erwin

MAY 2, 2019

Enterprise architect is a common job title within IT organizations at large companies, but the term lacks any standard definition. That’s one of the reasons the enterprise architect role has no standard definition. One team member might specialize in security, for example, and another in applications.

Digital transformation 95

Digital transformation Healthcare Compliance Cloud 95

Data Matters

APRIL 11, 2022

The Cyber Security Law (2017) (the CSL ) prohibits operators of critical information infrastructures ( CIIs ) from transferring their “important data” and personal information outside of China. The CSL does not provide a definition for “important data”. Network Data Security Regulation. The CSL and the DSL.

Military 88

Military Artificial Intelligence Security Financial Services 88

HL Chronicle of Data Protection

MAY 21, 2018

Circuit struck down the FCC’s 2015 interpretation of the definition of “automatic telephone dialing system” (autodialer) as overly broad, arbitrarily vague, and “utterly unreasonable.” Should contractors acting on behalf of the federal government be considered “persons” under the TCPA? In March, the D.C.

Communications 40

Communications Financial Services Privacy Government 40

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity 68

Cybersecurity Data breaches Privacy Risk 68

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy 84

Privacy GDPR Data breaches Risk 84

HL Chronicle of Data Protection

DECEMBER 7, 2018

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs. The financial services industry is one of the most heavily regulated industries when it comes to protecting the privacy of personal information. Background.

Privacy 40

Privacy Financial Services Compliance Data breaches 40

DLA Piper Privacy Matters

AUGUST 23, 2021

We have summarised the key compliance obligations under the PIPL below, with new obligations in bold for ease of reference: Relevant Laws/Regulations The PIPL becomes the primary, national-level law governing processing of personal information, but does not replace the existing data privacy framework.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Hunton Privacy

MAY 13, 2011

The provisions are aimed at standardizing the requirements for reporting security breaches by, among other things, establishing statutory definitions of a “security breach” and “sensitive personally identifiable information.”.

Cybersecurity 40

Cybersecurity Data breaches Information Security Financial Services 40

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy 52

Privacy GDPR Data breaches Risk 52

ARMA International

DECEMBER 26, 2019

Government topped the list of vertical industries at 23%. in 2017), with the remainder reporting into senior administrative roles, compliance, corporate services, or finance teams. in 2017), with the remainder reporting into senior administrative roles, compliance, corporate services, or finance teams.

Content services 76

Content services Cloud Records Management Privacy 76

DLA Piper Privacy Matters

JULY 30, 2019

Effective cybersecurity requires organizations to move beyond perimeter defense of their own network to protecting sensitive data in the hands of service providers. From a security and legal perspective, service provider cybersecurity requires significant attention and coordination by all parties both before and after hitting the breach.

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy 40

Privacy Risk Cybersecurity Information Security 40

Hunton Privacy

JANUARY 20, 2023

As financial services authorities move to regulate digital assets in jurisdictions worldwide, the paper highlights the need to bring privacy regulators into the discussion so that data privacy issues affecting blockchain are addressed in tandem. Data security. Confidentiality and government access. Accountability.

Paper 134

Paper Blockchain Privacy Financial Services 134

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware 83

Ransomware Agriculture Cybersecurity Government 83

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access 58

Access Military Compliance Personal data 58

DLA Piper Privacy Matters

MARCH 3, 2023

Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

Data breaches 52

Data breaches Security Paper Financial Services 52

IT Governance

MARCH 11, 2024

Only 3 definitely haven’t had data breached. Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. 92 of them are known to have had data exfiltrated, exposed or otherwise breached. Organisation(s) Sector Location Data breached?

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

Data Matters

SEPTEMBER 4, 2019

NAIC Evaluating Definition of “Best Interest” to Determine Whether to Impose Such a Standard in the Suitability in Annuity Transactions Model Regulation. The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019.

Insurance 68

Insurance Paper Risk Analytics 68

Hunton Privacy

OCTOBER 17, 2012

The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules. Reportedly, the bill will become law in January 2013, enforceable after 18 months, in mid-2014.

Personal data 45

Personal data Financial Services Data Privacy Data breaches 45

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Only 3 definitely haven’t had data breached. 138 of them are known to have had data exfiltrated or exposed. We’ve also found 6 organisations providing a significant update on a previously disclosed incident.

Data Privacy 101

Data Privacy Energy and Utilities Privacy Manufacturing 101

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. GB Rebekah Children’s Services Source (New) Non-profit USA Yes 2,805 Butte School District Source 1 ; source 2 (Update) Education USA Yes 2,658 Dignity Health Nevada St. 94 of them are known to have had data breached. Organisation(s) Sector Location Data breached?

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

IT Governance

JANUARY 23, 2024

Publicly disclosed data breaches and cyber attacks: in the spotlight More than 70 million email addresses added to Have I Been Pwned The security researcher Troy Hunt has added more than 70 million email addresses from the Naz.API data set to his Have I Been Pwned data breach notification service. VF Corporation confirms 35.5

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Background. 651, et seq. Section 2240(4).

Ransomware 97

Ransomware Cybersecurity Agriculture Communications 97

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Within this network, there is a vulnerable Windows system that has not been patched with the necessary security updates to protect against EternalBlue. What is the EternalBlue vulnerability?

Phishing 110

Phishing Ransomware Search queries Access 110

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation? This is part one of a series of three blog posts.

Government 101

Government Personal data Marketing Artificial Intelligence 101

Collibra

MAY 16, 2022

This want to commingle the solutions likely stems from the Gartner definition published in the Magic Quadrant for Data Quality Solutions, which rightfully states that data quality needs “identification, understanding[,] and correcting flaws in data.”. For financial services, data governance found its roots in risk.

Risk 102

Risk Government Financial Services Access 102

DLA Piper Privacy Matters

APRIL 26, 2021

Definition of AI system. The definition of an AI system is intended to be technology-neutral and future-proof, while providing legal certainty. a) The definition of a high-risk AI system. Security : A high level of accuracy, robustness and security must consistently be ensured throughout the high-risk AI system’s lifecycle.

Artificial Intelligence 114

Artificial Intelligence Risk Marketing GDPR 114

IBM Big Data Hub

OCTOBER 16, 2023

Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations. Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data.

Cloud 73

Cloud Compliance Data Privacy Privacy 73

Krebs on Security

JULY 21, 2022

. “There are just horrifying stories that run the gamut in terms of victims, from young women early in their careers, to senior citizens and even to people working in the financial services industry.” “There are definitely some psychological mechanisms at work to encourage people to invest more.”

Marketing 300

Marketing Communications Mining Financial Services 300

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords 52

Passwords Authentication Access Data breaches 52

Data Protection Report

MARCH 16, 2022

The relevant portions of the law, titled the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“Act”) proposes reporting requirements for incidents, establishes new programs to curtail ransomware attacks and encourages information sharing between government agencies. New Government Programs. Reporting Requirements.

Ransomware 58

Ransomware FOIA Agriculture Cybersecurity 58

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Governance. The Proposed Regulation Changes.

Cybersecurity 58

Cybersecurity Risk Passwords Compliance 58

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market.

Financial Services 40

Financial Services Encryption Marketing GDPR 40

CGI

JULY 20, 2018

What’s more, it’s poised to spill over from financial services into a wide range of industries. Before going further, a quick definition is in order. In fact, NASDAQ developed an exchange for private securities called Linq in 2015. This year will be the test of whether pilots can be turned into production.

Blockchain 45

Blockchain Financial Services Insurance Manufacturing 45

CGI

JULY 28, 2018

What’s more, it’s poised to spill over from financial services into a wide range of industries. Before going further, a quick definition is in order. In fact, NASDAQ developed an exchange for private securities called Linq in 2015. This year will be the test of whether pilots can be turned into production.

Blockchain 40

Blockchain Financial Services Insurance Manufacturing 40

CGI

MAY 15, 2018

What’s more, it’s poised to spill over from financial services into a wide range of industries. Before going further, a quick definition is in order. In fact, NASDAQ developed an exchange for private securities called Linq in 2015. This year will be the test of whether pilots can be turned into production.

Blockchain 40

Blockchain Financial Services Insurance Manufacturing 40

Data Matters

DECEMBER 28, 2020

The GCC uses a risk-based capital (RBC) aggregation approach intended to act as an additional group supervisory tool for regulators, in conjunction with the Form F Enterprise Risk Report, Own Risk and Solvency Assessment (ORSA) report, and the Corporate Governance Annual Disclosure. 43R —Loan-Backed and Structured Securities.

Insurance 68

Insurance Paper Risk Analytics 68