2020, Blog, Financial Services and Security - Information Management Today

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. individuals and businesses comply with ransomware payment demands in this October 2020 client alert.) The post New York Department of Financial Services Issues First Guidance by a U.S. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Fintechs turn to AI and cloud as steadfast forces for innovation

IBM Big Data Hub

AUGUST 10, 2023

By prioritizing resiliency, performance, security and compliance, fintechs are helping to revolutionize the way financial services are delivered. Founded in the UK in 2020, MySocialPulse has continued to scale its business by leveraging both cloud and AI technologies from IBM.

Cloud

Cloud Financial Services Artificial Intelligence Digital transformation

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

By adding these two global market leaders, we are expanding our expertise to better support our clients with the ever growing risks associated with national security and cybersecurity matters across our multi-disciplinary practices.”. political parties. political parties.

Cybersecurity

Cybersecurity Marketing Security Privacy

Hindsight is 2020. Looking back so we can move forward

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

2020 ends a decade, and the new year prompted me to think “Wow it’s been two decades since we started Vormetric.” Data security is still a problem. Vormetric and the technologies and products we built over the years solved a lot of those low level security problems in the old “operating system” world. And what’s to come?

Cloud

Cloud Government Financial Services Access

EU Publishes New NIS2 Cyber Directive Imposing Liability and Obligations on Senior Management

Data Matters

JANUARY 19, 2023

On 17 January 2023, the new Network and Information Systems Security Directive (“ NIS2 Directive ”), which is aimed at establishing a minimum level of cybersecurity standards across the EU and is set to replace its predecessor (the NIS or “ NIS1 Directive ” ), entered into force.

Financial Services

Financial Services Cybersecurity Ransomware Marketing

Microsoft partnered with other security firms to takedown TrickBot botnet

Security Affairs

OCTOBER 12, 2020

Microsoft’s Defender team, FS-ISAC , ESET , Lumen’s Black Lotus Labs , NTT , and Broadcom’s cyber-security division Symantec joint the forces and announced today a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. ” reads the post published by Microsoft.

Security

Security Financial Services Ransomware Access

New Anti Anti-Money Laundering Services for Crooks

Krebs on Security

AUGUST 13, 2021

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero , a cryptoasset offering heightened anonymity,” he wrote. But with countless criminals now making millions from ransomware, there is certainly a vast, untapped market for services that help those folks improve their operational security.

Blockchain

Blockchain Analytics Marketing Ransomware

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

eSecurity Planet

AUGUST 22, 2021

Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the financial services space. DDoS Attacks on the Rise. That prediction proved correct.

Financial Services

Financial Services IoT Education Passwords

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation. In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector.

Risk

Risk Data breaches Authentication Financial Services

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. In September financial services companies faced the largest set of regulations in the process thus far. Looking Ahead to 2019 and 2020. September Checklist, March Reminder.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Congratulations to Sidley’s Newest Partners!

Data Matters

DECEMBER 16, 2019

Congratulations to our 30 colleagues, including Kate Heinzelman and Tomoki Ishiara , for their election to the Sidley Austin partnership , effective January 1, 2020. appeared first on Data Matters Privacy Blog. Tomoki works out of Sidley’s Tokyo office and supports our global privacy practice in the Asian market.

Energy and Utilities

Energy and Utilities Privacy Financial Services Data Privacy

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The challenge of the moment is that many companies already have their hands full trying to improve their security posture as they migrate their legacy, on premises, IT systems to the cloud. The operating systems of home IoT devices today typically get shipped with minimal logon security. This is a sign of IoT attacks to come.

IoT

IoT Passwords Artificial Intelligence Risk

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

For example, the number of breaches of unsecured electronic Personal Health Information (“ePHI”) reported to the OCR affecting 500 or more individuals due to hacking or IT incidents increased 45% from 2019 to 2020. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post ). Data localisation issues are also set to resurface during 2020. Brace yourself (for export turbulence). Don’t let the Cookies crumble!

Privacy

Privacy GDPR Data breaches Risk

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020. Many articles and blogs portray the adequacy decision as finally allowing free personal data flow between the EU and US companies, without the implementation of additional data protection safeguards.

Data Privacy

Data Privacy Personal data Privacy Cloud

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! The Advocate General (AG) delivered his non-binding opinion on the SCCs just before Christmas (see our blog post ). Data localisation issues are also set to resurface during 2020. Brace yourself (for export turbulence). Don’t let the Cookies crumble!

Privacy

Privacy GDPR Data breaches Risk

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

erwin

JANUARY 7, 2021

Unexpected, unprecedented and disruptive, 2020 required radical transformation – within global organizations and our day-to-day lives. Workplace Humanity: In 2020, the boundaries separating work from the rest of our lives shrank considerably. I think it’s fair to say that we’re all glad to usher in a New Year.

Metadata

Metadata Artificial Intelligence Compliance Government

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

On October 1, 2020, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), OFAC is sending a clear signal that making ransomware payments with a sanctions nexus threatens U.S. financial institutions or firms that perform “critical financial services.”. 1, 2020, [link].

Ransomware

Ransomware Compliance Risk Government

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

Some suggest the California Consumer Privacy Act (CCPA), which takes effect January 1, 2020, sets a precedent other states will follow by empowering consumers to set limits on how companies can use their personal information. California recently passed a law that gives residents the right to control the data companies collect about them.

GDPR

GDPR e-Discovery Compliance Metadata

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

Security awareness training still has a place to play here." Email and other elements of software infrastructure offer built-in fundamental security that largely guarantees we are not in danger until we ourselves take action," Tyson writes. back in 2020. Is the email enticing you to click on a link?'

Phishing

Phishing Security awareness Insurance Cybersecurity

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

Data Matters

MAY 21, 2020

Coronavirus Aid, Relief and Economic Security Act-related fraud or other COVID-19-related financial crime : Contact local U.S. Secret Service field office. Financial institutions should look closely at the red flags provided in the Advisory. Cyber- and internet-related crime : Contact FBI Crime Compliant Center.

e-Discovery

e-Discovery Government Cybersecurity Financial Services

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

On January 28, 2021, the UK Financial Conduct Authority (FCA) published Consultation Paper CP21/3 , “Changes to the SCA-RTS and to the guidance in ‘Payment Services and Electronic Money – Our Approach’ and the Perimeter Guidance Manual” (Consultation Paper). 1 See further our Update of May 4, 2020. Temporary COVID Guidance.

Authentication

Authentication Paper Risk Insurance

Regulatory Update: NAIC Fall 2020 National Meeting

Data Matters

DECEMBER 28, 2020

The National Association of Insurance Commissioners (NAIC) held its Fall 2020 National Meeting (Fall Meeting) December 3-9, 2020. 43R —Loan-Backed and Structured Securities. As a result of the continuing COVID-19 pandemic, the NAIC once again met in a virtual format. 25 — Affiliates and Other Related Parties; SSAP No.

Insurance

Insurance Paper Risk Analytics

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Congratulations to Sidley’s Newest Partners!

Data Matters

DECEMBER 16, 2019

Congratulations to our 30 colleagues, including Kate Heinzelman and Tomoki Ishiara , for their election to the Sidley Austin partnership , effective January 1, 2020. appeared first on Data Matters Privacy Blog. Tomoki works out of Sidley’s Tokyo office and supports our global privacy practice in the Asian market.

Energy and Utilities

Energy and Utilities Privacy Financial Services Data Privacy

Modernizing payments without disrupting legacy checks systems

IBM Big Data Hub

FEBRUARY 5, 2024

Across the globe, financial institutions are rapidly modernizing to deliver secure, seamless payment experiences that meet the demands of digital-first consumers. Financial institutions face the challenge of enabling digital payments while simultaneously managing existing payment capabilities like checks.

Financial Services

Financial Services Cloud Risk Compliance

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Info Source

MARCH 16, 2022

They have been able to secure impressive amounts of VC funding and valuation levels that were unheard of in the Information Capture market. As recently as five years ago, Cloud Capture Services made up less than 7% of the global Capture Software market. We expect a continued growth in adoption, in 2022 and beyond.

Information capture

Information capture Marketing Digital transformation Cloud

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

Info Source

MARCH 16, 2022

They have been able to secure impressive amounts of VC funding and valuation levels that were unheard of in the Information Capture market. As recently as five years ago, Cloud Capture Services made up less than 7% of the global Capture Software market. We expect a continued growth in adoption, in 2022 and beyond.

Information capture

Information capture Marketing Digital transformation Cloud

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

Determining whether information a financial institution processes is covered by the exemption or not can be challenging and is something that financial institutions will need to analyze for their operations. Background. The legislature also clarified that the exemption does not apply to the data breach liability provisions of the CCPA.

Privacy

Privacy Financial Services Compliance Data breaches

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

Data Matters

MARCH 23, 2020

On March 5, 2020, the Office of the Comptroller of the Currency (OCC) issued an updated set of answers to frequently asked questions (FAQs) 1 regarding risk management in national bank relationships with third parties to further supplement its 2013 guidance, OCC Bulletin 2013-29 (the Bulletin), 2 and its 2017 FAQs (Prior FAQs) on the topic.

Risk

Risk Cloud Compliance Marketing

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No.

Insurance

Insurance Cybersecurity Risk Education

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

For example, Brazil expects data protection legislation to come into effect in 2020, joining the likes of Argentina, Mexico, Uruguay, Colombia, Antigua, the Bahamas, Bermuda, the Dominican Republic, St. This comprehensive data privacy law wave has already reached parts of Latin America and the Caribbean. An Overview of the BDPA.

Personal data

Personal data GDPR Data Privacy Privacy

3 keys to building a robust hybrid cloud risk strategy

IBM Big Data Hub

OCTOBER 23, 2023

There are three keys to developing a successful hybrid cloud risk management strategy : security, compliance and resiliency. Security: Keeping sensitive data and workloads safe Protecting critical data amid a heightened threat landscape is top of mind for many business leaders, and for good reason. But what does such a strategy entail?

Cloud

Cloud Risk Compliance Data breaches

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Security Affairs

MAY 24, 2023

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks. Five out of eight compromised websites were hosted by the uPress hosting service, which was hit by a cyber attack carried out by the Iranian group Emennet Pasargad5, “Hackers of Savior”, in 2020.

Financial Services

Financial Services Security Cybersecurity IT

How generative AI delivers value to insurance companies and their customers

IBM Big Data Hub

DECEMBER 1, 2023

They must comply with an increasing regulatory burden, and they compete with a broad range of financial services companies that offer investment products that have potential for better returns than traditional life insurance and annuity products.

Insurance

Insurance Digital transformation Customer Experience Cloud

Regulatory Update: NAIC Summer 2019 National Meeting

Data Matters

SEPTEMBER 4, 2019

Securities and Exchange Commission on June 5, 2019, broker-dealers and associated persons are required to act in the best interest of a retail customer when recommending a securities transaction or investment strategy involving securities to a retail customer. regulators continue to voice support for the evaluation of the U.S.

Insurance

Insurance Paper Risk Analytics

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

On December 15, 2020, the U.S. Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR).

Security

Security Cybersecurity Insurance Communications

Top Data Management Trends for Chief Data Officers (CDOs)

erwin

MARCH 18, 2021

The role of chief data officer (CDO) is becoming essential at forward-thinking organizations — especially those in financial services — according to “ The Evolving Role of the CDO at Financial Organizations: 2021 Chief Data Officer (CDO) Study ” just released by FIMA and sponsored by erwin. Manual processes remain.

Metadata

Metadata Compliance Government Financial Services

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

The AG was granted an additional six months to adopt implementing regulations for the CCPA, extending the original deadline from January 1 to July 1, 2020. provide additional CCPA analyses and reports. Immediate preemptive effect. The original exemption did not address protected health information collected by business associates.

Privacy

Privacy Compliance GDPR Data breaches

Top Data Management Trends for Chief Data Officers (CDOs)

erwin

MARCH 18, 2021

The role of chief data officer (CDO) is becoming essential at forward-thinking organizations — especially those in financial services — according to “ The Evolving Role of the CDO at Financial Organizations: 2021 Chief Data Officer (CDO) Study ” just released by FIMA and sponsored by erwin. Manual processes remain.

Metadata

Metadata Compliance Government Financial Services

Reltio Advances in Gartner Magic Quadrant for MDM Solutions

Reltio

FEBRUARY 3, 2021

The Reltio Connected Data Platform provides agility, scale, simplicity, security, and performance unmatched by competitors. Reltio had a record year ending December 31, 2020 and is on target to reach Annual Recurring Revenue (ARR) of $100M in the next 12 months. . I wrote about GPI in a blog last month. . Methodology Matters.

MDM

MDM Cloud Marketing B2C

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Trending Sources

Fintechs turn to AI and cloud as steadfast forces for innovation

Webinars

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Hindsight is 2020. Looking back so we can move forward

EU Publishes New NIS2 Cyber Directive Imposing Liability and Obligations on Senior Management

Microsoft partnered with other security firms to takedown TrickBot botnet

New Anti Anti-Money Laundering Services for Crooks

Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack

Risk Management under the DORA Regulation

NYDFS Cybersecurity Regulations: A glimpse into the future

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Congratulations to Sidley’s Newest Partners!

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

The Privacy Officers’ New Year’s Resolutions

Navigating the EU-US Data Protection Framework

The Privacy Officers’ New Year’s Resolutions

erwin’s Predictions for 2021: Data Relevance Shines at the End of the Tunnel

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Keeping Up with New Data Protection Regulations

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Regulatory Update: NAIC Fall 2020 National Meeting

New York Enacts Stricter Data Cybersecurity Laws

Congratulations to Sidley’s Newest Partners!

Modernizing payments without disrupting legacy checks systems

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

8 Interesting Predictions for the Intelligent Information Capture Market in 2022

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

3 keys to building a robust hybrid cloud risk strategy

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

How generative AI delivers value to insurance companies and their customers

Regulatory Update: NAIC Summer 2019 National Meeting

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Top Data Management Trends for Chief Data Officers (CDOs)

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

Top Data Management Trends for Chief Data Officers (CDOs)

Reltio Advances in Gartner Magic Quadrant for MDM Solutions

Stay Connected