GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. How GDPR is giving individuals control of their data: Scope. Data protection by design and by default.

Summary – “Industry in One: Financial Services”

ARMA International

The scope of a records and information management (RIM) program in financial services can seem overwhelming. History of Financial System. Shaped by several financial catastrophes of modern history, such as the Great Depression of 1929 and the Great Recession of 2007, the U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

My previous blog focused on addressing the General Data Protection Regulation (GDPR) and all the regulations that came with it. In my final post of this series, I want to outline the actions you can take to remain proactive with data privacy laws surrounding NYDFS 500 and GDPR.

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic.

Financial Services Data – More at risk than you’d believe

Thales eSecurity

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S.

NY Charges First American Financial for Massive Data Leak

Krebs on Security

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. First American Financial Corp. First American’s stock price fell more than 6 percent the day after news of their data leak was published here.

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities.

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity

Threatpost

Breach cybersecurity investment data breach financial services GDPR italy unicreditUniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

Air Canada data breach – The incident was confirmed by the company and may have affected 20,000 customers (1%) of its 1.7 The data breach of the day is the one suffered by Air Canada that may have affected 20,000 customers (1%) of its 1.7

Striking a balance between security and usability of sensitive data

OpenText Information Management

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

US: Surviving the service provider data breach

DLA Piper Privacy Matters

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records. Philadelphia Federal Credit Union confirms security breach (unknown). State-sponsored hackers breach Greece’s top-level domain registrar (unknown).

Keeping Up with New Data Protection Regulations

erwin

Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of. New Data Protection Regulations – Always Be Prepared.

Financial Industry Trends Focused on Information Management Challenges in 2019

InfoGoTo

Financial services firms saw mounting information management challenges in 2019. As the volume and variety of data grows, so do threats from hackers, posing security concerns for organizations and customers alike. Growing Data Volume, Velocity, Variety.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations.

7.5M Banking Customers Affected in Dave Security Breach

Dark Reading

The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev

What You Need to Know About Storing Financial Data in the Cloud

InfoGoTo

In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. Data protection is an ongoing process.

Top 7 Data Governance Blog Posts of 2018

erwin

The driving factors behind data governance adoption vary. Whether implemented as preventative measures (risk management and regulation) or proactive endeavors (value creation and ROI), the benefits of a data governance initiative is becoming more apparent. Defining Data Governance.

Business Process Modeling Use Cases and Definition

erwin

It also combines process/ workflow, functional, organizational and data/resource views with underlying metrics such as costs, cycle times and responsibilities to provide a foundation for analyzing value chains, activity-based costs, bottlenecks, critical paths and inefficiencies.

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

3, the United States Court of Appeals for the Sixth Circuit issued a decision that effectively required a company to turn over materials relating to a privileged forensic data breach investigation because, the court concluded, the company had implicitly waived privilege when it disclosed certain of the forensic firm’s conclusions in response to a discovery request. The post Protection of Privilege in the Aftermath of a Data Breach appeared first on Data Matters Privacy Blog.

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

Marriott International announced a data breach that may have exposed the information of 5.2 The post How Marriott Customers Can Protect Themselves From The Latest Breach appeared first on Adam Levin. Data Security Data breach featured data breach marriott

Equifax Data Breach: The Long-Term Impact on Fighting Fraud

Rippleshot

The massive Equifax data breach that’s making national headlines is estimated to impact nearly half of the U.S. While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached.

Banks won’t be able to remain on sidelines of privacy debate

Information Management Resources

Equifax's massive breach and Facebook's scandals have made data privacy a big issue for state and federal lawmakers. Data privacy Cyber security Data breaches Finance, investment and tax-related legislation Compliance House Financial Services Committee Senate Banking Committee Equifax CaliforniaHere's why banks need to be worried.

Data Breach Regulation: What’s Next For Banks and Credit Unions?

Rippleshot

When your organization is part of a data breach as big as Equifax and Marriott, expect to stay in the headlines. Those two corporations continue to be under a congressional review microscope following the incidents that left millions of consumers’ data exposed. The Senate Permanent Subcommittee on Investigations has been probing these breaches and its members have been vocal about the lack of oversight in protecting people’s personal and financial credentials.

Can this data security bill succeed where others failed?

Information Management Resources

Cyber security Cyber attacks Data breaches Finance, investment and tax-related legislation House Financial Services Committee EquifaxA bipartisan bill to establish a federal security framework follows a string of efforts beset by congressional turf battles.

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

The Act makes many significant modifications to the postcrisis financial regulatory framework, although it leaves the core of that framework intact. One major consequence of the Act may be an increased potential for mergers, acquisitions and organic growth among regional and midsize banks, as well as community banks, because of provisions that increase the thresholds that must be met before various financial regulatory requirements apply. Initiating Online Banking Services.

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

Troy Hunt

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. Those 80M records are now searchable, read on for the full story: There's an unknown numbers of data breaches floating around the web. It's also interesting because among nearly 3k other breaches, the data contains Dropbox.

Italy's UniCredit: Breach Went Undetected for Four Years

Data Breach Today

Incident Exposed Contact Information for 3 Million Italians, Bank Reports UniCredit, an Italian banking and financial services company, sustained a data breach exposing information on 3 million customers that went undetected for four years, the company has acknowledged.

Life Under GDPR: Data Breach Cost Unknown

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

15 billion credentials available in the cybercrime marketplaces

Security Affairs

A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

Major data breaches in recent years are spurring state legislators and regulators across the US into action. For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. At the time of the discovery, the database contained over 500,000 documents for a total of 425GB of data.

Perficient Helps Adjust to the California Consumer Privacy Act

Perficient Data & Analytics

The first step any financial institution must take in its response to the new CCPA law is to evaluate its exposure and current state of readiness. Analysis: Identification of critical process and data gaps, implementation or reinforcement of governance processes, documentation of requirements. Implementation: Technical services to consolidate customer data, develop governance and approval workflows, and make infrastructure upgrades. Perficient + Financial Services.

Maze ransomware gang discloses data from drug testing firm HMR

Security Affairs

The drug testing firm Hammersmith Medicines Research LTD (HMR), which performs live trials of Coronavirus vaccines, discloses a data breach. Stolen data included the personal information for volunteers who surnames begin with D, G, I, or J.

NY Attorney General Announces Record Number of Data Breach Notices in 2016

Hunton Privacy

On March 21, 2017, New York Attorney General Eric Schneiderman announced that the New York Office of the Attorney General received over 1,300 data breach notifications in 2016, a 60 percent increase from 2015. The reported breaches led to the exposure of personal information of 1.6 According to the Attorney General’s report, 46 percent of the exposed personal information consisted of Social Security numbers, and 35 percent consisted of financial account information.

Expect Challenges with the California Consumer Privacy Act

Perficient Data & Analytics

Compliance with the CCPA will be challenging because it represents major changes in how financial institutions conduct their business. DATA DISPERSION. Consumer personal data is often scattered across multiple internal platforms and shared with many third parties. Firms use consumer personal data to identify and qualify prospects, cross-sell and up-sell to existing customers, and create targeted outreach messages.