IT Governance

APRIL 29, 2024

Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Only 4 definitely haven’t had data breached. Data breached: 4,186,879,104 messages. iSharing is used by more than 35 million users.

Data Privacy 94

Data Privacy Privacy Manufacturing Security 94

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. Only 3 definitely haven’t had data breached.

Data Privacy 101

Data Privacy Energy and Utilities Privacy Manufacturing 101

IT Governance

MARCH 11, 2024

Only 3 definitely haven’t had data breached. Source 1 ; source 2 (Update) IT services Taiwan Yes 2,451,197 RMH Franchise Corporation Source (New) Hospitality USA Yes 1.5 Source 1 ; source 2 (Update) IT services Taiwan Yes 2,451,197 RMH Franchise Corporation Source (New) Hospitality USA Yes 1.5 TB Paysign, Inc. TB Paysign, Inc.

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

DLA Piper Privacy Matters

MARCH 3, 2023

Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

Data breaches 52

Data breaches Security Paper Financial Services 52

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. Or how about not learning of the fraudulent loan until it gets handed off to collection agents? Then on Nov. Then on Nov.

Financial Services 225

Financial Services IT Data breaches Passwords 225

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 249,142,212 records known to be compromised, and 108 organisations suffering a newly disclosed incident. 94 of them are known to have had data breached. Organisation(s) Sector Location Data breached?

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards.

Privacy 68

Privacy IT Information Security Insurance 68

IT Governance

JANUARY 23, 2024

Publicly disclosed data breaches and cyber attacks: in the spotlight More than 70 million email addresses added to Have I Been Pwned The security researcher Troy Hunt has added more than 70 million email addresses from the Naz.API data set to his Have I Been Pwned data breach notification service. VF Corporation confirms 35.5

Data Privacy 52

Data Privacy Privacy Manufacturing Retail 52

Data Matters

JUNE 24, 2022

Securities and Exchange Commission (Commission) issued a request for comment with respect to whether certain index, model, pricing, and other information providers should be regulated as investment advisers under the Investment Advisers Act of 1940. On June 15, 2022, the U.S. Background.

Marketing 88

Marketing Financial Services Analytics Sales 88

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. 651, et seq. Section 2240(4). Section 2240(16).

Ransomware 97

Ransomware Cybersecurity Agriculture Communications 97

Thales Cloud Protection & Licensing

OCTOBER 27, 2021

The benefits of cloud come with significant new security challenges for organizations. The Thales Cloud Security Study 2021 of more than 2,600 respondents from around the world tries to respond to key questions: How widespread is multi-cloud? What are the operational challenges of managing security across multiple clouds?

Cloud 71

Cloud Encryption Financial Services Authentication 71

Data Matters

DECEMBER 23, 2020

Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR). Definition of Subject Entities: .

Security 68

Security Cybersecurity Insurance Communications 68

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access 59

Access Military Compliance Personal data 59

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware 84

Ransomware Agriculture Cybersecurity Government 84

Collibra

MAY 16, 2022

This want to commingle the solutions likely stems from the Gartner definition published in the Magic Quadrant for Data Quality Solutions, which rightfully states that data quality needs “identification, understanding[,] and correcting flaws in data.”. For financial services, data governance found its roots in risk.

Risk 91

Risk Government Financial Services Access 91

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. Not only is the notion of what comprises a perimeter shifting, the definition of what constitutes a “user” is metamorphizing, as well. Users re-defined. Public trust must be maintained.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security 40

Security Financial Services Passwords Risk 40

erwin

MAY 2, 2019

Enterprise architect is a common job title within IT organizations at large companies, but the term lacks any standard definition. That’s one of the reasons the enterprise architect role has no standard definition. That’s one of the reasons the enterprise architect role has no standard definition.

Digital transformation 95

Digital transformation Healthcare Compliance Cloud 95

Data Matters

MARCH 28, 2022

OCR concludes most cyber-attacks could be prevented or substantially mitigated if HIPAA covered entities and business associates implemented HIPAA Security Rule requirements to address the most common types of attacks. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity 88

Cybersecurity Privacy Insurance Risk 88

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Notice is required as soon as possible, and not later than 30 days after discovery of the security breach.

Encryption 59

Encryption Cybersecurity Data breaches Financial Services 59

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017. In announcing the Updated Regulation, DFS Superintendent Maria T.

Cybersecurity 40

Cybersecurity Financial Services Authentication Information Security 40

Data Matters

APRIL 11, 2022

The Cyber Security Law (2017) (the CSL ) prohibits operators of critical information infrastructures ( CIIs ) from transferring their “important data” and personal information outside of China. The CSL does not provide a definition for “important data”. Network Data Security Regulation. The CSL and the DSL.

Military 88

Military Artificial Intelligence Security Financial Services 88

erwin

JANUARY 7, 2021

However, challenges persist if your organization doesn’t take proper precautions in supporting a remote workforce — from human resources to productivity and IT security – especially when regulations such as the European Union’s General Data Protection Regulation (GDPR) are involved.

Metadata 98

Metadata Compliance Artificial Intelligence Government 98

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity 68

Cybersecurity Data breaches Privacy Risk 68

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. aka data and records retention).

Privacy 85

Privacy GDPR Data breaches Risk 85

Data Protection Report

MARCH 16, 2022

The Act will require a “covered entity” to report any “substantial cyber incident” to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes the incident has occurred. Reporting Requirements. CISA will then coordinate further sharing of the report. Work to be Done .

Ransomware 59

Ransomware FOIA Agriculture Cybersecurity 59

HL Chronicle of Data Protection

MAY 21, 2018

Circuit struck down the FCC’s 2015 interpretation of the definition of “automatic telephone dialing system” (autodialer) as overly broad, arbitrarily vague, and “utterly unreasonable.” FCC , the Federal Communications Commission is going back to the drawing board in a new Public Notice that seeks comment on foundational TCPA issues.

Communications 40

Communications Financial Services Privacy Government 40

HL Chronicle of Data Protection

DECEMBER 7, 2018

The California Consumer Privacy Act of 2018 (“CCPA”) exempts information that is collected, processed, sold, or disclosed pursuant to the federal Gramm-Leach-Bliley Act (“GLBA”), and its implementing regulations (the “Privacy Rule”), or the California Financial Information Privacy Act (“CFIPA”). Background.

Privacy 40

Privacy Financial Services Compliance Data breaches 40

Reltio

FEBRUARY 3, 2021

The report is used to “short-list” providers of technology products and services. The Reltio Connected Data Platform provides agility, scale, simplicity, security, and performance unmatched by competitors. The scope, weighting, and even definition of evaluation criteria can vary among firms. Reltio MDM MQ Highlights.

MDM 98

MDM Cloud Marketing B2C 98

DLA Piper Privacy Matters

APRIL 26, 2021

The AI Regulation adopts a broad regulatory scope , covering all aspects of the lifecycle of the development, sale and use of AI systems, including: (i) placing AI systems on the market; (ii) putting AI systems into service; and. Definition of AI system. a) The definition of a high-risk AI system.

Artificial Intelligence 114

Artificial Intelligence Risk Marketing GDPR 114

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Cybersecurity Risk Assessments.

Cybersecurity 59

Cybersecurity Risk Passwords Compliance 59

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. aka data and records retention).

Privacy 52

Privacy GDPR Data breaches Risk 52

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market. Why am I doing this again?

Financial Services 40

Financial Services Encryption Marketing GDPR 40

DLA Piper Privacy Matters

JULY 30, 2019

It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. It’s summer, and life’s a breach. A data breach, that is. So put down the beach reading, for some breach reading.

Data breaches 45

Data breaches Cybersecurity Financial Services Risk 45

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Data Protection Report

DECEMBER 17, 2020

In December 2020 the EC is due to publish two important legislative proposals, the Digital Services Act and the Digital Markets Act ( DMA ). The Data Strategy proposed the establishment of nine common European data spaces for data sharing and pooling, including health, mobility, manufacturing, financial services, energy, and agriculture.

Government 102

Government Personal data Marketing Artificial Intelligence 102

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy 40

Privacy Risk Cybersecurity Information Security 40