Data Protection Report

JANUARY 18, 2024

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

Cybersecurity 110

Cybersecurity Financial Services Compliance Encryption 110

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. Consumer Disclosures.

Insurance 68

Insurance Financial Services Compliance Retail 68

Security Affairs

APRIL 10, 2019

SAP released the April 2019 Security Patch Day that is included 6 Security Notes, two of which address High severity flaws in Crystal Reports and NetWeaver. SAP released 6 Security Notes as part of the April 2019 Security Patch Day, two of which address High severity flaws in Crystal Reports and NetWeaver.

Security 67

Security Financial Services Risk Access 67

Security Affairs

MAY 15, 2019

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. ” reads the security advisory for the CVE-2019-0301. .” ” reads the security advisory for the CVE-2019-0301. SecurityAffairs – SAP Security Patch Day for May 2019 ).

Security 68

Security Financial Services Risk IT 68

Krebs on Security

AUGUST 13, 2021

Dubbed “ Antinalysis,” the service purports to offer a glimpse into how one’s payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people. ET: Corrected the story to note that AMLBot has been around since 2019.

Blockchain 304

Blockchain Analytics Marketing Ransomware 304

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Data Matters

SEPTEMBER 4, 2019

The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019. The amended regulation took effect on August 1, 2019, for annuity products and will become effective on February 1, 2020, for life insurance products.

Insurance 68

Insurance Paper Risk Analytics 68

The Last Watchdog

AUGUST 22, 2019

I had an evocative discussion at Black Hat USA 2019 with Andy Byron, president of Lacework, a Mountain View, CA-based start-up that has raised $32 million in venture capital to help companies address these conflicting imperatives. The massive transformation that’s happening right now introduces a lot of risk.

Digital transformation 147

Digital transformation Compliance Risk Security 147

Collibra

FEBRUARY 11, 2020

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk. For example, in December 2019, Outsourcing and Third Party Risk Management was launched by the Bank of England.

Financial Services 59

Financial Services Digital transformation Personal data Compliance 59

Hunton Privacy

MARCH 11, 2021

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Data breaches 97

Data breaches Cybersecurity Financial Services Personal data 97

Data Protection Report

JUNE 2, 2021

On May 13, 2021, the New York Department of Financial Services (NYDFS) announced a $1.8 million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Affiliate #1 notified NYDFS on November 25, 2019.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Thales Cloud Protection & Licensing

NOVEMBER 22, 2021

trillion in 2019 to $5.2 To compete, financial institutions are investing heavily in digital transformation. The full digitization of contracts, subscriptions and consumption of services. This drive towards digital transformation allowed financial services to be one of the sectors that better weathered the Covid 19 pandemic.

Digital transformation 71

Digital transformation Financial Services Customer Experience Risk 71

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. enable companies to identify cybersecurity risks and incidents. evaluate the significance associated with such risks and incidents.

Cybersecurity 68

Cybersecurity Financial Services Risk Compliance 68

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. According to the consent order, the matter began when NSC reported a cybersecurity event to NYDFS on October 23, 2019. The second incident occurred in March of 2019.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

The Last Watchdog

MAY 17, 2021

In pulling off that milestone hack, Paige Thompson took advantage of CapOne’s lack of focus on cloud security as the banking giant rushed headlong into leveraging Amazon Web Services. Luckily, Thompson left an easy trail for the FBI to follow and affect her arrest in August 2019. Here are the key takeaways: Cloud migration risks.

Cloud 214

Cloud Security Risk Financial Services 214

Data Matters

DECEMBER 4, 2019

On November 18, 2019, the UK Jurisdiction Taskforce, which is part of The English Law Society’s LawTech Delivery Panel , published its Legal Statement on the status of cryptoassets and smart contracts (the Legal Statement). 9 “ESMA Advice: Initial Coin Offerings and Crypto-Assets,” January 9, 2019. See [link]. Available at [link].

Blockchain 60

Blockchain Financial Services Healthcare Marketing 60

Data Matters

DECEMBER 4, 2019

On November 18, 2019, the UK Jurisdiction Taskforce, which is part of The English Law Society’s LawTech Delivery Panel , published its Legal Statement on the status of cryptoassets and smart contracts (the Legal Statement). 9 “ESMA Advice: Initial Coin Offerings and Crypto-Assets,” January 9, 2019. See [link]. Available at [link].

Blockchain 60

Blockchain Financial Services Healthcare Marketing 60

Security Affairs

MARCH 17, 2020

. “Whatever the intended purpose of this database was, over 500,000 highly sensitive and private legal and financial documents were exposed, compromising numerous parties to the risk of fraud and theft.” The researchers discovered the unsecured database in December 2019. ” reads the post published by vpnMentor.

Financial Services 110

Financial Services Access Privacy Security 110

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity 85

Cybersecurity Risk Financial Services Insurance 85

Data Matters

MARCH 28, 2022

For example, the number of breaches of unsecured electronic Personal Health Information (“ePHI”) reported to the OCR affecting 500 or more individuals due to hacking or IT incidents increased 45% from 2019 to 2020. implement stronger authentication solutions, such as multi-factor authentication. 45 CFR 164.308(a)(5)(i).

Cybersecurity 88

Cybersecurity Privacy Insurance Risk 88

eDiscovery Daily

OCTOBER 21, 2019

As we noted yesterday , the 2019 Relativity Fest conference is going on this week, CloudNine is once again here as a Sponsor and Exhibitor and I will be covering the show for eDiscovery Daily. The 2019 International Panel. Let’s check out some of the sessions lined up for today (including the one I’m speaking at!).

e-Discovery 45

e-Discovery e-Delivery GDPR Education 45

Krebs on Security

OCTOBER 24, 2019

based Cachet threw much of its customer base into disarray when it said its bank was no longer willing to risk another MyPayrollHR debacle, and that customers would need to wire payroll deposits instead of relying on the usual method of automated clearinghouse (ACH) payments (essentially bank-to-bank checks). 1, 2019 to Aug.

Communications 166

Communications Financial Services Insurance Risk 166

The Last Watchdog

MARCH 26, 2019

Pick any company in any vertical – financial services, government, defense, manufacturing, insurance, healthcare, retailing, travel and hospitality – and you’ll find employees, partners, third-party suppliers and customers all demanding remote access to an expanding menu of apps — using their smartphones and laptops.

Security 145

Security Digital transformation Financial Services Risk 145

erwin

DECEMBER 20, 2018

Whether implemented as preventative measures (risk management and regulation) or proactive endeavors (value creation and ROI), the benefits of a data governance initiative is becoming more apparent. for Financial Services. www.erwin.com/blog/data-governance-2-0-financial-services/. Data Governance 2.0

Government 40

Government Financial Services GDPR Data breaches 40

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must implement risk-based policies, procedures and controls designed to monitor the activity of authorized users and detect their unauthorized access or use of, or tampering with, nonpublic information. Final Implementation date March 1, 2019. Monitoring of Authorized Users (Section 500.14(a)).

Cybersecurity 65

Cybersecurity Encryption Financial Services Compliance 65

Data Matters

OCTOBER 8, 2020

Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory that highlights the risk of potential U.S. September 2019: the North Korea-sponsored Lazarus Group, creator of WannaCry 2.0. December 2019: Evil Corp and its leader Maksim Yakubets, creators of Dridex. On October 1, 2020, the U.S.

Ransomware 68

Ransomware Compliance Risk Government 68

ARMA International

NOVEMBER 7, 2019

This article summarizes a report published by AIEF on June 26, 2019. The scope of a records and information management (RIM) program in financial services can seem overwhelming. Financial Services Industry Overview. Drivers for RIM in Financial Services. financial institutions.

Financial Services 52

Financial Services Communications Compliance Risk 52

Data Protection Report

DECEMBER 23, 2019

In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. Likewise, the New York State Department for Financial Services regulations requires relevant entities to have appropriate record retention policies and procedures. Why should this be a high priority project? In the U.S.,

Privacy 144

Privacy Compliance Personal data Risk 144

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. Although organizations should consider the optics of partial implementation, companies should not forgo the risk mitigation of incremental improvements. (2) In total, information for approximately 2.1 Background.

Passwords 98

Passwords Financial Services Authentication Insurance 98

Thales Cloud Protection & Licensing

JANUARY 26, 2021

As reported in the UK Finance “Fraud: The Facts” 2020 report, the theft of personal and financial data through data breaches was a major contributor to fraud losses in 2019. The SCA mandate is complemented by some limited exemptions that aim to support a frictionless customer experience when transaction risk is low.

Security 143

Security Retail Authentication Big data 143

Info Source

JULY 6, 2023

t starts with the prospect, who has researched alternatives based on her/his specific needs selecting a financial services provider and type of loan and submitting a request. The financial services institute requests a proof of identity and documentation to ensure that the person qualifies e.g., proof of residence, income etc.

Customer Experience 52

Customer Experience Communications Financial Services Insurance 52

ARMA International

DECEMBER 26, 2019

Highlights of the Forrester Research and ARMA International Records Management Online Survey, Q4 2019. 2019 marks ten years since ARMA International and Forrester Research first surveyed records and information management (RIM) decision-makers to understand the key trends and challenges facing the profession.

Content services 76

Content services Cloud Records Management Privacy 76

Data Protection Report

JANUARY 6, 2020

2019 saw a number of developments in the area of cookies which can’t be ignored. As a result, organisations need to revisit their current cookie consent mechanisms and notices and reassess their appetite to risk. Don’t let the Cookies crumble! Conquer the world! GDPR wasn’t the beginning and it’s definitely not the end.

Privacy 84

Privacy GDPR Data breaches Risk 84

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must implement risk-based policies, procedures and controls designed to monitor the activity of authorized users and detect their unauthorized access or use of, or tampering with, nonpublic information. Final Implementation date March 1, 2019. Monitoring of Authorized Users (Section 500.14(a)).

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

HL Chronicle of Data Protection

OCTOBER 4, 2018

Covered Entities must implement risk-based policies, procedures and controls designed to monitor the activity of authorized users and detect their unauthorized access or use of, or tampering with, nonpublic information. Final Implementation date March 1, 2019. Monitoring of Authorized Users (Section 500.14(a)).

Cybersecurity 40

Cybersecurity Encryption Financial Services Compliance 40

The Last Watchdog

SEPTEMBER 10, 2019

We met at Black Hat USA 2019 , where Baffin Bay touted its cloud-first, full-stack suite of threat protection services. million and grown to 42 employees, winning customers in leading media firms, financial services companies and government agencies in the Nordics.

Cloud 171

Cloud Security Digital transformation Financial Services 171

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. March 1, 2019 – the two year transitional period ends.

Cybersecurity 53

Cybersecurity Compliance Financial Services Insurance 53