Online Exclusive

General Data Protection Regulation (GDPR)

A new ethical framework for fraud examiners

Most likely, you’ve heard the phrase “leaving a carbon footprint.” We know that traveling, consuming food and even breathing are all activities that release trace amounts of carbon into the atmosphere. The same idea is applicable to a person’s digital footprint. Your digital footprint is the virtual impression of activities you are involved in. Liking your friend’s post on Facebook, purchasing a pair of shoes online, tweeting about how much you loved this year’s #fraudconf — all of these activities are tracked and logged, and combined they are your digital footprint. This is what the GDPR is concerned with: protecting that data.

“The very act of liking a page, the very act of saying ‘I love this,’ may seem arbitrary, but you are sharing information about yourself,” said Andreattah Chuma, compliance and ethics subject matter expert at Euroclear, in her Wednesday-morning session at the 29th Annual ACFE Global Fraud Conference.

The EU General Data Protection Regulation (GDPR) defines personal data as information relating to an identifiable individual, directly or indirectly. That word “indirectly” is important. By having indirect identification in scope, the regulation acknowledges that the traces one leaves behind online aren’t always the obvious descriptors like names and addresses. While this idea is difficult for many organizations to grasp, Chuma stressed that this new direction of data regulation is a good thing for fraud examiners.

GDPR is the ethical way to deal with personal data

Chuma reminded attendees that the ACFE Code of Professional Ethics establishes that “an ACFE member shall not engage in any illegal or unethical conduct...” She then challenged them not to view this new regulation as an inhibitor to their investigations. Rather, she advised that this is a new way to frame investigations with a more ethical perspective.

Many fraud examiners are accustomed to digging deeper into someone’s personal data than the average person. In fact, investigations often require that an examiner follow digital footprints to the truth, much like little breadcrumbs left behind by fraudsters. With this new regulation, fraud examiners should deal with a suspect’s data in a manner they would expect for themselves — in other words, in a way that respects their fundamental human rights.

However, we’re not protecting this data, Chuma reiterated several times, just because it’s a basic human right. We’re protecting it because malicious groups can use this data to harm others. If a hate group wants to target a group based on their race, religion or sexual orientation, they can do that if that data isn’t protected.

Chuma provided an insightful example to drive this point home. Many organizations monitor their clients or customers in order to provide a more personalized shopping experience. However, there should be rules around this process that protect an individual’s data. “I should not see you passing by my house after I’ve visited the grocery store saying, ‘Hi, Andreattah, I saw you had this at the store. I was wondering if you still wanted to buy it.’ ” What if you don’t want the neighbor to see what you’ve been purchasing? What if it’s dangerous for your neighbor to know? It’s the organization’s responsibility, now more than ever, to handle this data with the utmost care.

Chuma advised that fraud examiners should take this as another line of the ACFE Code of Ethics.

Key implications for fraud examiners

A member in the audience asked if he had a website that targets people in the U.S. and Latin America, but someone in Spain finds it and submits their email for a mailing list, does that organization have to comply with the regulation? Chuma very firmly replied that, yes, the organization is responsible for protecting that individual’s data. GDPR applies because the website owner hasn't made it more explicit that he's not targeting EU individuals by allowing them to sign up to the mailing list service. This could be achieved by making it clear on the website or by removing EU countries from the submission form. “The nature of the internet makes it so that we can’t say, ‘I wasn’t talking to you. Go away!’”

She took it further and shared how some websites, after GDPR went into effect, blocked IP addresses from the EU. That’s not a good look, Chuma said. “Is that the message you want to be sending? The cost of compliance is so high that I’m not even willing to do business with you.”

For fraud examiners, it should all come back to the individual and an examiner’s ethical responsibility to protect that individual.

Courtney Howell is the ACFE's community manager. Reach her at

Miss the 29th Annual ACFE Global Fraud Conference? Find articles, videos and photos from the world’s largest gathering of anti-fraud professionals at Fraud Conference News.

 Your Rating:
Your Review:
By Anonymous
In the world of hacking we are the best when it comes to client satisfaction. Cyber hack lord is an experienced online Private Investigator/Ethical Hacker providing investigative solutions and related services to individuals. You might be curious that what hacking group services can provide? .. If you hire a hacker, you will need to be taken along with the progress of the hack till it is completed and that is what we provide at cyber hack lord. We render: University Grades Hack, Bank Account Hacks, Control devices remotely hack, Facebook Hacking Tricks, Gmail, AOL, Yahoo mail, inbox, mobile phone (call and text message Hacking are available) Database Hacking, PC Computer Tricks Bank transfer, Western Union, Money Gram, Credit Card transfer Wiping of Credit, VPN Software, ATM Hack Contact us at:Cyberdemonhacker432
By Anonymous
If you need an hacker you can trust to get the job done, contact He helped me catch my cheating husband and cleared my criminal records when i wanted to get a job, he basically saved my life
By Anonymous
I am excited I took bold step with repairing my credit despite trying Lexington Law and got scammed because the contract of 2 years only got rid of 2 inquiries and credit score went up by just 12pts but after the referrals to use 760pluscreditscore at mail dot com, I got all the negatives removed and collections taken away. Late pays were seen as paid on time and my low score of 424 was upped to 810. The price was worth it. Text 760 Plus Credit Score on 1(304) -774 -5902.
By Martin_Mokaya