping availability as energy-thirsty technologies such as generative AI pile pressure on national electrical systems.
Article
Banks poised for increased risk due to AI

2024-04-19T09:06:00Z

A leading banking regulator has issued a stern warning over the risks that financial institutions face as they move to integrate artificial intelligence (AI) and machine learning (ML) into governance operations.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from Data Protection & Privacy

News
Tech companies in India must get official nod before using “risky” AI

2024-03-07T09:49:00Z By GRC World Forums

The Indian government has issued a directive to the country’s technology firms, urging them to obtain approval before publicly releasing artificial intelligence (AI) tools that may be unreliable, or still in trial phases.
News
Euro politicians question UK’s Data Protection Bill compatibility with GDPR

2024-02-28T09:25:00Z By GRC World Forums

Paul Tang, a Member of the European Parliament, has raised concerns about the UK’s new Data Protection and Digital Information Bill (DPDI) and its potential to undermine elements of the GDPR.
News
Italian city first to receive fine for AI privacy violations

2024-01-29T15:27:00Z By GRC World Forums

The data privacy regulator in Italy has imposed a €50,000 fine on Trento for violating laws regarding the northern city’s use of artificial intelligence (AI) in urban surveillance schemes.

Chinese bank fined for major data protection failings

Topics

Related articles

US state legislators driving AI regulation despite resistance from industry chiefs

US utilities struggling to meet demand of energy-thirsty AI

Banks poised for increased risk due to AI

No comments yet

Only registered users can comment on this article.

More from Data Protection & Privacy

Tech companies in India must get official nod before using “risky” AI

Euro politicians question UK’s Data Protection Bill compatibility with GDPR

Italian city first to receive fine for AI privacy violations