Access, Data collection, Insurance and Security

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Data breached: 4,186,879,104 messages. Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Honor, Huawei, iFlytek, OPPO, Samsung Electronics, Tencent, Vivo and Xiaomi Technology.

Data Privacy

Data Privacy Privacy Manufacturing Security

34 Most Common Types of Network Security Protections

eSecurity Planet

MARCH 17, 2023

Whether you’re operating a global enterprise network or a small family business, your network’s security needs to be optimized with tools, teams, and processes to protect customer data and valuable business assets. Also read: What is Network Security?

Security

Security Encryption Analytics Cloud

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

To fulfill these principles, data protection strategies generally focus on the following three areas: Data security —protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. Data breach victims also frequently face steep regulatory fines or legal penalties.

Data breaches

Data breaches GDPR Compliance Encryption

The Hacker Tool to Get Personal Data from Credit Bureaus

Schneier on Security

SEPTEMBER 7, 2023

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header.

Personal data

Personal data Insurance Access Data collection

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

For example, they can decline to have their data shared with third parties while allowing the app to generate personalized offers. The app heavily encrypts all user financial data. Only administrators can access customer data on the backend. Even if the data is stolen in a cyberattack , hackers can’t use it.

Data Privacy

Data Privacy Privacy GDPR Personal data

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Provides certain exemptions from public disclosure for materials provided to the state in response to an investigation of a breach of security. credit or debit card number, or any financial account number in combination with any required security code, access code or password that would permit access to such financial account.

Data breaches

Data breaches IT Insurance Passwords

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

NOVEMBER 20, 2013

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”).

Insurance

Insurance Personal data Authentication Records Management

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Until recently, I was fairly active on Twitter , regularly tweeting to more than 350,000 followers about important security news and stories here. 19th story IRS Will Soon Require Selfies For Online Access goes immediately viral for pointing out something that apparently nobody has noticed on the U.S.

Passwords

Passwords Ransomware Computer and Electronics Encryption

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity

Cybersecurity Privacy Insurance Risk

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. would be permanently deleted.

Government

Government Insurance Data collection Paper

Driving Conversations Around Careers In Telematics

Information Governance Perspectives

APRIL 5, 2023

Wireless telematics devices and “black box” technologies collect and transmit data on vehicle use, maintenance requirements, and automotive servicing. John Danenberger, CPCU, is Corporate Counsel at State Farm Insurance and specializes in addressing emerging issues around telematics. What’s it like to work in this field?

Insurance

Insurance Military Artificial Intelligence Manufacturing

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

For example, the government alleged that the company placed personal information “in a shared electronic folder, which unauthorized persons whom Cerebral has been unable to identify accessed multiple times” In addition, “former employees and contractors accessed 266 patient files using access credentials Cerebral failed to revoke.”

Personal data

Personal data Privacy Information governance Compliance

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Main takeaways from the EDBP guidelines are: Connected vehicles raise various privacy and data protection concerns, such as the lack of control and information asymmetry, the risk of excessive data collection; the risk of unlawful further processing of personal data; Most data associated with connected vehicles are considered as personal data (e.g.

Privacy

Privacy Personal data GDPR Insurance

Nationwide Agrees to Pay $5.5 Million to Settle Multistate Data Breach Investigation

Hunton Privacy

AUGUST 10, 2017

On August 9, 2017, Nationwide Mutual Insurance Co. million settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 In October 2012, Nationwide and its affiliate, Allied Property & Casualty Insurance Co. Nationwide”) agreed to a $5.5

Data breaches

Data breaches Insurance Data collection Risk

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

Banks, financial services, and insurance companies are especially vulnerable to fraud due to their access to large amounts of money and sensitive information for customers and employees alike. As the volume of data collected increases, users may experience slower processing times than they expect.

Analytics

Analytics Risk Authentication Financial Services

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

The DPDP Act will replace India’s current data protection framework, which includes relevant provisions of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. payments, insurance etc).

Personal data

Personal data GDPR Data breaches Compliance

MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns

The Last Watchdog

SEPTEMBER 20, 2019

Current attack trends add urgency, and catching up on doing basic security best practices isn’t enough. Eventually, governments will address the risk by beefing up security and purchasing cyber insurance, which go hand in glove. There are some big, unanswered questions about supply chain security surrounding voting machines.

Ransomware

Ransomware Government Retail Security

Privacy in an open-data world: Why government agencies need to be proactive

Collibra

JUNE 23, 2023

The ever-growing digitalization of our world has raised significant concerns about data privacy and security, particularly for agencies that manage and process sensitive and confidential information. The urgent need to prioritize data privacy Government agencies must not choose between privacy and security.

Privacy

Privacy Government Data Privacy Data breaches

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

eSecurity Planet

OCTOBER 11, 2022

In the ever-evolving fight against data loss , data breaches, and data theft in the 21st century, organizations worldwide have turned to a number of cybersecurity solutions, services, and software in an attempt to keep their data safe and secure from threats.

Analytics

Analytics Cybersecurity IT Data breaches

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

This aligns with other recent guidance putting clearer parameters around use of biometric data in China). Purposes/Restrictions on Use Collection and processing of data must be directly related to the purpose of processing specified in the privacy notice. Excessive data collection must be avoided.

Data Privacy

Data Privacy Privacy Compliance Analytics

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

Generative AI that’s tailored for your business needs with watsonx.ai

IBM Big Data Hub

SEPTEMBER 28, 2023

Business-targeted, IBM-developed foundation models built from sound data Business leaders charged with adopting generative AI need model flexibility and choice. They also need secured access to business-relevant models that can help accelerate time to value and insights. The synthetic data generator service in watsonx.ai

Risk

Risk Insurance Data collection Libraries

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

In this blog, and in one by my colleague Julie Lassabliere from Safelayer Secure Communications , we explore the need for trusted device identification and data integrity in the IoT. I also will discuss the mechanisms needed to enable the fundamental security framework required to make the IoT trustworthy.

IoT

IoT Encryption Agriculture Data collection

What IG Professionals Should Know About the Internet of Bodies

ARMA International

FEBRUARY 21, 2020

A company in Wisconsin had a “chipping party” in 2017 to implant microchips in some of its employees to make it easier for them to access the buildings and systems and to buy food in the company break room. [1]. Case law is beginning to address data collection and data privacy issues associated with the IoB.

Computer and Electronics

Computer and Electronics Privacy Artificial Intelligence IoT

Conversational AI use cases for enterprises

IBM Big Data Hub

FEBRUARY 23, 2024

Marketing and sales: Conversational AI has become an invaluable tool for data collection. It assists customers and gathers crucial customer data during interactions to convert potential customers into active ones. This data can be used to better understand customer preferences and tailor marketing strategies accordingly.

Analytics

Analytics Artificial Intelligence Marketing Education

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Luckily for cybersecurity startups, there’s no shortage of interest in tomorrow’s next big security vendors. billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. How Do VC Firms Work? a16z Investments.

Cybersecurity

Cybersecurity Cloud Marketing Security

U.S. states pass data protection laws on the heels of the GDPR

Data Protection Report

JULY 9, 2018

The California and Vermont laws, in particular, go beyond breach notification and require companies to make significant changes in their data processing operations. On the security front, as of March 2018, all 50 U.S. data protection laws that were passed in the last year. 382 ) – Louisiana amends its data breach law.

GDPR

GDPR Data breaches Personal data Insurance

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

These are (i) government entities; (ii) entities subject to the Gramm-Leach-Bliley Act; (iii) entities subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act; (iv) nonprofits; and (v) institutions of higher education. Controllers must.

Personal data

Personal data GDPR Sales Privacy

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Encrypting critical data assets. Principle 2.

Cybersecurity

Cybersecurity Risk Passwords Authentication

FTC Hosts Workshop on Informational Injury

Hunton Privacy

DECEMBER 15, 2017

Injuries 101 : The first panel discussed negative outcomes that arise from unauthorized access to and misuse of consumers’ personal data. Consideration was given to whether the same factors apply in both the privacy and security contexts, the risk of potential injury versus realized injury and when government intervention is warranted.

Privacy

Privacy Retail Risk Insurance

Top MDR Services for 2021

eSecurity Planet

MAY 5, 2021

These services are managed by outsourced teams of experts to help remove some of the need for dedicated onsite security staff and to decrease the amount of day-to-day work for their clients. The company currently secures $5.7 Every client receives a dedicated security advisor to streamline questions and support. Secureworks.

Cloud

Cloud Compliance Artificial Intelligence Analytics

Celebrating Data Privacy Day: A look at protecting your private data in a COVID-19 era

Collibra

JANUARY 28, 2022

Because this sort of privacy is so near and dear to us—and so important for everyone to understand and be aware of—we want to do our best to open the door to understanding data privacy, using this day as an access point to start the conversation. Some data privacy laws —like the U.S.

Data Privacy

Data Privacy Privacy Insurance Data collection

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

AB 375 goes beyond the ballot initiative by adding requirements for businesses that collect personal information (as defined in the bill) from consumers to delete such information on request as well as to provide access to specific pieces of personal information collected. geolocation data. biometric information.

GDPR

GDPR Privacy Sales Data breaches

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

In particular, the AU-054 does not cover fraud prevention systems implemented by insurance, capitalization, reassurance, assistance companies or insurance brokers CMF (these companies must refer to Single Authorization No. Strict requirements regarding access rights and management of the fraud prevention/detection system.

Personal data

Personal data Financial Services Risk Insurance

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

AB 375 goes beyond the ballot initiative by adding requirements for businesses that collect personal information (as defined in the bill) from consumers to delete such information on request as well as to provide access to specific pieces of personal information collected. geolocation data. biometric information.

GDPR

GDPR Privacy Sales Data breaches

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR

GDPR Personal data Compliance Data breaches

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

be “accessible to consumers with disabilities” by, at a minimum, letting consumers with disabilities know how to access the notice in an alternative format. Finally, the regulations make clear that, if a business does not provide the relevant notice, it shall not collect personal information from the consumer.

Privacy

Privacy Sales Paper Compliance

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

34 Most Common Types of Network Security Protections

Webinars

Trending Sources

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Webinars

Data protection strategy: Key components and best practices

The Hacker Tool to Get Personal Data from Credit Bureaus

Data privacy examples

Connecticut Tightens its Data Breach Notification Laws

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Happy 13th Birthday, KrebsOnSecurity!

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Senators Urge FTC to Probe ID.me Over Selfie Data

Driving Conversations Around Careers In Telematics

$10,000,000 civil penalty for disclosing personal data without consent

EUROPE: New privacy rules for connected vehicles in Europe?

Nationwide Agrees to Pay $5.5 Million to Settle Multistate Data Breach Investigation

Best Fraud Management Systems & Detection Tools in 2022

India: New Digital Personal Data Protection Act, Start Planning Now.

MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns

Privacy in an open-data world: Why government agencies need to be proactive

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Generative AI that’s tailored for your business needs with watsonx.ai

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

What IG Professionals Should Know About the Internet of Bodies

Conversational AI use cases for enterprises

Top VC Firms in Cybersecurity of 2022

U.S. states pass data protection laws on the heels of the GDPR

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

An Approach to Cybersecurity Risk Oversight for Corporate Directors

FTC Hosts Workshop on Informational Injury

Top MDR Services for 2021

Celebrating Data Privacy Day: A look at protecting your private data in a COVID-19 era

California Enacts Broad Privacy Laws Modeled on GDPR

FRANCE: CNIL adopts new single authorization on fraud prevention systems

California Enacts Broad Privacy Protections Modeled on GDPR

GDPR is upon us: are you ready for what comes next?

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Stay Connected