Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Transparency. Show all posts
Trust
AI Automation Biometrics consent Cybersecurity Data Ethics Intelligence Privacy Regulation Security surveillance Technology Transparency Trust

Public Wary of AI-Powered Data Use by National Security Agencies, Study Finds

 

A new report released alongside the Centre for Emerging Technology and Security (CETaS) 2025 event sheds light on growing public unease around automated data processing in national security. Titled UK Public Attitudes to National Security Data Processing: Assessing Human and Machine Intrusion, the research reveals limited public awareness and rising concern over how surveillance technologies—especially AI—are shaping intelligence operations.

The study, conducted by CETaS in partnership with Savanta and Hopkins Van Mil, surveyed 3,554 adults and included insights from a 33-member citizens’ panel. While findings suggest that more people support than oppose data use by national security agencies, especially when it comes to sensitive datasets like medical records, significant concerns persist.

During a panel discussion, investigatory powers commissioner Brian Leveson, who chaired the session, addressed the implications of fast-paced technological change. “We are facing new and growing challenges,” he said. “Rapid technological developments, especially in AI [artificial intelligence], are transforming our public authorities.”

Leveson warned that AI is shifting how intelligence gathering and analysis is performed. “AI could soon underpin the investigatory cycle,” he noted. But the benefits also come with risks. “AI could enable investigations to cover far more individuals than was ever previously possible, which raises concerns about privacy, proportionality and collateral intrusion.”

The report shows a divide in public opinion based on how and by whom data is used. While people largely support the police and national agencies accessing personal data for security operations, that support drops when it comes to regional law enforcement. The public is particularly uncomfortable with personal data being shared with political parties or private companies.

Marion Oswald, co-author and senior visiting fellow at CETaS, emphasized the intrusive nature of data collection—automated or not. “Data collection without consent will always be intrusive, even if the subsequent analysis is automated and no one sees the data,” she said.

She pointed out that predictive data tools, in particular, face strong opposition. “Panel members, in particular, had concerns around accuracy and fairness, and wanted to see safeguards,” Oswald said, highlighting the demand for stronger oversight and regulation of technology in this space.

Despite efforts by national security bodies to enhance public engagement, the study found that a majority of respondents (61%) still feel they understand “slightly” or “not at all” what these agencies actually do. Only 7% claimed a strong understanding.

Rosamund Powell, research associate at CETaS and co-author of the report, said: “Previous studies have suggested that the public’s conceptions of national security are really influenced by some James Bond-style fictions.”

She added that transparency significantly affects public trust. “There’s more support for agencies analysing data in the public sphere like posts on social media compared to private data like messages or medical data.”
Read more »
Transparency
Cyber Security Data Breaches Financial Institutions SEC Regulations Transparency

Financial Institutions Now Required to Disclose Breaches Within 30 Days

Financial Institutions Now Required to Disclose Breaches Within 30 Days

The 30-Day Deadline

The Securities and Exchange Commission (SEC) is demanding financial institutions to report security vulnerabilities within 30 days of discovering them.

Why the Change?

On Wednesday, the SEC adopted revisions to Regulation S-P, which controls how consumers' personal information is handled. The revisions require institutions to tell individuals whose personal information has been compromised "as soon as practicable, but no later than 30 days" after discovering of illegal network access or use of consumer data. The new criteria will apply to broker-dealers (including financing portals), investment businesses, licensed investment advisers, and transfer agents.

"Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially. These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for the investor,” said SEC Chair Gary Gensler. 

Challenges and Compliance

Notifications must describe the occurrence, what information was compromised, and how impacted individuals can protect themselves. In what appears to be a loophole in the regulations, covered institutions are not required to provide alerts if they can demonstrate that the personal information was not used in a way that caused "substantial harm or inconvenience" or is unlikely to do so.

The revisions compel covered institutions to "develop, implement, and maintain written policies and procedures" that are "reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information." The amendments include:

The standards also increase the extent of nonpublic personal information protected beyond what the firm gathers. The new restrictions will also apply to personal information received from another financial institution.

SEC Commissioner Hester M. Peirce expressed concern that the new regulations could go too far.

Best Practices

"Today’s Regulation S-P modernization will help covered institutions appropriately prioritize safeguarding customer information," she said. "Customers will be notified promptly when their information has been compromised so they can take steps to protect themselves, like changing passwords or keeping a closer eye on credit scores. My reservations stem from the rule's breadth and the likelihood that it will spawn more consumer notices than are helpful."

Regulation S-P has not been substantially modified since its adoption in 2000.

Last year, the SEC enacted new laws requiring publicly traded businesses to disclose security breaches that have materially affected or are reasonably projected to damage business, strategy, or financial results or conditions.

Read more »
Subscribe to: Posts (Atom)