Definition, Financial Services and Training - Information Management Today

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Revised Definition of Class A Companies. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

The new law generally follows MDL-668’s provisions, adopting the model law’s broad definition of nonpublic information and requiring licensees to, in part, maintain a written information security program (“WISP”) and investigate cybersecurity incidents. Enforcement and Penalties Under the Law.

Insurance

Insurance Security Information Security Cybersecurity

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Virgin Islands, and Guam) have their own data breach notification laws (and each such state, accordingly, has its very own definition of such basic terms as “data” and “breach”) – with Massachusetts’ and California’s respective breach-notification schemes viewed as among the strictest. In the U.S.,

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

AI Governance: Why our tested framework is essential in an AI world

Collibra

AUGUST 14, 2023

Our framework is informed by our definition of AI governance: AI governance is the application of rules, processes and responsibilities to drive maximum value from your automated data products by ensuring applicable, streamlined and ethical AI practices that mitigate risk, adhere to legal requirements and protect privacy.

Government

Government Risk Financial Services Compliance

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

See 45 CFR 164.308(a)(1)(ii)(A)-(B): Implementation Specification: Risk Analysis (required), Implementation Specification: Risk Management (required); see also 45 CFR 164.304 (definition of “Availability”). implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

NYDFS issues significant guidance on insurers using AI or external data

Data Protection Report

FEBRUARY 2, 2024

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing.

Insurance

Insurance Artificial Intelligence Risk Compliance

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

The law broadens the definition of “private information” which sets forth the information elements that, if breached, could trigger a notification obligation. The Stop Hacks and Improve Electronic Data Security Act. To define “reasonable” safeguards, the statute provides examples of administrative, technical and physical safeguards.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Employee training. Under the proposed Rule, FIs would be required to provide personnel with security awareness training that is updated to reflect risks identified by the FI’s risk assessment.

Privacy

Privacy Risk Cybersecurity Information Security

#ModernDataMasters: Nicola Askham, The Data Governance Coach

Reltio

SEPTEMBER 24, 2019

Nicola Askham is the leading data governance training provider in the UK with over 16 years of experience and research in the field. She delivers training and consulting to major organisations to help them implement full data governance frameworks. I definitely think they have had an impact. Kate Tickner, Reltio.

Government

Government Digital transformation Big data IT

Top 6 Best Practices for Data Governance

Collibra

MARCH 11, 2021

Here is an example of a financial services firm that overcame its data challenges and followed the data governance best practice of identifying data domains. . The company used Collibra as the system of engagement for managing all definitions and executing control processes, such as onboarding, approvals and capturing of feedback.

Government

Government Communications Insurance Customer Experience

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy

Data Privacy Privacy Compliance Analytics

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proof of adequate cyber insurance coverage.

Data breaches

Data breaches Cybersecurity Financial Services Risk

6 best practices for a data governance strategy

Collibra

APRIL 11, 2022

Here is an example of a financial services firm that overcame its data challenges and followed the data governance best practice of identifying data domains. . The company used Collibra as the system of engagement for managing all definitions and executing control processes, such as onboarding, approvals and capturing of feedback.

Government

Government Communications Insurance Customer Experience

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Just 59% of surveyed RIM professionals are included in their company’s IT strategic planning, including activities such as requirements definition and vendor selection – down from 67% in 2017. Forty percent are challenged by the volume of unmanaged digital documents out of the RIM program’s control.

Content services

Content services Cloud Records Management Privacy

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

DLA Piper Privacy Matters

APRIL 26, 2021

Definition of AI system. The definition of an AI system is intended to be technology-neutral and future-proof, while providing legal certainty. a) The definition of a high-risk AI system. Providers are expected to co-operate by providing full access to training, validation and testing datasets etc. d) Sanctions.

Artificial Intelligence

Artificial Intelligence Risk Marketing GDPR

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

That's quite a narrow definition. What can they do within the workforce, although this sort of job and sort of landscape we try and work out what they can do, which is the definition of authorization, essentially, this is Simon, what can he do today? Vamosi: And it’s not just in the work environment. I use a password manager.

Passwords

Passwords Authentication Access Data breaches

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 249,142,212 records known to be compromised, and 108 organisations suffering a newly disclosed incident. 94 of them are known to have had data breached. Organisation(s) Sector Location Data breached?

Data Privacy

Data Privacy Privacy Manufacturing Retail

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Cybersecurity Risk Assessments.

Cybersecurity

Cybersecurity Risk Passwords Compliance

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Only 1 definitely hasn’t had data breached. The first chapter covers the lawful basis for training generative AI models on web-scraped data and is open until 1 March. 96 of them are known to have had data exfiltrated, exposed or otherwise breached. Organisation(s) Sector Location Data breached?

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: Yeah, so I mean pentesting by definition has a little bit of a difference, right, pen tests are more usually centered around where, how to exploit vulnerabilities to get in. Vamosi: This is more of a testing and training service of MITRE. And so what we do is we release the training free and open.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

Duff: Yeah, so I mean pentesting by definition has a little bit of a difference, right, pen tests are more usually centered around where, how to exploit vulnerabilities to get in. Vamosi: This is more of a testing and training service of MITRE. And so what we do is we release the training free and open.

Government

Government IT Access Analytics

Information Management Today

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Vermont Enacts Insurance Data Security Law

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

AI Governance: Why our tested framework is essential in an AI world

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

NYDFS issues significant guidance on insurers using AI or external data

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

New York Enacts Stricter Data Cybersecurity Laws

New York’s Breach Law Amendments and New Security Requirements

The Privacy Officers’ New Year’s Resolutions

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

#ModernDataMasters: Nicola Askham, The Data Governance Coach

Top 6 Best Practices for Data Governance

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

The Privacy Officers’ New Year’s Resolutions

US: Surviving the service provider data breach

6 best practices for a data governance strategy

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

The Hacker Mind Podcast: Going Passwordless

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

NYDFS proposes significant cybersecurity regulation amendments

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected