A wake-up call about SMALL governance Recently, on social networks in Vietnam, a computer screen shot of a famous artist’s NH account statement related to the incident has attracted a lot of public opinion. Although NH has admitted that its employees spread the word, this is a wake-up call for those working in the banking sector, as well as the leaders of these organizations. In the era of information technology, customer data security can be said to be the most important for banks. Previously, the prestige of the banks was in the solidity of the safes, which were dug deep in the tunnels, through many layers of thick steel doors, resistant to fire and explosion and even earthquakes. Today it is the NH’s security system. Because most assets and liabilities are stored in the form of numbers, lines of data. The disclosure of customer data is often considered an accident of the security system, due to unintentional human error, or due to an external attack. But security risks do not only come from information technology systems. There are three places where security risks arise, that is from a governance perspective in relation to processes, monitoring, information systems, and operations. The above incident shows an error in the operation of the staff, related to the management of the bank. Normally, when signing a work contract, in the contract terms, of course, there must be things that employees must not do, not to mention the business ethics of the industry. And so this is not entirely the fault of the staff, NH is also responsible for regular training, as well as supervision. The consequences of customer data being disclosed are serious on several levels. For example, the bank must be responsible for the damages incurred because the customer account is attacked individually, or the entire information system of the bank is the prey of hackers. Equally important damage is the reputation of NH. As a customer, no one wants to send money or do business with NH but “house” is loose. The more important partners are not. NH is also confused Customer data in banks is the survival of banks. Security is the new generation of “safes”, and the prestige lies in the system, as well as the consciousness and skills of the key holders. In the matter of customer data, banks also have a big confusion between needing a lot of customer data (KYC), security and customer privacy (privacy). Banks themselves also need a lot of KYC, not only to manage risks, but also to develop services to provide to customers, especially cross-selling and value-added services. State regulatory agencies also require banks to perform KYC, mainly for the purpose of anti-money laundering and illegal activities. But when customer data increases, integration from many sources, many systems with heterogeneous standards or formats, is a huge challenge for NH’s information system. Because the more sources, the more “entrances” there are more exposed points, many places can be hacked. The collection of customer data is also met with a certain reaction from them because of privacy. In many developed countries, such as Europe with the General Data Protection Regulation 2016/679 aka GDPR, there is a huge shift from service providers in general and the sector. NH in particular. There are data, currently NH wants to collect the consent of customers. In short, customer data in banks is the survival of banks. The security is a new generation “safe” form, and the prestige lies in the system, as well as the consciousness and skills of the key holders. Domestic banks need to pay attention In terms of customer data security risks, domestic banks compete with each other in technology and there is almost no big difference between banks in the same group, for example, large banks have enough resources to Get the best system. Even later banks have an advantage because technology costs decrease over time. The problem for data security, therefore, mainly lies in the management system of the bank, as well as in the daily operation. In administration, besides processes and monitoring systems, leaders’ awareness of security issues is extremely important. Not only investing properly for the information technology system, leaders must always closely monitor this issue, considering this as their important task. Therefore, there is a need for consistent direction and coordination between the banks’ departments, considering this as the core activity of the bank. In the course of daily operations, it is the awareness and skills of the employees. Periodic and continuous training is absolutely necessary for all employees, especially functions and positions of authority. If the employee is aware of the seriousness of the disclosure of the customer’s account, no employee would dare to act so impulsively, not to mention, besides internal handling, it may also be involved in legal regulations .

Icon of Tik Tok video-sharing application on smartphone screen in Paris, France. Photo: AFP / VNA Former UK children’s commissioner Anne Longfield, and the law firm Scott + Scott, on behalf of children under the age of 13 in the UK and 16 years old in the European Economic Area (EEA) filed a lawsuit against TikTok and the public. parent company ByteDance. The lawsuit alleges TikTok and ByteDance violate the data protection laws of children (GDPR) of the UK and the European Union (EU) and deceive parents about the extent of personal information leakage of the children. kids when they use this app. TikTok’s behavior is believed to affect more than 3.5 million children in the UK. In a statement dated April 21, Ms. Longfield emphasized “TikTok is an extremely popular social media platform that helps children keep in touch with their friends during the past extremely difficult year. Behind the hilarious songs, choreography challenges and the lip-sync movement is something much more damaging. According to her, parents as well as children have the right to personal information, including phone number, physical location and illegally collected videos. The former UK children’s commissioner stated that the lawsuit is intended to force TikTok to “terminate data collection”, and to ask the platform to remove any personal information that has been “illegally processed”. when kids use this app. The lawsuit states that since May 2018, every child using TikTok, regardless of having an account or possible privacy settings, has been illegally collected by ByteDance through TikTok for the benefit of Unidentified third parties. The lawsuit also mentioned recent hefty fines for TikTok in the US and South Korea following cases of child data leaks. In response, TikTok insists the app has “robust policies, procedures and technologies to help protect all users, especially teen users”. TikTok will strongly protect itself, while asserting that privacy and safety are always the “top priority” of this platform.