GDPR: Data Privacy Laws in Financial Services

Perficient Data & Analytics

My previous blog post addresses the reasons for the regulation and the requirements associated with the New York State Department of Financial Services (NYDFS) 23 NYCRR 500. In this blog, I am addressing the General Data Protection Regulation (GDPR) and all the regulations that come with it. The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on data protection and privacy for all individuals within the EU. Data Protection Officer.

Summary – “Industry in One: Financial Services”

ARMA International

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny. History of Financial System. financial system continues to evolve in response to changing regulations. Financial Services Industry Overview.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

New York Department of Financial Services Released New Guidance Addressing COVID-19 Related Cybersecurity Risks

HL Chronicle of Data Protection

Continuing its focus on COVID-19’s impact on its regulated entities, on April 13, the New York Department of Financial Services (NYDFS) released new cybersecurity guidance in response to the COVID-19 pandemic.

NYDFS 500 and GDPR in Financial Services – Actions to Take Now

Perficient Data & Analytics

My previous blog focused on addressing the General Data Protection Regulation (GDPR) and all the regulations that came with it. In my final post of this series, I want to outline the actions you can take to remain proactive with data privacy laws surrounding NYDFS 500 and GDPR. Companies will need to navigate the interconnected pieces of their organization, understand the history and lifecycle of their data, and work closely with regulators to ensure a successful outcome.

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R. Are data and applications that process data properly classified for confidentiality to ensure proper data management?

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment

Thales Cloud Protection & Licensing

Financial Services Organizations Need to Adapt their Security Practices to the Shifting Environment. Companies and organizations, whether in the public or in the private sector, are re-establishing their business in the era of information and data revolution. Data security.

Financial Services Data – More at risk than you’d believe

Thales Cloud Protection & Licensing

One of the top findings from the 2018 Thales Data Threat Report, Financial Services Edition was that data breaches in U.S. financial services organizations are increasing at an alarming rate. Not only are breaches at record highs – with 65% of U.S. IT security pros in financial services organizations reporting that their organization already had a data breach – but breaches are increasing at alarming rates.

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. ” A Little Sunshine Data Breaches First American Financial Corp.

Mastercard data breach affected Priceless Specials loyalty program

Security Affairs

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation noti f ied the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth.

NYDFS Settles with Mortgage Company for Data Breach

Hunton Privacy

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) Cybersecurity Enforcement Financial Privacy U.S.

Striking a balance between security and usability of sensitive data

OpenText Information Management

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Air Canada data breach – 20,000 users of its mobile app affected

Security Affairs

Air Canada data breach – The incident was confirmed by the company and may have affected 20,000 customers (1%) of its 1.7 The data breach of the day is the one suffered by Air Canada that may have affected 20,000 customers (1%) of its 1.7 22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions. ” reads the data breach notification.

UniCredit Suffers Third Breach Despite Investing Billions in Cybersecurity


Breach cybersecurity investment data breach financial services GDPR italy unicreditUniCredit was also hit with hacking incidents in September-October 2016 and June-July 2017.

Keeping Up with New Data Protection Regulations


Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of. California recently passed a law that gives residents the right to control the data companies collect about them. In fact, organizations should expect increasing pressure on lawmakers to introduce new data protection regulations.

US: Surviving the service provider data breach

DLA Piper Privacy Matters

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Who “owns” a data breach? How to best protect against service provider incidents?

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

The Regulation and the Act both contain prescriptive cybersecurity requirements and new breach notification obligations for regulated organizations.

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,266,042,039 breached records. Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’. Philadelphia Federal Credit Union confirms security breach (unknown). State-sponsored hackers breach Greece’s top-level domain registrar (unknown).

Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company

Krebs on Security

Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.

7.5M Banking Customers Affected in Dave Security Breach

Dark Reading

The financial services app confirms user data was compromised in a data breach at its former third-party provider, WayDev

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

3, the United States Court of Appeals for the Sixth Circuit issued a decision that effectively required a company to turn over materials relating to a privileged forensic data breach investigation because, the court concluded, the company had implicitly waived privilege when it disclosed certain of the forensic firm’s conclusions in response to a discovery request. The post Protection of Privilege in the Aftermath of a Data Breach appeared first on Data Matters Privacy Blog.

Business Process Modeling Use Cases and Definition


It also combines process/ workflow, functional, organizational and data/resource views with underlying metrics such as costs, cycle times and responsibilities to provide a foundation for analyzing value chains, activity-based costs, bottlenecks, critical paths and inefficiencies. s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are requiring businesses across industries to think about their compliance efforts.

Financial Industry Trends Focused on Information Management Challenges in 2019


Financial services firms saw mounting information management challenges in 2019. As the volume and variety of data grows, so do threats from hackers, posing security concerns for organizations and customers alike. Growing Data Volume, Velocity, Variety.

Top 7 Data Governance Blog Posts of 2018


The driving factors behind data governance adoption vary. Whether implemented as preventative measures (risk management and regulation) or proactive endeavors (value creation and ROI), the benefits of a data governance initiative is becoming more apparent. Historically most organizations have approached data governance in isolation and from the former category. Defining Data Governance. to Data Governance 2.0

How Multi-factor Authentication Can Benefit Your Industry

Rocket Software

For some sectors, like finance, security and data protection are top of mind for everything that is done. Financial services organizations typically experience the most data breaches and hacks, which makes security a priority. Benefits for Financial Services.

I've Just Added 2,844 New Data Breaches With 80M Records To Have I Been Pwned

Troy Hunt

tl;dr - a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven't been seen in HIBP before. Those 80M records are now searchable, read on for the full story: There's an unknown numbers of data breaches floating around the web. It's also interesting because among nearly 3k other breaches, the data contains Dropbox.

Equifax Data Breach: The Long-Term Impact on Fighting Fraud


The massive Equifax data breach that’s making national headlines is estimated to impact nearly half of the U.S. While most of the news centers on the consumer identity theft impact, the real story in the financial services ecosystem is what this hack will cost banks, credit unions and issuers. From what’s been publicly reported, there’s been 209,000 credit card numbers and 182,000 documents with personal information breached.

Can this data security bill succeed where others failed?

Information Management Resources

Cyber security Cyber attacks Data breaches Finance, investment and tax-related legislation House Financial Services Committee EquifaxA bipartisan bill to establish a federal security framework follows a string of efforts beset by congressional turf battles.

Banks won’t be able to remain on sidelines of privacy debate

Information Management Resources

Equifax's massive breach and Facebook's scandals have made data privacy a big issue for state and federal lawmakers. Data privacy Cyber security Data breaches Finance, investment and tax-related legislation Compliance House Financial Services Committee Senate Banking Committee Equifax CaliforniaHere's why banks need to be worried.

How Marriott Customers Can Protect Themselves From The Latest Breach

Adam Levin

Marriott International announced a data breach that may have exposed the information of 5.2 The post How Marriott Customers Can Protect Themselves From The Latest Breach appeared first on Adam Levin. Data Security Data breach featured data breach marriott

Data Breach Regulation: What’s Next For Banks and Credit Unions?


When your organization is part of a data breach as big as Equifax and Marriott, expect to stay in the headlines. Those two corporations continue to be under a congressional review microscope following the incidents that left millions of consumers’ data exposed. The Senate Permanent Subcommittee on Investigations has been probing these breaches and its members have been vocal about the lack of oversight in protecting people’s personal and financial credentials.

What You Need to Know About Storing Financial Data in the Cloud


In light of recent malware attacks that affected financial services customers’ data stored in the cloud, organizations should take a hard look at how they’re securing their financial information. One notable example, as discussed in a CIO Dive article, was a data breach at Capital One that exposed the cloud-stored data of 106 million customers. Data protection is an ongoing process. Misconfigured Servers Unveil Sensitive Data.

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

The Act makes many significant modifications to the postcrisis financial regulatory framework, although it leaves the core of that framework intact. One major consequence of the Act may be an increased potential for mergers, acquisitions and organic growth among regional and midsize banks, as well as community banks, because of provisions that increase the thresholds that must be met before various financial regulatory requirements apply. Initiating Online Banking Services.

Life Under GDPR: Data Breach Cost Unknown

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Billions of FBS Records Exposed in Online Trading Broker Data Leak

Security Affairs

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from and We notified FBS of the breach so they could take appropriate action to secure the data.

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

Major data breaches in recent years are spurring state legislators and regulators across the US into action. For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Perficient Helps Adjust to the California Consumer Privacy Act

Perficient Data & Analytics

The first step any financial institution must take in its response to the new CCPA law is to evaluate its exposure and current state of readiness. Analysis: Identification of critical process and data gaps, implementation or reinforcement of governance processes, documentation of requirements. Implementation: Technical services to consolidate customer data, develop governance and approval workflows, and make infrastructure upgrades. Perficient + Financial Services.

American Insurance firm State Farm victim of credential stuffing attacks

Security Affairs

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches.

Italy's UniCredit: Breach Went Undetected for Four Years

Data Breach Today

Incident Exposed Contact Information for 3 Million Italians, Bank Reports UniCredit, an Italian banking and financial services company, sustained a data breach exposing information on 3 million customers that went undetected for four years, the company has acknowledged. Find out what data was exposed

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. At the time of the discovery, the database contained over 500,000 documents for a total of 425GB of data.

15 billion credentials available in the cybercrime marketplaces

Security Affairs

A report published by security firm Digital Shadows r evealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites.