Data, Exercises and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The new rules provide more details on how the senior governing body of the covered entity is expected to exercise oversight of its cybersecurity risk management.

Financial Services

Financial Services Cybersecurity Compliance Government

Banking on mainframe-led digital transformation for financial services

IBM Big Data Hub

JULY 31, 2023

Financial services companies are considered institutions because they manage and move the core aspects of our global economic system. And the beating heart of financial institutions is the IBM mainframe. Couldn’t execs have run better analyses to spot risks within the data?

Financial Services

Financial Services Digital transformation Computer and Electronics Analytics

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022. Cybersecurity Plan.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. Unlawful Discrimination.

Insurance

Insurance Financial Services Compliance Retail

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Within a few days, data security experts at Microsoft , Palo Alto Networks (“PANW”), and Mandiant confirmed reports of increasing Russian cyberactivity and offered their own recommendations for hardening measures (many of which overlap with the Advisory). The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

It is essential that your organization’s records retention schedule is compliant with the data protection requirements in the jurisdictions where your organization operates. Introduction to Data Protection Laws. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

On 10 September 2021, the UK Government published its consultation paper on proposals to reform the UK’s data protection regime. The context here is enabling innovative data use involving data sharing by different controllers, rather than clarification. The deadline for responding to the consultation is 19 November 2021.

Government

Government FOIA GDPR Compliance

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

Process Excellence: A transformational lever to extreme automation

IBM Big Data Hub

APRIL 20, 2023

With the success of initial automation deployment, the focus has shifted to optimization of adjacent business-critical processes, e.g. service order management, reverse value chain, and more, for cycle time reduction and quality improvement.

Mining

Mining Financial Services Digital transformation Retail

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

We have 480 days to go before the General Data Protection Regulation is “in force”. And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Perhaps this will be a task for the Data Protection Board. And then what? I think not.

GDPR

GDPR Privacy Compliance Personal data

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

SEPTEMBER 6, 2022

Data protection impact assessments would also be required, including for products in existence when the law would come into effect. Passage of the bill comes on the heels of US Congressional inquiries about the use and protection of health data collected by mental health apps and an uptick in private litigation in the area.

Privacy

Privacy B2B Sales Compliance

Getting ready for artificial general intelligence with examples

IBM Big Data Hub

APRIL 18, 2024

While AGI remains theoretical, organizations can take proactive steps to prepare for its arrival by building a robust data infrastructure and fostering a collaborative environment where humans and AI work together seamlessly. NLP techniques help them parse the nuances of human language, including grammar, syntax and context.

Artificial Intelligence

Artificial Intelligence Marketing e-Delivery Manufacturing

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.

Cybersecurity

Cybersecurity Passwords Risk Compliance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. An Overview of the BDPA.

Personal data

Personal data GDPR Data Privacy Privacy

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

These IoT connected devices form a critical backbone of data for industry. But what if those devices—and their data—are unlocked to autonomously share, monetize and transact on their own generated value? And what is the role telecommunications service providers play in enabling and scaling the EoT?

IoT

IoT Artificial Intelligence Agriculture Blockchain

Business Architecture and Process Modeling for Digital Transformation

erwin

JULY 11, 2019

For instance, millennials are adept at using digital channels, and they are the fastest-growing customer base for financial services companies. Data usage. The company realized that different generations want different information and have distinct communication preferences. Supporting and reference documentation.

Digital transformation

Digital transformation Information capture Compliance Financial Services

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

China’s Cyber Security Law ( CSL ), enacted in 2016, requires operators of critical information infrastructure ( CII ) to follow a number of enhanced security obligations, including storing within China all personal information and important data collected or generated during their operations in China.

Financial Services

Financial Services Data collection Security Communications

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights? How do the CCPA’s exceptions for certain regulated companies, such as financial services, work? How far does a business have to go to implement a consumer’s opt-out of sales to third parties?

Sales

Sales Financial Services Privacy Compliance

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Reltio

JUNE 20, 2019

Henrik Liliendahl is an MDM and PIM expert; speaker and blogger ( www.liliendahl.com and [link] ) and the Co-Founder, Chairman and CTO of Product Data Lake a product information exchange service. But that was my route into data management and going from there into MDM PIM and data governance. Kate Tickner, Reltio.

MDM

MDM Manufacturing Computer and Electronics Digital transformation

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

2020 could well be a year of data export turmoil – so brace yourself! Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs.

Privacy

Privacy GDPR Data breaches Risk

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

The CCPA was written and enacted with extraordinary speed, as legislators felt the need to move quickly in order to preempt a data privacy ballot initiative that had received enough signatures to be placed on California’s November ballot. Code § 1798.185(a): Categories of Personal Information. Definition of Unique Identifiers. Exceptions.

Sales

Sales Privacy Data Privacy Compliance

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Data Matters

SEPTEMBER 20, 2018

Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters. The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.

Financial Services

Financial Services Paper Marketing Privacy

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe? The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.

IT

IT Security Digital transformation Compliance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Major data breaches in recent years are spurring state legislators and regulators across the US into action. Later that year, the National Association of Insurance Commissioners (‘NAIC’) adopted its Insurance Data Security Model Law (‘the NAIC Model’) as a framework cybersecurity law for the insurance industry.

Insurance

Insurance Cybersecurity Data breaches Financial Services

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. What are BCRs? Following market leaders.

GDPR

GDPR Personal data Marketing Healthcare

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

Mike Evans is CTO and Founder at Comma Group and has spent more than a decade in the business analysis, MDM and data management space. What is your background and what was your route into data management? I never consciously chose to work in data. It became apparent very quickly that a lack of focus on data was the root cause.

MDM

MDM Retail IT Government

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

Did you know that 63% of all data breaches are directly or indirectly linked to third party companies? Let us get started with how third-party data breach occurs. How Third Party Data Breach Takes Place If a hacker is targeting a large organization, they look for the gateway that will not be easily noticed.

Risk

Risk Cybersecurity Compliance Data breaches

Ireland & UK: Latest trends in data subject access requests in pending litigation

DLA Piper Privacy Matters

JULY 22, 2021

As individuals become more aware of their rights under data protection law, data subject access requests ( DSARs ) are an increasingly frequent concern for organisations both large and small. The starting point for understanding whether a controller is obliged to hand over personal data will be section 60(3)(a)(iv) of the IDPA.

Access

Access Personal data GDPR Financial Services

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

As the world continues to become a globally connected ecosystem, data fluidity has sparked national and international conversations around notions of data and digital sovereignty. First, we must understand how data sovereignty came to be. What is data sovereignty?

Cloud

Cloud Compliance Data Privacy Privacy

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

As a principal for data quality, I enjoy taking time to work with our customer base. These organizations demonstrate perspectives and prioritization that show great promise in the industry of data. . For financial services, data governance found its roots in risk. Audit & Professional Services.

Risk

Risk Government Financial Services Access

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

Rock the Blockchain: Thales and DigiCert Secure the Data. It’s a staggering statistic, but 39% of companies are still not using robust data security measures. billion data records were breached, quadrupling in 2020 to 36 billion globally. Are Distributed Ledger Technologies the Answer to Securing Data? In 2019 alone, 7.9

Blockchain

Blockchain Security Authentication Compliance

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

The conversation is simple because the objective is simple: How do I become more effective at leveraging (big) data and analytics (artificial intelligence) to power my business? Modernizing your data center is not a business initiative. Figure 3: PNC Financial Services Group 2015 Annual Report. It’s simple.

Artificial Intelligence

Artificial Intelligence Analytics Big data Mining

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

For example, government contractors or subcontractors with reporting obligations to the DOD or DOE for cyber incidents, or financial services entities that are already required to report cyber incidents to their primary federal regulator would be considered “covered entities” under the CIRCIA.

Ransomware

Ransomware Agriculture Cybersecurity Government

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

As we have explained previously , at their most basic level, DDoS attacks work by sending a high volume of data from different locations to a particular server or set of servers. Because the servers can only handle a certain amount of data at a time, these attacks overwhelm the servers causing them to slow significantly or fail altogether.

IoT

IoT Communications Risk Passwords

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In its second full year overseeing and regulating the GDPR in Ireland, the Data Protection Commission ( DPC ) has published its 2020 Annual Report , highlighting key observations, emerging guidance, and large scale inquiries and decisions of 2020. Around 60% of the data breaches notified occurred in the private sector.

GDPR

GDPR Compliance Data breaches Marketing

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation?

Government

Government Personal data Marketing Artificial Intelligence

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

The conversation is simple because the objective is simple: How do I become more effective at leveraging (big) data and analytics (artificial intelligence) to power my business? Modernizing your data center is not a business initiative. Figure 3: PNC Financial Services Group 2015 Annual Report. It’s simple.

Artificial Intelligence

Artificial Intelligence Analytics Mining Big data

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

Colorado’s privacy law does not have any “data localization” or “international data transfer” requirements. The list appears in proposed rule 6.04.A. 2. b. Profiling is not prohibited for purposes of granting credit. The list appears in proposed rule 9.03.A. 3.

Privacy

Privacy Cybersecurity Personal data Insurance

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Banking on mainframe-led digital transformation for financial services

Webinars

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Deploying applications built in external CI through IBM Cloud DevSecOps

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

The Impact of Data Protection Laws on Your Records Retention Schedule

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

UK Government sets out proposals to shake up UK data protection laws

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Process Excellence: A transformational lever to extreme automation

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Big California Privacy News: Legislative and Enforcement Updates

Getting ready for artificial general intelligence with examples

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

NYDFS proposes significant cybersecurity regulation amendments

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

The Economy of Things: the next value lever for telcos

Business Architecture and Process Modeling for Digital Transformation

“Am I a CII operator?” – New regulation in China provides more clarity

The Privacy Officers’ New Year’s Resolutions

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

The Privacy Officers’ New Year’s Resolutions

Takeaways From CCPA Public Forums

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Security in the finance sector: Whose role is it anyway?

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

EU: Binding Corporate Rules are Generating Greater Interest

#ModernDataMasters: Mike Evans, Chief Technology Officer

Cybersecurity: Managing Risks With Third Party Companies

Ireland & UK: Latest trends in data subject access requests in pending litigation

Living in a data sovereign world

Why you should keep data observability separate from data cleansing

Rock the Blockchain: Thales and DigiCert Secure the Data

Artificial Intelligence: 6 Step Solution Decomposition Process

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Artificial Intelligence: 6 Step Solution Decomposition Process

ICYMI – Late December in privacy and cybersecurity

Stay Connected