Blog, Financial Services, Information Security and Privacy

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance appeared first on Data Matters Privacy Blog. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

AI Scientists successfully use AI to detect AI-generated videos Scientists at the MISL (Multimedia and Information Security Lab) in Drexel University’s College of Engineering have developed a suite of tools to detect AI-generated videos at the sub-pixel level. To learn more about our research methodology, click here.

Data Privacy

Data Privacy Privacy Manufacturing Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The post President Trump Signs Financial Services Regulatory Reform Legislation appeared first on Data Matters Privacy Blog. providing relief for many bank holding companies from stress testing requirements. easing capital and liquidity requirements and providing capital relief to community banks.

Financial Services

Financial Services Insurance Privacy Authentication

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Other news ISO/IEC 27006:2024 published ISO (the International Organization for Standardization) and the IEC (International electrotechnical Commission) have published a new standard in the ISO 27000 information security series. The consultation closes on 17 April. Key dates 31 March 2024 – PCI DSS v4.0 of the Standard.

Data Privacy

Data Privacy Privacy Security Data breaches

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Data Matters

DECEMBER 6, 2022

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period.

Cybersecurity

Cybersecurity Financial Services Privacy IT

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Data Matters

MAY 14, 2019

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. Read the Full Interview.

Financial Services

Financial Services GDPR Big data Data Privacy

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy

Data Privacy Personal data Privacy Cloud

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. 1 The Federal Financial Institutions Examination Council is a U.S.

Authentication

Authentication Access Risk Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

IBM is further adding additional zero trust principles designed to increase security and ease of use with the IBM Hyper Protect Platform. This unique capability is designed for workloads that have strong data sovereignty, regulatory or data privacy requirements.

Security

Security Cloud Data Privacy Financial Services

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

Furthermore, sharing login credentials with third parties raises significant issues of consumer privacy, choice and transparency. They may also demonstrate the CFPB’s expectations of market participants and its broader viewpoints about consumer privacy and consent. Security practices should be adapted to new risks and threats.

Financial Services

Financial Services Privacy Access Marketing

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance , identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

APRIL 21, 2020

The Cybersecurity Information Sharing Act of 2015 permits nonfederal entities to share cyber threat indicators and defensive measures with federal and nonfederal entities and provides some limited liability shields from privacy claims where entities share information pursuant to certain protocols. 510.701 (2020). The post U.S.

Cybersecurity

Cybersecurity Risk Ransomware Government

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. February 15 deadline looms for first DFS Cybersecurity Certification.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Data Matters

FEBRUARY 28, 2019

The post FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings appeared first on Data Matters Privacy Blog. For one, many had defined the threat landscape too narrowly. A full copy of the FCA report can be found here.

Cybersecurity

Cybersecurity Risk Marketing Financial Services

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

United Shore Financial Services, LLC , the plaintiff filed a putative class action against United Shore Financial Services (United Shore) and Xerox Mortgage Services, Inc. XMS) over alleged intrusions into XMS’s systems on which United Shore had stored potential borrowers’ personal information.

Data breaches

Data breaches Communications Financial Services Privacy

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

financial institutions or firms that perform “critical financial services.”. 2 Citing the Federal Bureau of Investigation (FBI), OFAC reports that between 2018 and 2019, there was a 37% increase in reported ransomware cases with a 147% increase in ransomware-related financial losses. 1, 2020, [link].

Ransomware

Ransomware Compliance Risk Government

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk.

Cybersecurity

Cybersecurity Risk Passwords Authentication

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

Brexit triggered a significant onshoring of legislation to ensure that the UK continued to have a functioning financial services regulatory regime. The post UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services appeared first on Data Matters Privacy Blog.

Authentication

Authentication Paper Risk Insurance

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

Banking, financial services, media, insurance, and e-commerce companies have the lead in transformational initiatives in India. While digital transformation is driving benefits to companies and their customers alike, it also introduces new challenges for information security professionals.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

For instance, health care regulatory authorities may decide to enact their own industry-specific regulation requiring that personal health information be subject to additional safeguards and treated as “sensitive personal information.” In addition, the bill does not impose a generally applicable data breach notification requirement.

Personal data

Personal data Financial Services Data Privacy Data breaches

Information Management Today

Summary – “Industry in One: Financial Services”

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Trending Sources

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Webinars

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

President Trump Signs Financial Services Regulatory Reform Legislation

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Navigating the EU-US Data Protection Framework

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Privacy and Cybersecurity Top 10 for 2018

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

New York Enacts Stricter Data Cybersecurity Laws

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FCA Publishes Wholesale Banks and Asset Management Cyber Multi-Firm Review Findings

Protection of Privilege in the Aftermath of a Data Breach

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

An Approach to Cybersecurity Risk Oversight for Corporate Directors

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

India’s Digital Future Is Bright

Singapore Parliament Passes Personal Data Protection Act

Stay Connected