The Repository @ St. Cloud State

Open Access Knowledge and Scholarship

Date of Award


Culminating Project Type

Starred Paper

Degree Name

Information Assurance: M.S.


Information Assurance and Information Systems


Herberger School of Business

First Advisor

Susantha Herath

Second Advisor

Lynn Collen

Third Advisor

Nimantha Manamperi

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Keywords and Subject Headings

privacy, information security, finance


Information security and privacy regulation are significant areas of legislation in the financial and micro-finance sectors in the world. There are significant disparities between the developed and developing countries concerning adoption and application of the data protection laws. The developed world has exemplified its laws in the General Data Protection Regulation (GDPR) clause of the European Union that comes into effect on May 18, 2018. In the US, the main law has been the Gramm-Leach-Bliley Act (GLBA) of the late 1990s. The developing countries, on the other hand, exhibit slow drafting of new finance and micro-finance privacy laws and still use policies of the 1990s. The purpose of the study is, therefore, to examine the effectiveness of privacy and data protection laws in finance and micro-finance sectors in the developed and developing parts of the world in the current technological era. The method of the study is a mixed qualitative and quantitative assessment of case studies of recent literature on the subject. Each case study will feature the variables of the presence of privacy laws and information security regulations, and the level of enforcement of those regulations that inform the statistics. The other variable will be the level of effectiveness of the application of privacy and information security laws in developed and developing nations based on case study outcomes. The results indicate that out of 10 examined cases, six show failures of the laws in developing nations while 1 shows failure in a developed nation (South Korea) and 1, in the US, presents mixed results. The recommendations include the adoption of international laws that govern data security in the financial sector, such as the current GDPR of the European of Union.