• Home
  • Feature Stories
  • Gaming Profile
  • New Products
  • Facility Profile
  • E-News
  • Advertise
  • Subscribe
  • Contact Us
You are here >   House Rules: Don’t Gamble with Data
  
 
For advertising information, please contact
Richard Swayze
 
 

 

Finance & Investment - Archives
House Rules: Don’t Gamble with Data
Email
Leave a comment
  
 

As lotteries globally transform their businesses to capitalize on the estimated US$30 billion market (2012)1 for online gaming, risk-savvy organizations are helping to ensure that data security and privacy are not being left to chance. 

Many companies treat IT security and privacy as similar concerns; thus, many believe that with the right IT security safeguards in place, privacy is also protected. While the two areas are interrelated, privacy risks are inherently broader and require more complex compliance requirements than even the most sophisticated technologies can accommodate. Left unmitigated, these privacy risks can also have unparalleled consequences. Operators can face sanctions or fines from the information privacy commissioner, loss of revenue due to decreased customer confidence, or civil action which can give rise to legal and public relations challenges. 

 

 

 

Key high-level concerns identified by KPMG include:

Player validation

Online gaming challenges one's ability to validate a player’s identity and age, and thus conduct business in alignment with sound, responsible gaming ethics and legal requirements. 

Compounding this issue is a legally mandated requirement to “respect” an individual’s privacy. Canadian organizations are permitted to collect personal data for legitimate business purposes, but are subject to certain rules that protect the information under federal and provincial laws. Specifically, the Personal Information Protection and Electronic Documents Act (PIPEDA) requires organizations to inform users of the data that will be collected and how it will be used. Users have a right to control the data, request changes or deletions, and limit its use and disclosure. As such, operators must carry out their authentication processes for online gaming systems in a transparent and non-obtrusive manner.
 

Transparency and accountability 

While valuable to operators, collecting personal information is not as straightforward as simply collecting and analyzing player transactions, as doing so may violate the user’s rights under PIPEDA, as well as pose additional privacy, technical, regulatory, and social risks. Organizations must be careful to maintain transparency and accountability by giving users clear notice, obtaining their consent, and implementing internal controls to ensure the organization is honouring its privacy commitments. 

Regulatory compliance with respect to transactional data

Online gaming organizations that collect and process credit card transactions must do so in compliance with Payment Card Industry Data Security Standard (PCI DSS) regulations. Those that neglect to do so risk losing the ability to process credit card transactions, rendering them unable to continue to offer online gaming. 

Additionally, moving gaming activities online means operating in an already highly regulated industry. In some cases, the requirements of one regulation can directly conflict with another, leaving organizations to sort through complex legal, technological, and operational issues. In short: the collection and use of personal identifiable information must be fair, lawful, and for legitimate business purposes. Security and privacy safeguards must be in place to prevent the loss or unauthorized use of data, and organizations must strive to comply with regulatory requirements without compromising their commitments to customers.In an environment where an individual’s privacy is sacrosanct, lottery and gaming operators will benefit from developing balanced controls that ensure integrity and transparency when dealing with the privacy-related concerns created by online gaming. Specifically, operators can reduce exposure to risk by implementing clear codes of conduct that address the complex social and ethical challenges, and by also implementing programs, tools, resources, and technology that will help them respond to regulatory and compliance requirements, offer enhanced player protection, and improve their online gaming experience.

By proactively dealing with these issues, a lottery operator can more safely and prudently access the significant online markets.

By Lauren Easom (CIPP, CISA) & Louie Velocci (CA-CISA, CISSP, CAA, GCFA, CGEIT)  - KPMG

  < Back     Copyright © Canadian Gaming Business Magazine. All rights reserved.  



 
Google
-


|   Login