Definition, Financial Services, Security and Training

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Revised Definition of Class A Companies. Covered Entities must have a monitoring process that ensures prompt notification of any new security vulnerabilities.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance

Insurance Security Information Security Cybersecurity

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR concludes most cyber-attacks could be prevented or substantially mitigated if HIPAA covered entities and business associates implemented HIPAA Security Rule requirements to address the most common types of attacks. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy

Data Privacy Privacy Compliance Analytics

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Effective cybersecurity requires organizations to move beyond perimeter defense of their own network to protecting sensitive data in the hands of service providers. From a security and legal perspective, service provider cybersecurity requires significant attention and coordination by all parties both before and after hitting the breach.

Data breaches

Data breaches Cybersecurity Financial Services Risk

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Just 59% of surveyed RIM professionals are included in their company’s IT strategic planning, including activities such as requirements definition and vendor selection – down from 67% in 2017. The top objection to using the cloud for digital records continues to be potential privacy or security concerns – no change from 2017.

Content services

Content services Cloud Records Management Privacy

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. Securities and Exchange Commission Source 1 ; source 2 (New) Public USA No 0 NETGEAR Source (New) Telecoms USA No 0 Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Publicly disclosed data breaches and cyber attacks: in the spotlight More than 70 million email addresses added to Have I Been Pwned The security researcher Troy Hunt has added more than 70 million email addresses from the Naz.API data set to his Have I Been Pwned data breach notification service. VF Corporation confirms 35.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. 651, et seq. Section 2240(4).

Ransomware

Ransomware Cybersecurity Agriculture Communications

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

DLA Piper Privacy Matters

APRIL 26, 2021

Definition of AI system. The definition of an AI system is intended to be technology-neutral and future-proof, while providing legal certainty. a) The definition of a high-risk AI system. Security : A high level of accuracy, robustness and security must consistently be ensured throughout the high-risk AI system’s lifecycle.

Artificial Intelligence

Artificial Intelligence Risk Marketing GDPR

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Cybersecurity Risk Assessments.

Cybersecurity

Cybersecurity Risk Passwords Compliance

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Only 4 definitely haven’t had data breached. Data breached: 4,186,879,104 messages. Organisation(s) Sector Location Data breached?

Data Privacy

Data Privacy Privacy Manufacturing Security

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

Information Management Today

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Vermont Enacts Insurance Data Security Law

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

New York’s Breach Law Amendments and New Security Requirements

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

New York Enacts Stricter Data Cybersecurity Laws

The Privacy Officers’ New Year’s Resolutions

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

The Privacy Officers’ New Year’s Resolutions

US: Surviving the service provider data breach

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

The Hacker Mind Podcast: Going Passwordless

NYDFS proposes significant cybersecurity regulation amendments

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected