GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. In this blog, I am addressing the General Data Protection Regulation (GDPR) and all the regulations that come with it. The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on data protection and privacy for all individuals within the EU. Data Protection Officer.

Summary – “Industry in One: Financial Services”

ARMA International

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny. History of Financial System. financial system continues to evolve in response to changing regulations. Financial Services Industry Overview.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

My previous blog focused on addressing the General Data Protection Regulation (GDPR) and all the regulations that came with it. In my final post of this series, I want to outline the actions you can take to remain proactive with data privacy laws surrounding NYDFS 500 and GDPR. Companies will need to navigate the interconnected pieces of their organization, understand the history and lifecycle of their data, and work closely with regulators to ensure a successful outcome.

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic. Data Loss Prevention – ensure employees are not sending nonpublic information to personal email accounts and devices. For more information on the risks COVID-19 places on IT service providers and mitigating those risks, click here.

Financial Services Data – More at risk than you’d believe

Thales eSecurity

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S. IT security pros in financial services organizations reporting that their organization already had a data breach – but breaches are increasing at alarming rates.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Are data and applications that process data properly classified for confidentiality to ensure proper data management?

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. ” A Little Sunshine Data Breaches First American Financial Corp.

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

Air Canada data breach – The incident was confirmed by the company and may have affected 20,000 customers (1%) of its 1.7 The data breach of the day is the one suffered by Air Canada that may have affected 20,000 customers (1%) of its 1.7 22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. ” reads the data breach notification.

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity


Breach cybersecurity investment data breach financial services GDPR italy unicreditUniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.

US: Surviving the service provider data breach

DLA Piper Privacy Matters

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Who “owns” a data breach? How to best protect against service provider incidents?

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records. Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’. Philadelphia Federal Credit Union confirms security breach (unknown). State-sponsored hackers breach Greece’s top-level domain registrar (unknown).

Striking a balance between security and usability of sensitive data

OpenText Information Management

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense. That means being able to … The post Striking a balance between security and usability of sensitive data appeared first on OpenText Blogs.

Keeping Up with New Data Protection Regulations


Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of. California recently passed a law that gives residents the right to control the data companies collect about them. In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations.

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act). The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations.

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

3, the United States Court of Appeals for the Sixth Circuit issued a decision that effectively required a company to turn over materials relating to a privileged forensic data breach investigation because, the court concluded, the company had implicitly waived privilege when it disclosed certain of the forensic firm’s conclusions in response to a discovery request. The post Protection of Privilege in the Aftermath of a Data Breach appeared first on Data Matters Privacy Blog.

7.5M Banking Customers Affected in Dave Security Breach

Dark Reading

The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev

Top 7 Data Governance Blog Posts of 2018


The driving factors behind data governance adoption vary. Whether implemented as preventative measures (risk management and regulation) or proactive endeavors (value creation and ROI), the benefits of a data governance initiative is becoming more apparent. Historically most organizations have approached data governance in isolation and from the former category. Defining Data Governance. to Data Governance 2.0

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Benefits for Financial Services.

Equifax Data Breach: The Long-Term Impact on Fighting Fraud


The massive Equifax data breach that’s making national headlines is estimated to impact nearly half of the U.S. While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached.

Business Process Modeling Use Cases and Definition


It also combines process/ workflow, functional, organizational and data/resource views with underlying metrics such as costs, cycle times and responsibilities to provide a foundation for analyzing value chains, activity-based costs, bottlenecks, critical paths and inefficiencies. s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are requiring businesses across industries to think about their compliance efforts.

Banks won’t be able to remain on sidelines of privacy debate

Information Management Resources

Equifax's massive breach and Facebook's scandals have made data privacy a big issue for state and federal lawmakers. Data privacy Cyber security Data breaches Finance, investment and tax-related legislation Compliance House Financial Services Committee Senate Banking Committee Equifax CaliforniaHere's why banks need to be worried.

Can this data security bill succeed where others failed?

Information Management Resources

Cyber security Cyber attacks Data breaches Finance, investment and tax-related legislation House Financial Services Committee EquifaxA bipartisan bill to establish a federal security framework follows a string of efforts beset by congressional turf battles.

Data Breach Regulation: What’s Next For Banks and Credit Unions?


When your organization is part of a data breach as big as Equifax and Marriott, expect to stay in the headlines. Those two corporations continue to be under a congressional review microscope following the incidents that left millions of consumers’ data exposed. The Senate Permanent Subcommittee on Investigations has been probing these breaches and its members have been vocal about the lack of oversight in protecting people’s personal and financial credentials.

Financial Industry Trends Focused on Information Management Challenges in 2019


Financial services firms saw mounting information management challenges in 2019. As the volume and variety of data grows, so do threats from hackers, posing security concerns for organizations and customers alike. Growing Data Volume, Velocity, Variety. According to a Fintech News article, financial institutions like JPMorgan Chase produce terabytes of data every single day. Data Breaches Continue.

What You Need to Know About Storing Financial Data in the Cloud


In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. One notable example, as discussed in a CIO Dive article, was a data breach at Capital One that exposed the cloud-stored data of 106 million customers. Data protection is an ongoing process. Misconfigured Servers Unveil Sensitive Data.

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

The Act makes many significant modifications to the postcrisis financial regulatory framework, although it leaves the core of that framework intact. One major consequence of the Act may be an increased potential for mergers, acquisitions and organic growth among regional and midsize banks, as well as community banks, because of provisions that increase the thresholds that must be met before various financial regulatory requirements apply. Initiating Online Banking Services.

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

Marriott International announced a data breach that may have exposed the information of 5.2 This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. . The post How Marriott Customers Can Protect Themselves From The Latest Breach appeared first on Adam Levin.

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

Troy Hunt

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. Those 80M records are now searchable, read on for the full story: There's an unknown numbers of data breaches floating around the web. It's also interesting because among nearly 3k other breaches, the data contains Dropbox.

Life Under GDPR: Data Breach Cost Unknown

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

Major data breaches in recent years are spurring state legislators and regulators across the US into action. For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Perficient Helps Adjust to the California Consumer Privacy Act

Perficient Data & Analytics

The first step any financial institution must take in its response to the new CCPA law is to evaluate its exposure and current state of readiness. Analysis: Identification of critical process and data gaps, implementation or reinforcement of governance processes, documentation of requirements. Implementation: Technical services to consolidate customer data, develop governance and approval workflows, and make infrastructure upgrades. Perficient + Financial Services.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches.

Italy's UniCredit: Breach Went Undetected for Four Years

Data Breach Today

Incident Exposed Contact Information for 3 Million Italians, Bank Reports UniCredit, an Italian banking and financial services company, sustained a data breach exposing information on 3 million customers that went undetected for four years, the company has acknowledged. Find out what data was exposed

NY Attorney General Announces Record Number of Data Breach Notices in 2016

Hunton Privacy

On March 21, 2017, New York Attorney General Eric Schneiderman announced that the New York Office of the Attorney General received over 1,300 data breach notifications in 2016, a 60 percent increase from 2015. The reported breaches led to the exposure of personal information of 1.6 According to the Attorney General’s report, 46 percent of the exposed personal information consisted of Social Security numbers, and 35 percent consisted of financial account information.

Expect Challenges with the California Consumer Privacy Act

Perficient Data & Analytics

Compliance with the CCPA will be challenging because it represents major changes in how financial institutions conduct their business. DATA DISPERSION. Consumer personal data is often scattered across multiple internal platforms and shared with many third parties. Firms use consumer personal data to identify and qualify prospects, cross-sell and up-sell to existing customers, and create targeted outreach messages.

DLA Piper Privacy Matters - Untitled Article

DLA Piper Privacy Matters

NETHERLANDS: Dutch Data Protection Authority received record amount of data breach notifications in 2018. Earlier today, the Dutch Data Protection Authority ( Autoriteit Persoonsgegevens ) issued a press release stating that it received 20,881 notifications of data breaches in 2018. In comparison to 2017, the amount of data breach notifications has (more than) doubled.

Reltio Supports Apple CEO Tim Cook’s Clarion Call for Stronger US Customer Data Privacy Laws


privacy law , similar to GDPR (General Data Protection Regulation), is appropriate and timely. Five years ago this initiative would have been too big of a burden for companies because customer data is siloed throughout organizations in dozens or hundreds of separate systems. GDPR has irreversibly changed the landscape for single customer view data projects for companies doing business in Europe. Blending different types of data. Understanding data ownership.

Guide: Complying with the California Consumer Privacy Act of 2018

Perficient Data & Analytics

The California Consumer Privacy Act (CCPA) will have far-reaching effects on how financial institutions manage their customer data. Compliance will be difficult for firms with disparate silos of customer data, nascent data governance and retention policies, multiple third-party relationships, and marketing programs based on personal information. Receive equal service and price even if they exercise their privacy rights.