Access, Definition and Financial Services - Information Management Today

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Revised Definition of Class A Companies.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

“We believe the outsider may have had an opportunity to access the accounts of certain customers, including your account, at which point they would be able to view personal information pertaining to that customer and potentially obtain an unauthorized loan using the customer’s credentials,” MSF said. .”

Financial Services

Financial Services IT Data breaches Authentication

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. Revised Definition of Class A Companies and other Key Requirements.

Cybersecurity

Cybersecurity Passwords Risk Compliance

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. The two definitions from Section 500.1 a)), this new term applies.

Cybersecurity

Cybersecurity Compliance Financial Services Government

The Many Challenges of a Multi-Cloud Business Environment

Thales Cloud Protection & Licensing

OCTOBER 27, 2021

At a global level, there's a broad acceptance that security teams are tightly involved with policy definition (82%), but an almost even split in relation to enforcement; 37% believe it is the security team’s responsibility while 45% believe that policy enforcement is up to the cloud provider.

Cloud

Cloud Encryption Financial Services Authentication

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Virgin Islands, and Guam) have their own data breach notification laws (and each such state, accordingly, has its very own definition of such basic terms as “data” and “breach”) – with Massachusetts’ and California’s respective breach-notification schemes viewed as among the strictest. In the U.S.,

Data Privacy

Data Privacy Compliance Privacy Security

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR’s reminders and recommendations for regulated entities include to: assess and reduce risks and vulnerabilities to the availability of ePHI, which is defined as “the property that data or information is accessible and useable upon demand by an authorized person” pursuant to the HIPAA Security Rule. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Definition and Purpose of a Records Retention Schedule. Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. 8 This is the GDPR definition and other countries have similar broad definitions of personal data. Accessed March 13, 2022.

Personal data

Personal data GDPR Privacy Records Management

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Meanwhile, employees, partners, suppliers and customers are using their smartphones to gain access. Companies need a reliable way to know at all times where sensitive data is sitting, and who might be accessing it, in order to keep it out of the hands of threat actors, he said. Users re-defined. Most often, a user is a human being.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Db2 for z/OS: Two Stories of Temporary Tables

Robert's Db2

SEPTEMBER 27, 2023

When a CGTT can majorly reduce elapsed and CPU time for a process The second Db2 temporary table story I'll relate came to me by way of a Db2 for z/OS systems programmer who works for a financial services organization. a "regular") Db2 table.

Financial Services

Financial Services IT Access

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

The only exemptions are “blind data” that contain no personal identifiers or publicly available information; and Customer information will be considered to be “unencrypted” in situations in which the encryption key was also accessed without authorization, regardless of whether the customer information was encrypted.

Encryption

Encryption Cybersecurity Data breaches Financial Services

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

The forums won’t likely provide definitive answers, they will likely provide some of the best information available. Definition of Unique Identifiers. Updating as needed the definition of unique identifiers. Non-Discrimination Should Not Preclude Charging a Reasonable Fee for Access to Content. What are the next steps?

Sales

Sales Privacy Data Privacy Compliance

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

My (somewhat unreliable) data protection predictions for 2017

Data Protector

DECEMBER 31, 2016

An increasing number of organisations will realise that, unless they start soon, they won’t have the time (or access to much external professional support) to fully prepare for the coming into force of the GDPR in May 2018. They're not definitive statements of the law that must be ruthlessly adhered to.

GDPR

GDPR Communications Financial Services Education

The Hybrid Cloud Forecast: Part 2

IBM Big Data Hub

JUNE 26, 2023

Moreover, it has changed the way applications are built and run, and made additional, groundbreaking technologies possible and accessible (e.g., AI-based services). One of the few pre-scripted questions I ask in most of the episodes is about the guest’s definition of “hybrid cloud.”

Cloud

Cloud Financial Services IT Government

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

The law broadens the definition of “private information” which sets forth the information elements that, if breached, could trigger a notification obligation. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

In addition to data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability and to object, the EU’s GDPR (General Data Protection Regulation) sets out requirements relating to automated individual decision-making, including profiling. Such decision-making is now restricted.

GDPR

GDPR Personal data Financial Services Compliance

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them.

Privacy

Privacy Financial Services Compliance Data breaches

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

Preservica

NOVEMBER 6, 2017

I recently spoke with the IG director for a global financial services firm about progress in addressing long-term digital information. Leadership is aware that secure, authenticated access to digital information is vital for decision making, meeting compliance and legal requirements, and sustaining client relationships.

Digital preservation

Digital preservation Information governance Government Archiving

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proactive steps.

Data breaches

Data breaches Cybersecurity Financial Services Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy

Data Privacy Privacy Compliance Analytics

Top 6 Best Practices for Data Governance

Collibra

MARCH 11, 2021

Here is an example of a financial services firm that overcame its data challenges and followed the data governance best practice of identifying data domains. . The company used Collibra as the system of engagement for managing all definitions and executing control processes, such as onboarding, approvals and capturing of feedback.

Government

Government Communications Insurance Customer Experience

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Hunton Privacy

JANUARY 20, 2023

As financial services authorities move to regulate digital assets in jurisdictions worldwide, the paper highlights the need to bring privacy regulators into the discussion so that data privacy issues affecting blockchain are addressed in tandem. Confidentiality and government access. Accountability. Individual rights.

Paper

Paper Blockchain Privacy Financial Services

How to create value through digital archiving

CILIP

JULY 19, 2019

ve provided to a client in terms of gaining access to older content? Being able to put this information into Preservica, make sure that its constantly revalidated and is fully accessible in the future is absolutely critical. Nathan: I would definitely agree with that. re constantly preserved for the future. if not millions ?

Archiving

Archiving Records Management GDPR Digital transformation

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed Rule will also require multi-factor authentication for any individual accessing customer information, but, unlike the NYDFS which imposed a similar requirement in the Cybersecurity Regulation, the FTC declined to endorse text messages as a permitted second factor.

Privacy

Privacy Risk Cybersecurity Information Security

6 best practices for a data governance strategy

Collibra

APRIL 11, 2022

Here is an example of a financial services firm that overcame its data challenges and followed the data governance best practice of identifying data domains. . The company used Collibra as the system of engagement for managing all definitions and executing control processes, such as onboarding, approvals and capturing of feedback.

Government

Government Communications Insurance Customer Experience

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

Sector-Based Criteria: CISA’s sector-based criteria captures smaller entities that may not meet the size threshold but are nonetheless considered “high-risk,” such as critical access hospitals in rural areas, owners and operators of nuclear facilities, and large school districts. that provide services to the covered entity.

Ransomware

Ransomware Agriculture Cybersecurity Government

The ONE Key Aspect of DB2 for z/OS Table-Controlled Partitioning that People Seem Most Likely to Forget

Robert's Db2

JUNE 5, 2012

it provides no query access path performance benefit, isn't defined on a foreign key, etc.). For a number of mainframe DB2-using organizations, the fact that the partitioning index of an index-controlled partitioned table space had to also be the table's clustering index was a pain.

Mining

Mining Financial Services Retail Sales

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

You must access the right data and build the right data models for your enterprise before you start leaping down the path of building solutions.”. The definition of success, from my perspective as a manager of a consulting organisation, is our clients achieving the business benefit they want and being delighted with our services.

MDM

MDM Retail IT Government

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

For example, the bill does not contain a definition of “sensitive personal information,” and does not impose any special requirements for the handling of “sensitive personal information.” In addition, the bill does not impose a generally applicable data breach notification requirement.

Personal data

Personal data Financial Services Data Privacy Data breaches

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

I don't know maybe purple team a bit, I played kind of both sides of the fence but yeah definitely do a lot of adversarial inspection of, you know, any kind of traffic endpoints that I find that our customers. Vamosi: To be fair, API's are also used in web applications, which you access through your web browser.

Authentication

Authentication Communications IoT Security

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

I don't know maybe purple team a bit, I played kind of both sides of the fence but yeah definitely do a lot of adversarial inspection of, you know, any kind of traffic endpoints that I find that our customers. Vamosi: To be fair, API's are also used in web applications, which you access through your web browser.

Authentication

Authentication Communications IoT Security

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

This packet contains the exploit code that takes advantage of the EternalBlue vulnerability, allowing the attacker to gain unauthorized access and execute arbitrary code on the compromised system. A bad actor, seeking to exploit the vulnerability, initiates an attack by sending a specially crafted network packet to the vulnerable system.

Phishing

Phishing Ransomware Search queries Access

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

HL Chronicle of Data Protection

NOVEMBER 15, 2018

The use of “essentially equivalent” instead of simply “equivalent” is significant, as an equivalence regime is currently planned for the financial services sector. Definition of Union law.

GDPR

GDPR Personal data Government Financial Services

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud

Cloud Financial Services Security Compliance

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

The topics on which input is specifically sought include the scope of the covered banking organizations, applicable definitions, standards for notice, method of notice to the regulatory agencies, timeframes for providing notice, and the impact of the proposed rule. Definition of Subject Entities: .

Security

Security Cybersecurity Insurance Communications

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Trending Sources

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Webinars

Scary Fraud Ensues When ID Theft & Usury Collide

NYDFS proposes significant cybersecurity regulation amendments

NYDFS finalizes cybersecurity rule amendments

The Many Challenges of a Multi-Cloud Business Environment

Security Compliance & Data Privacy Regulations

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

The Impact of Data Protection Laws on Your Records Retention Schedule

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Db2 for z/OS: Two Stories of Temporary Tables

FTC amendment to Safeguards Rule

Takeaways From CCPA Public Forums

New York Updates Cybersecurity Regulation for Financial Institutions

My (somewhat unreliable) data protection predictions for 2017

The Hybrid Cloud Forecast: Part 2

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

New York Enacts Stricter Data Cybersecurity Laws

New York’s Breach Law Amendments and New Security Requirements

GDPR automated decision-making and profiling: what are the requirements?

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

The Privacy Officers’ New Year’s Resolutions

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

US: Surviving the service provider data breach

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Top 6 Best Practices for Data Governance

The Privacy Officers’ New Year’s Resolutions

CIPL Publishes Discussion Paper on Digital Assets and Privacy

How to create value through digital archiving

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

6 best practices for a data governance strategy

CISA issues proposed rules for cyber incident reporting in critical infrastructure

The ONE Key Aspect of DB2 for z/OS Table-Controlled Partitioning that People Seem Most Likely to Forget

#ModernDataMasters: Mike Evans, Chief Technology Officer

Singapore Parliament Passes Personal Data Protection Act

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Stay Connected