Document, Financial Services, Privacy and Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Corporate Finance firms leak 500K+ legal and financial documents online

Security Affairs

MARCH 17, 2020

Security experts from vpnMentor have discovered two corporate finance companies that leak half a million legal and financial documents online. vpnMentor experts uncovered a database exposed online on Amazon Web Services (AWS) that is leaking a huge amount of sensitive legal and financial documents.

Financial Services

Financial Services Access Privacy Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. This includes scanning all materials, such as investor onboarding documents and communication.

IT

IT Encryption Risk Financial Services

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. Instead, licensees are bound by the notification requirements of the Vermont Security Breach Notice Act, 9 V.S.A.

Insurance

Insurance Security Information Security Cybersecurity

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Data Protection Report

JUNE 14, 2022

As privacy incidents and security breaches involving personal information become increasingly frequent, organizations are more and more aware of the importance of implementing a robust privacy program to mitigate the risks and impacts of such incidents. Legal Obligations. Procedural Considerations.

Privacy

Privacy Data breaches Compliance Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. The authority claimed a violation of data minimisation and privacy by design principles under the EU General Data Protection Regulation (GDPR). . Why should this be a high priority project?

Privacy

Privacy Compliance Personal data Risk

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

The key security lesson is that an identity gets assigned to each and every RPA, creating fresh attack vectors. All these privacy regulations have a direct impact on IGA service, which help companies automate, as much as possible, governance processes, as a foundation proving compliance. Public trust must be maintained.

Digital transformation

Digital transformation Insurance Compliance Healthcare

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

eSecurity Planet

FEBRUARY 26, 2024

They’re particularly dangerous because it’s difficult for security or development teams to see an XSS vulnerability, and it’s also hard to see the effects of an attack until the ensuing breach is well underway. XSS attacks have multiple security and business risks, including credential theft and damaged company reputation.

Risk

Risk Financial Services Security Libraries

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

Protecting employees’ privacy. For example, financial services firms may be worried about employees breaching insider trading laws. Although monitoring software comes with understandable privacy issues, remember that the GDPR (General Data Protection Regulation) doesn’t prohibit their use. Preventing data breaches.

Compliance

Compliance Data breaches Privacy Risk

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. The authority claimed a violation of data minimisation and privacy by design principles under the EU General Data Protection Regulation (GDPR). . Why should this be a high priority project?

Privacy

Privacy Compliance Personal data Risk

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

Cryptoassets cannot be physically possessed, so they cannot be the object of a bailment, and only some types of security can be granted over them. Cryptoassets are not documents of title, documentary intangibles or negotiable instruments, nor are they instruments under the UK Bills of Exchange Act nor goods under the UK Sale of Goods Act.

Blockchain

Blockchain Financial Services Healthcare Marketing

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

Cryptoassets cannot be physically possessed, so they cannot be the object of a bailment, and only some types of security can be granted over them. Cryptoassets are not documents of title, documentary intangibles or negotiable instruments, nor are they instruments under the UK Bills of Exchange Act nor goods under the UK Sale of Goods Act.

Blockchain

Blockchain Financial Services Healthcare Marketing

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices. Prioritize Data Protection The downfall of many security strategies is that they become too general and too thinly spread. But it requires different levels of security.

Data breaches

Data breaches Big data Cybersecurity Security

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

This strategy addresses security concerns related to intellectual property and sensitive data in large language models (LLMs). This enhances data privacy and security and allows for greater control and efficiency in AI application deployment within the enterprise. This necessitates a shift in cybersecurity strategies.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Among those affected are clients of Europcar, a vehicle rental service, and FxPro, a trading platform. ” -Mikail Tunç, a security researcher.

Personal data

Personal data Phishing Data breaches Passwords

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

The Cybersecurity Guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act of 1974 (ERISA) as well as plan participants and beneficiaries. Online Security Tips for plan participants and beneficiaries. Considerations for Plan Sponsors and Other Fiduciaries.

Cybersecurity

Cybersecurity Insurance Risk Compliance

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017.

Cybersecurity

Cybersecurity Risk Financial Services Insurance

Medical Records Storage and Physicians’ Responsibilities Upon Closing their Practice

Shoreline Records Management

AUGUST 21, 2023

With the advent of electronic health records (EHRs) and the increasing emphasis on data security and accessibility, the role of offsite medical records storage has become paramount, especially in the context of physicians’ responsibilities as they seek to close their practice.

Records Management

Records Management Paper Compliance Access

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

So, we can call this a Facebook privacy facepalm legacy attack. It’s a sad state of Facebook privacy news fatigue that the urge is so strong to create privacy fail sub-categories—but there you have it. The information is at least a year old, which was when Facebook stopped allowing developers to have user phone numbers.

Mining

Mining Authentication Financial Services Privacy

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected 2 billion users. If you’ve made reservations at the St.

Financial Services

Financial Services Encryption Passwords Communications

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

The Last Watchdog

MARCH 14, 2022

When was the last time you read an online privacy policy in its entirety? Related: What happened to privacy in 2021. Financial services, health, home security, governance and all other mission critical services are now provided online. This document is called a privacy policy. Perhaps, never?

Privacy

Privacy Artificial Intelligence Financial Services Archiving

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

Data Matters

NOVEMBER 2, 2021

We will also discuss a developing range of services referred to as digital asset “prime brokerage” — describing the suite of services typically provided by these prime brokers and comparing them to traditional offerings of prime brokers in the securities space. Traditional OTC Derivatives.

Blockchain

Blockchain Marketing Access Risk

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA is proposing amendments to: the UK onshored versions of EU technical standards on strong customer authentication (SCA) and common and secure methods of communication (UK SCA-RTS); its Approach Document on Payment Services and Electronic Money (Approach Document); and. its Perimeter Guidance Manual (PERG).

Authentication

Authentication Paper Risk Insurance

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Forty percent are challenged by the volume of unmanaged digital documents out of the RIM program’s control. The top objection to using the cloud for digital records continues to be potential privacy or security concerns – no change from 2017. Automation’s impact on work processes will be profound.

Content services

Content services Cloud Records Management Privacy

FTC Settles Charges of Improper Disposal of Personal Information

Hunton Privacy

NOVEMBER 8, 2012

In its complaint , the FTC maintained that PLS Financial Services, Inc., In the settlement , the companies agreed to pay $101,500 and are enjoined from any future violations of the Disposal, Privacy and Safeguards Rules.

Financial Services

Financial Services Retail Privacy Compliance

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

Data Matters

MAY 21, 2020

Where a financial institution has made disclaimers or set forth its challenges in past SAR filings, FinCEN is not requiring the financial institution to correct those reports. Providing Supporting Documentation to Law Enforcement and FinCEN Timely When Requested. Secret Service field office.

e-Discovery

e-Discovery Government Cybersecurity Financial Services

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. IT governance and security.

Compliance

Compliance Risk Government Retail

Protection of Privilege in the Aftermath of a Data Breach

Data Matters

JANUARY 25, 2018

In the aftermath of a significant data security incident, a best practice is to hire a third-party forensic firm, working at the direction of counsel, to review how the breach occurred, what data may have been accessed, whether the incident has ceased and other important issues directly relevant to legal counsel’s review. In Leibovic v.

Data breaches

Data breaches Communications Financial Services Privacy

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. IT governance and security.

Compliance

Compliance Risk Government Retail

HHS Settles with Affinity Health Plan Over Photocopier Security Breach

Hunton Privacy

AUGUST 15, 2013

On August 14, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1,215,780 settlement with Affinity Health Plan (“Affinity”) stemming from a security breach that affected approximately 350,000 individuals.

Security

Security Financial Services Risk IT

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

Archives Records 2018 RMS Annual Meeting

The Schedule

AUGUST 22, 2018

” The first speaker was Lauren Gaines from Thrivent Financial, which is a fraternal benefit society and Fortune 500 financial services organization. Perhaps one of the most interesting points she raised was about the potential impact of the new EU right to privacy rule. embracing automatic declassification.

Archiving

Archiving FOIA Records Management Compliance

Security Compliance & Data Privacy Regulations

Corporate Finance firms leak 500K+ legal and financial documents online

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

First American Financial Pays Farcical $500K Fine

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

Vermont Enacts Insurance Data Security Law

The aftermath of an incident – why keeping records of data breaches and privacy incidents matters

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

The Privacy Officers’ New Year’s Resolutions

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

The Privacy Officers’ New Year’s Resolutions

Top 12 Cloud Security Best Practices for 2021

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

What Is Cross-Site Scripting (XSS)? Types, Risks & Prevention

The compliance challenges of hybrid working

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

How to Prevent Data Breaches: Data Breach Prevention Tips

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Popular apps left biometric data, IDs of millions of users in danger

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

NYDFS Files First Cybersecurity Enforcement Action

Medical Records Storage and Physicians’ Responsibilities Upon Closing their Practice

New York’s Breach Law Amendments and New Security Requirements

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Marriott Breach: More than 500 Million Guest Affected

GUEST ESSAY: Few consumers read privacy policies — tools can now do this for them

New York Enacts Stricter Data Cybersecurity Laws

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

FTC Settles Charges of Improper Disposal of Personal Information

FinCEN Issues Notice on Reporting COVID-19 Criminal and Suspicious Activities, Companion Advisory on COVID-19-Related Medical Scams

Top GRC Tools & Software for 2021

Protection of Privilege in the Aftermath of a Data Breach

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

CIPL and AvePoint Release Global GDPR Readiness Report

Top 10 Governance, Risk and Compliance (GRC) Vendors

HHS Settles with Affinity Health Plan Over Photocopier Security Breach

6 Best Threat Intelligence Feeds to Use in 2023

Archives Records 2018 RMS Annual Meeting

Stay Connected