Data Matters

AUGUST 5, 2019

On July 25, 2019, Governor Cuomo signed the two bills into law, one which amended the state’s data breach notification law, and another that created additional obligations for data breaches at credit reporting agencies. The Stop Hacks and Improve Electronic Data Security Act.

Cybersecurity 68

Cybersecurity Data breaches Privacy Risk 68

erwin

JANUARY 7, 2021

Our predictions for 2021 are rooted in what we’ve learned from the past year and the relevance of data in getting us to where we are and where we need to go. Historically, moving legacy data to the cloud hasn’t been easy or fast. However, that definition is too narrow in terms of AI’s relation to data governance.

Metadata 98

Metadata Artificial Intelligence Compliance Government 98

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity 113

Cybersecurity IT Compliance Financial Services 113

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. Then in mid-January, Jim heard from MSF via snail mail that they’d discovered a data breach.

Financial Services 210

Financial Services IT Data breaches Authentication 210

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security 40

Security Financial Services Passwords Risk 40

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

The Last Watchdog

APRIL 3, 2019

Companies need a reliable way to know at all times where sensitive data is sitting, and who might be accessing it, in order to keep it out of the hands of threat actors, he said. Not only is the notion of what comprises a perimeter shifting, the definition of what constitutes a “user” is metamorphizing, as well. Users re-defined.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Notice is required as soon as possible, and not later than 30 days after discovery of the security breach.

Encryption 58

Encryption Cybersecurity Data breaches Financial Services 58

DLA Piper Privacy Matters

JULY 30, 2019

A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. Who “owns” a data breach?

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

erwin

MAY 2, 2019

Enterprise architect is a common job title within IT organizations at large companies, but the term lacks any standard definition. That’s one of the reasons the enterprise architect role has no standard definition. One team member might specialize in security, for example, and another in applications.

Digital transformation 95

Digital transformation Healthcare Compliance Cloud 95

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards.

Privacy 68

Privacy IT Information Security Insurance 68

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy 84

Privacy GDPR Data breaches Risk 84

HL Chronicle of Data Protection

DECEMBER 7, 2018

In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them.

Privacy 40

Privacy Financial Services Compliance Data breaches 40

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy 52

Privacy GDPR Data breaches Risk 52

HL Chronicle of Data Protection

MAY 21, 2018

Circuit struck down the FCC’s 2015 interpretation of the definition of “automatic telephone dialing system” (autodialer) as overly broad, arbitrarily vague, and “utterly unreasonable.” FCC , the Federal Communications Commission is going back to the drawing board in a new Public Notice that seeks comment on foundational TCPA issues.

Communications 40

Communications Financial Services Privacy Government 40

Data Protection Report

MARCH 7, 2024

China Cuba Iran North Korea Russia Venezuela What is “personally identifiable data” that is “in combination with each other”? The proposed regulation would define the term to mean any “listed identifier” that is linked to any other “listed identifier.” Note that the only difference between the two examples is the addition of IP addresses.

Access 58

Access Military Compliance Personal data 58

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data 45

Personal data Financial Services Data Privacy Data breaches 45

IT Governance

MARCH 11, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Data breached: 36 million records. Data breached: 6,935,412 individuals’ data. Data breached: 6.9 Only 3 definitely haven’t had data breached.

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

Hunton Privacy

JANUARY 20, 2023

As financial services authorities move to regulate digital assets in jurisdictions worldwide, the paper highlights the need to bring privacy regulators into the discussion so that data privacy issues affecting blockchain are addressed in tandem. Data minimization. Data security. Accountability.

Paper 134

Paper Blockchain Privacy Financial Services 134

ForAllSecure

JUNE 16, 2021

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. Lascelles: Yeah, and this, this is a huge lesson in API security right hackers are also users.

Authentication 52

Authentication Communications IoT Security 52

ForAllSecure

JUNE 16, 2021

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. What's on your mobile than our external API's and in the past few years there's been an explosion of external API data. Lascelles: Yeah, and this, this is a huge lesson in API security right hackers are also users.

Authentication 52

Authentication Communications IoT Security 52

DLA Piper Privacy Matters

MARCH 3, 2023

Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

Data breaches 52

Data breaches Security Paper Financial Services 52

Hunton Privacy

MAY 13, 2011

Data Breach Notification – These provisions would establish a national data breach reporting system. The provisions are aimed at standardizing the requirements for reporting security breaches by, among other things, establishing statutory definitions of a “security breach” and “sensitive personally identifiable information.”.

Cybersecurity 40

Cybersecurity Data breaches Information Security Financial Services 40

ARMA International

DECEMBER 26, 2019

Just 59% of surveyed RIM professionals are included in their company’s IT strategic planning, including activities such as requirements definition and vendor selection – down from 67% in 2017. The top objection to using the cloud for digital records continues to be potential privacy or security concerns – no change from 2017.

Content services 76

Content services Cloud Records Management Privacy 76

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware 83

Ransomware Agriculture Cybersecurity Government 83

Data Matters

SEPTEMBER 4, 2019

NAIC Evaluating Definition of “Best Interest” to Determine Whether to Impose Such a Standard in the Suitability in Annuity Transactions Model Regulation. The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019.

Insurance 68

Insurance Paper Risk Analytics 68

IT Governance

DECEMBER 11, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Data breached: more than 59 million data records.

Data Privacy 101

Data Privacy Energy and Utilities Privacy Manufacturing 101

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. Data breached: 70,840,771 email addresses.

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

IT Governance

JANUARY 16, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data is no longer publicly available. Data breached: >223,000,000 records. Data breached: >7,000,000 records. Data breached: 5,500,000 records.

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads. initiative.

Cloud 97

Cloud Financial Services Security Compliance 97

IBM Big Data Hub

OCTOBER 16, 2023

As the world continues to become a globally connected ecosystem, data fluidity has sparked national and international conversations around notions of data and digital sovereignty. First, we must understand how data sovereignty came to be. What is data sovereignty?

Cloud 71

Cloud Compliance Data Privacy Privacy 71

Data Matters

DECEMBER 23, 2020

Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR). Definition of Subject Entities: .

Security 68

Security Cybersecurity Insurance Communications 68

Data Matters

JUNE 24, 2022

Securities and Exchange Commission (Commission) issued a request for comment with respect to whether certain index, model, pricing, and other information providers should be regulated as investment advisers under the Investment Advisers Act of 1940. On June 15, 2022, the U.S. Providing reports or analysis alone may be sufficient.

Marketing 88

Marketing Financial Services Analytics Sales 88

Collibra

MAY 16, 2022

As a principal for data quality, I enjoy taking time to work with our customer base. These organizations demonstrate perspectives and prioritization that show great promise in the industry of data. . For financial services, data governance found its roots in risk. Cyber Security.

Risk 95

Risk Government Financial Services Access 95

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. This dupes a Windows machine that has not been patched against the vulnerability into allowing illegitimate data packets into the legitimate network.

Phishing 112

Phishing Ransomware Search queries Access 112

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Cyber Incident Report. 651, et seq. Section 2240(4).

Ransomware 97

Ransomware Cybersecurity Agriculture Communications 97