Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption 58

Encryption Cybersecurity Data breaches Financial Services 58

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity 105

Cybersecurity Compliance Financial Services Government 105

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy 68

Privacy IT Information Security Insurance 68

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers.

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised. This aligns with the new Data Security Law.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud 103

Cloud Financial Services Security Compliance 103