Summary – “Industry in One: Financial Services”

ARMA International

The scope of a records and information management (RIM) program in financial services can seem overwhelming. History of Financial System. Shaped by several financial catastrophes of modern history, such as the Great Depression of 1929 and the Great Recession of 2007, the U.S.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

The first step any financial institution must take in its response to the laws is to evaluate its exposure and current capabilities in protecting sensitive business and customer data. Define the governance structure.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Embracing new ways of working in financial services

CGI

Embracing new ways of working in financial services. Although the approaches to dealing with the COVID-19 pandemic vary by country, as governments and businesses come to grips with it, one thing is imperative: we will get through this. . Customer service.

NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

Hunton Privacy

On January 22, 2018, the New York Department of Financial Services (“NYDFS”) issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018. DFS’s goal is to prevent cybersecurity attacks, and we therefore will now include cybersecurity in all DFS examinations to ensure that proper cybersecurity governance is being practiced by our regulated entities.

Improve your data relationships with third parties

Collibra

Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. 3) Regulators are worried about cybersecurity and the robustness of technology systems in general.

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

Related: Applying ‘zero trust’ to managed security services. based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Our customers all have the pain point of wanting to have single sign-on for multiple applications, requiring capabilities like self-service and self-registration,” Curcio told Last Watchdog.

Access 145

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents. The Identity Theft Prevention and Mitigation Services Act. More State Privacy and Cybersecurity Legal Developments on the Horizon.

US: Coronavirus – Cybersecurity considerations for your newly remote workforce

DLA Piper Privacy Matters

Working remotely, or “teleworking,” presents unique cybersecurity challenges to the employer, the employee and the supply chain, especially when being done for the first time in a rapidly changing environment. COVID-19 resource pages may also include cybersecurity information.

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

Chinese Cyber-Spies Target Government Organizations in Middle East. Chinese APT group Emissary Panda has been targeting government organizations in two different countries in the Middle East. defense contractors , financial services firms, and a national data center in Central Asia.

Privacy and Cybersecurity Top 10 for 2018

Data Matters

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR. Carpenter argues that the government is required to receive a warrant under the Fourth Amendment for his location records.

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. Creating an enterprise-wide governance structure.

Senate Passes Cybersecurity Information Sharing Act

Hunton Privacy

Senate passed S.754 – Cybersecurity Information Sharing Act of 2015 (“CISA”) by a vote of 74 to 21. CISA is intended to facilitate and encourage the sharing of Internet traffic information between and among companies and the federal government to prevent cyber attacks, by giving companies legal immunity from antitrust and privacy lawsuits. Chamber of Commerce and various financial industry groups. Cybersecurity Information Security U.S.

FFIEC Announces Plans to Update Cybersecurity Guidance in Wake of Cybersecurity Assessments

Hunton Privacy

On November 3, 2014, the Federal Financial Institutions Examination Council (“FFIEC”), on behalf of its members, released a report entitled FFIEC Cybersecurity Assessment General Observations (the “Report”) that contains observations from recent cybersecurity assessments conducted at over 500 community financial institutions as part of the FFIEC cybersecurity examination work program. Cybersecurity Financial Privacy

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process. The guidance letter provides a list of topics that will be addressed in the Department’s cybersecurity examination process.

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. How do you build an effective information governance program? Some consider email to be the “third-rail” of information governance.

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative. A majority of examined firms broker-dealers (93%) and advisers (79%) reported that they conduct cybersecurity risk assessments on periodic basis.

NYDFS Requires COVID-19 Plans by April 9

Data Protection Report

Governance and oversight of the plan, including identifying the critical members of your response team, to ensure ongoing review and updates to the plan, including the tracking of relevant information from government sources and your own monitoring program.

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

Data Matters

On May 18, 2020, the Financial Crimes Enforcement Network (FinCEN), as part of its COVID-19-related response, issued a Notice Related to the Coronavirus Disease 2019 (COVID-19) reminding financial institutions of certain Bank Secrecy Act (BSA) obligations and pertinent information regarding reporting COVID-19-related criminal and suspicious activity (the Notice). Instead, financial institutions should include COVID-19 only when it is tied to suspicious activity.

Managing the regulatory risks of cybersecurity: An evolving regulatory landscape

CGI

Managing the regulatory risks of cybersecurity: An evolving regulatory landscape. Financial institutions in the U.S. are well aware of the business risks related to cybersecurity but there are an increasing number of related regulatory risks that also need to be addressed. This was made clear last September when an American investment advisor was charged by the SEC with failing to adopt proper cybersecurity policies and procedures prior to a breach.

White House Releases Cybersecurity Legislative Proposal

Hunton Privacy

On May 12, 2011, the White House released the long-expected cybersecurity legislative proposal in response to the need to protect Americans from cyber threats. Cybersecurity Information Sharing – This section would create a system intended to encourage, incentivize and protect the voluntary sharing of cyber incident and cybersecurity information between federal, state and local governments and private industry.

US: Surviving the service provider data breach

DLA Piper Privacy Matters

It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Do “reasonable” cybersecurity controls extend to third parties?

Senators Introduce Cybersecurity Act of 2012

Hunton Privacy

congressional committee, including Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV) and Dianne Feinstein (D-CA), introduced the Cybersecurity Act of 2012 (the “Act”). Although the legislation appears to have strong bipartisan support, during a February 15 hearing before the Homeland Security and Governmental Affairs Committee, Senator John McCain (R-AZ) indicated that he and six Republican colleagues would propose their own cybersecurity legislation in March.

Observations on the Cybersecurity Executive Order and Presidential Policy Directive

Hunton Privacy

The Executive Order, “ Improving Critical Infrastructure Cybersecurity ,” and the Presidential Policy Directive (“PPD”), “ Critical Infrastructure Security and Resilience ,” signed by President Obama on February 12, 2013, raise the stakes in the national debate over cybersecurity requirements and seem likely, if not designed, to provoke a legislative response. This is a dramatic change from President Obama’s first pronouncement on cybersecurity just five months after taking office.

OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

Hunton Privacy

Department of Health and Human Services’ Office for Civil Rights (“OCR”) and the Health Care Industry Cybersecurity Task Force (the “Task Force”) have published important materials addressing cybersecurity in the health care industry. The Task Force, which was established in 2015 by Congress, is composed of government officials and leaders in the health care industry. The U.S.

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests.

GDPR 72

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. How do you build an effective information governance program? Some consider email to be the “third-rail” of information governance.

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

Data Matters

Professional service providers : Banks receiving services from law firms, consultants, audit firms etc. Maintenance, catering and custodial service companies : Any entity that a bank or a line of business uses to provide a product or service either to the bank or to the bank’s customers establishes a business relationship. In particular, banks often have third-party relationships with entities that in turn contract with cloud computing service providers.

Cloud 65

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

The proposed Rule would allow the CISO to be an employee of a service provider or affiliate, although in that case the FI would be required to designate a senior member of its personnel to direct and oversee the CISO. Service provider oversight.

Risk 52

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests.

GDPR 52

Congratulations to Sidley’s Newest Partners!

Data Matters

Kate has strong experience involving complex privacy and data security matters and represents several large, multinational companies, as well as startups, in the healthcare, technology and financial services sectors, among others.

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection. One might assume top-tier financial services firms and healthcare vendors would have solved third-party cyber exposures by now.

Risk 126

President Trump’s Budget Requests $1.5B For Homeland Security Cyber Unit

Privacy and Cybersecurity Law

President Trump’s new budget includes a request to increase cybersecurity personnel and funding across several federal departments, including $1.5 The President’s budget comes on the heels of his recent Executive Order aimed at strengthening cybersecurity across federal networks, critical infrastructure, and the nation writ large. … Enforcement Government Information Regulators Safeguards United States

Is It Time for a Federal U.S. Data Protection Law?

InfoGoTo

government could provide a coherent legislative approach that might appease everyone — consumers, the regulated community, privacy advocates and the government regulatory agencies.

IT 84

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

And, in doing so, the IC has developed an effective set of data handling and cybersecurity best practices. This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures. In the same vein, businesses at large can use the intelligence cycle as a model to detect and deter any attacks coming from foreign intelligence services.

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. Think of a customer service chat bot, for instance,” explained Kiser.

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation , companies are routing ever more core operations and services through the Internet, or, more precisely, through IP addresses, of one kind or another. And in a double-whammy, the efficacy of legacy cybersecurity defenses — which were deployed, at great expense, mainly to protect on-premises data centers – by many measures is rapidly eroding.

Cloud 144

U.S. Warns of Threat to Financial Industry Posed by North Korean Cyberattacks

Data Matters

Departments of State, the Treasury and Homeland Security and the Federal Bureau of Investigation issued a joint advisory (the Advisory) on April 15, 2020, discussing the threat to the international community posed by cyberattacks linked to the Democratic People’s Republic of Korea (North Korea), in particular highlighting concerns for the financial services sector. Foreign financial institutions risk secondary sanctions for engaging in the same. The U.S.

Federal Agency Data is Under Siege

Thales eSecurity

Its unique capabilities include the design and deployment of equipment, systems and services to meet complex security requirements. More so than commercial enterprises, government agencies are making a massive shift to the cloud. Government

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% There are plenty of good ones by government regulators, such as those compiled and distributed for free by NIST ; and there’s no end of rules and guidance issued by a wide variety of industry standards bodies.

Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365

Security Affairs

Chinese white hat hackers have a long story of success, they won several international hacking contests in the past, but in 2018 the Chinese government prohibited Chinese experts in participating this kind of competition abroad. Since the decision of the Chinese Government, the TianfuCup was set up for the first time in the fall of 2018. Most of the amount of money, $620,000, was paid to a team from cybersecurity firm Qihoo 360. The Tianfu Cup 2019 International Cyber ??Security