Issue 45 — Latest in privacy & security

In Today’s Email…

• EU publishes the General-Purpose AI Code of Practice
• Privacy leaders stepping into more strategic roles thanks to AI/tech innovation
• InsurTech Summit experts call on insurers to take lead in AI adoption
• The Bank of England fines Vocalink £11.9M for governance and risk management non-compliance.

Latest in Privacy and Security

• The EU has published its General-Purpose AI Code of Practice to help enterprises voluntarily align with the upcoming wave of EU AI Act rules taking effect on August 2. The 55-page code covers transparency, copyright, and safety/security obligations. It includes a model documentation form detailing data sources, training, and usage, and urges companies to respect anti-scraping tools like robots.txt. The longest section (40 pages) focuses on safety and risk mitigation, requiring extensive documentation kept for at least 10 years. Developed by 13 experts with industry input, the code is meant to guide responsible AI development under the AI Act. Read more
• Insurers must take the lead in AI adoption to stay competitive, experts said at the 2025 InsurTech Summit. While compliance remains critical, the key to success lies in having the right people in place to build, test, and govern AI responsibly. Strong oversight, transparency, and rigorous testing are essential to ensure systems are fair, accurate, and non-discriminatory. Despite fears of job loss or regulatory risk, panelists urged insurers to start working with AI now—those who wait risk being left behind by more agile competitors. With proper governance, insurers can use AI to deliver greater value while managing risk effectively. Read more.
• Privacy leaders are stepping into more strategic roles amid rapid AI and tech innovation, but they still face challenges in being fully heard at the executive level. Once seen purely as a compliance cost, privacy is now key to enabling responsible innovation, operational resilience, and business growth. Embedding privacy early in product design, aligning it with business goals, and translating its impact into measurable value are essential to changing perceptions. To lead in a fast-moving, privacy-conscious world, organizations must elevate privacy from gatekeeping to growth enablement.
  • 80%+ of privacy professionals now oversee AI, cybersecurity, and data ethics
  • AI governance is a top business priority, yet privacy’s value remains under-communicated
  • Embedding privacy early in product development enables faster launches, reduces risk, and builds trust
  • Read more

Regulations / Fines

• The Bank of England has fined Vocalink £11.9M for failing to meet risk management and governance obligations related to a regulatory direction on system controls. Vocalink, which operates UK payment systems, missed its remediation deadline due to weak risk frameworks, poor escalation processes, and governance shortcomings. This marks the Bank’s first fine against a financial market infrastructure firm. The penalty was reduced from £20M due to Vocalink’s cooperation and early admission. Read more

Feature Focus

• Terra True AI transforms privacy & security management by providing several key benefits:
  • Improving accuracy by minimizing human error
  • Boosting productivity by accelerating AI reviews and reclaiming wasted time
  • Increasing relevance by improving information identification
  • Expanding visibility into sensitive data used in training models
  • Read more

Job Board

• Immutable: Senior Security Engineer
• JPMorganChase: Senior Associate - Generative Artificial Intelligence Policy and Governance
• DeepHealth: Regulatory Specialist
• Cantina: Technical Head of Incident Command

Upcoming Events

• AI Governance Summit 2025 | August 7 | Sydney
• IAPP AI Governance Global North America 2025 | September 18-19 | Boston SmartSP 2025 | December 1-2 | Salt Lake City, UT

Need help navigating the AI governance jungle?

Protect against third-party risks. Talk with our experts.