Events, Financial Services, Privacy and Security

Data Protection in Financial Services Week 2022

Data Matters

FEBRUARY 25, 2022

Sidley and OneTrust DataGuidance are pleased to announce that registration is now open for their annual Data Protection in Financial Services (DPFS) Week. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector.

Financial Services

Financial Services Privacy Data Privacy Cybersecurity

NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites

Hunton Privacy

FEBRUARY 22, 2021

Lastly, the Alert provides recommendations to secure data, noting that (1) regulated entities should review whether it is necessary to display any NPI (even redacted NPI) and (2) NPI should not be displayed on public-facing sites unless there is a compelling reason to do so.

Financial Services

Financial Services Insurance Cybersecurity Analytics

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Cybersecurity Governance.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. Systemic risk includes critical third-party vendors and catastrophic cyber events involving third parties, such as NotPetya and SolarWinds. The post New York Department of Financial Services Issues First Guidance by a U.S.

Insurance

Insurance Financial Services Cybersecurity Risk

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. Cybersecurity Event Investigation and Notification Requirements.

Insurance

Insurance Security Information Security Cybersecurity

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

MAY 4, 2022

Sidley announced today that David Lashway and John Woods have joined as partners in the firm’s Privacy and Cybersecurity practice in Washington, D.C. Adding significant bench strength to our Chambers-ranked Privacy and Cybersecurity practice is a win for Sidley and our clients,” said Yvette Ostolaza, Sidley’s Management Committee Chair.

Cybersecurity

Cybersecurity Marketing Security Privacy

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Building for operational resilience in the age of AI and hybrid cloud

IBM Big Data Hub

MARCH 20, 2024

For highly regulated industries, these challenges take on an entirely new level of expectation as they navigate evolving regulatory landscape and manage requirements for privacy, resiliency, cybersecurity, data sovereignty and more. This means actively minimizing downtime and closing gaps in the supply chain to remain competitive.

Cloud

Cloud Financial Services Risk Business Services

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. I think not.

GDPR

GDPR Privacy Compliance Personal data

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

An Update on the SEC’s Cybersecurity Reporting Rules

Hunton Privacy

FEBRUARY 22, 2024

Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of the filings made to date. Three of these companies also have amended their first Form 8-K filings to provide additional detail regarding subsequent events. Form 8-K filings.

Cybersecurity

Cybersecurity Financial Services Marketing IT

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption

Encryption Cybersecurity Data breaches Financial Services

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Navigating the digital wave: Understanding DORA and the role of confidential computing

IBM Big Data Hub

FEBRUARY 5, 2024

The Digital Operational Resilience Act (DORA) marks a significant milestone in the European Union’s (EU) efforts to bolster the operational resilience of the financial sector in the digital age. Ensuring end-to-end Protection To achieve total data privacy assurance, a key component is confidential computing and cryptography.

Encryption

Encryption Data Privacy Compliance Cloud

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. This makes any personal information and details of financial transactions typed on HTTP web pages easy pickings.

Security

Security Encryption Authentication Financial Services

NYDFS Cybersecurity Regulations: A glimpse into the future

Thales Cloud Protection & Licensing

NOVEMBER 27, 2018

The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. In September financial services companies faced the largest set of regulations in the process thus far. September Checklist, March Reminder. Looking Ahead to 2019 and 2020.

Cybersecurity

Cybersecurity Financial Services Encryption Data Privacy

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

HL Chronicle of Data Protection

JULY 15, 2019

Hogan Lovells announced today that Peter Marta , the former global head of Cybersecurity and Global Security and Investigations Legal for JPMorgan Chase and Co., has joined our Privacy and Cybersecurity practice as a partner. Pete is an established leader in the banking and financial services sectors.

Cybersecurity

Cybersecurity Privacy Financial Services Government

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

Protecting employees’ privacy. For example, financial services firms may be worried about employees breaching insider trading laws. Although monitoring software comes with understandable privacy issues, remember that the GDPR (General Data Protection Regulation) doesn’t prohibit their use. Preventing data breaches.

Compliance

Compliance Data breaches Privacy Risk

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5

Cybersecurity

Cybersecurity Financial Services Risk Phishing

Webinar Recording Available on the NYDFS Regulations

Hunton Privacy

MARCH 16, 2017

On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner and chair of the Global Privacy and Cybersecurity practice Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services (“NYDFS”).

Financial Services

Financial Services Insurance Cybersecurity Privacy

The New Cybersecurity Landscape: What the NYDFS Regulations Really Mean for Your Business

Hunton Privacy

MARCH 7, 2017

On March 9, 2017, AllClear ID will host a webinar with Hunton & Williams partner and chair of the Global Privacy and Cybersecurity practice Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services (“NYDFS”).

Cybersecurity

Cybersecurity Financial Services Privacy Security

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

This is the ninth installment in Hogan Lovells’ series on the California Consumer Privacy Act. It does not exempt financial institutions altogether from its requirements where a financial information is processing information not subject to these regimes. The Privacy Rule provides examples of a “consumer” (12 C.F.R.

Privacy

Privacy Financial Services Compliance Data breaches

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

Cryptoassets cannot be physically possessed, so they cannot be the object of a bailment, and only some types of security can be granted over them. However, because of the potential to facilitate near-instant messaging, clearing and settlement, blockchain and cryptoassets have a particularly promising potential in a financial services context.

Blockchain

Blockchain Financial Services Healthcare Marketing

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Data Matters

DECEMBER 4, 2019

Cryptoassets cannot be physically possessed, so they cannot be the object of a bailment, and only some types of security can be granted over them. However, because of the potential to facilitate near-instant messaging, clearing and settlement, blockchain and cryptoassets have a particularly promising potential in a financial services context.

Blockchain

Blockchain Financial Services Healthcare Marketing

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million. 23 NYCRR § 500.13.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

The Last Watchdog

AUGUST 30, 2021

One of the most commonly repeated phrases in the security industry is, “Security teams hate their SIEM!”. Security Information and Event Management (SIEM) is not what it was 20 years ago. Here are five misconceptions, or myths, related to the SIEM, now security analytics platforms: • SIEMs are only good for compliance.

Analytics

Analytics Security Marketing Financial Services

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

NOVEMBER 30, 2018

Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected 2 billion users. If you’ve made reservations at the St.

Financial Services

Financial Services Encryption Passwords Communications

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

Some suggest the California Consumer Privacy Act (CCPA), which takes effect January 1, 2020, sets a precedent other states will follow by empowering consumers to set limits on how companies can use their personal information. Compliance is an on-going requirement, so efforts to become compliant should not be treated as static events.

GDPR

GDPR e-Discovery Compliance Metadata

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. Salt Security says in their recommendations for how to defend against credential stuffing.

IT

IT Passwords Authentication Data Privacy

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

And breaches will occur – because bad guys make a living by figuring out ways to circumvent security best practices. Prioritize Data Protection The downfall of many security strategies is that they become too general and too thinly spread. But it requires different levels of security.

Data breaches

Data breaches Big data Cybersecurity Security

GDPR: taking the long-term view

Preservica

SEPTEMBER 27, 2017

I was recently invited to be part of a panel at an event in London organized by Simmons & Simmons, a leading global law firm. The panel brought together up and coming technology vendors with advanced data protection and security solutions. HR records) that need to be kept for decades.

GDPR

GDPR Compliance Financial Services Privacy

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Blockchain, Cybersecurity and Global Finance

Hunton Privacy

SEPTEMBER 30, 2015

In the near future, blockchain may become the new architecture of a reinvented global financial services infrastructure. In the event of an actual attack, blockchain’s virtues, such as decentralization and immutability, would instantly become vices, as the malware would spread far and wide and the pollution would not be easily erased.

Blockchain

Blockchain Cybersecurity Financial Services Encryption

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

The IBM team is even using generative AI to create synthetic data to build more robust and trustworthy AI models and to stand in for real-world data protected by privacy and copyright laws. They can also help businesses predict future events and understand why past events occurred. Robots handle and move physical objects.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

Data Protection in Financial Services Week 2022

NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites

Webinars

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Vermont Enacts Insurance Data Security Law

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Building for operational resilience in the age of AI and hybrid cloud

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

An Update on the SEC’s Cybersecurity Reporting Rules

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

FTC amendment to Safeguards Rule

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Navigating the digital wave: Understanding DORA and the role of confidential computing

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

NYDFS Cybersecurity Regulations: A glimpse into the future

Peter Marta, Former Global Head of Cybersecurity Law at JPMorgan joins Hogan Lovells Privacy and Cybersecurity Practice

Privacy and Cybersecurity Top 10 for 2018

The compliance challenges of hybrid working

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Webinar Recording Available on the NYDFS Regulations

The New Cybersecurity Landscape: What the NYDFS Regulations Really Mean for Your Business

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

Cryptoassets and Smart Contracts – UK Offers Legal Clarity

NYDFS settles with EyeMed for $4.5 million

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

Marriott Breach: More than 500 Million Guest Affected

Keeping Up with New Data Protection Regulations

What is credential stuffing? And how to prevent it?

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

How to Prevent Data Breaches: Data Breach Prevention Tips

GDPR: taking the long-term view

Summary – “Industry in One: Financial Services”

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Blockchain, Cybersecurity and Global Finance

The most valuable AI use cases for business

Stay Connected