Exercises and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The new rules provide more details on how the senior governing body of the covered entity is expected to exercise oversight of its cybersecurity risk management.

Financial Services

Financial Services Cybersecurity Compliance Government

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Banking on mainframe-led digital transformation for financial services

IBM Big Data Hub

JULY 31, 2023

Financial services companies are considered institutions because they manage and move the core aspects of our global economic system. And the beating heart of financial institutions is the IBM mainframe. As efforts are scrapped, IT leaders within these organizations felt like they bit off more than they could chew.

Financial Services

Financial Services Digital transformation Computer and Electronics Analytics

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance.

Insurance

Insurance Financial Services Compliance Retail

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Process Excellence: A transformational lever to extreme automation

IBM Big Data Hub

APRIL 20, 2023

With the success of initial automation deployment, the focus has shifted to optimization of adjacent business-critical processes, e.g. service order management, reverse value chain, and more, for cycle time reduction and quality improvement.

Mining

Mining Financial Services Digital transformation Retail

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.

Cybersecurity

Cybersecurity Passwords Risk Compliance

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? I think not.

GDPR

GDPR Privacy Compliance Personal data

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights? How do the CCPA’s exceptions for certain regulated companies, such as financial services, work? How far does a business have to go to implement a consumer’s opt-out of sales to third parties?

Sales

Sales Financial Services Privacy Compliance

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Data Matters

SEPTEMBER 20, 2018

Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters. The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.

Financial Services

Financial Services Paper Marketing Privacy

Business Architecture and Process Modeling for Digital Transformation

erwin

JULY 11, 2019

For instance, millennials are adept at using digital channels, and they are the fastest-growing customer base for financial services companies. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

Digital transformation

Digital transformation Information capture Compliance Financial Services

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

In addition, some companies have received an official notice that it is a CII, but we expect more to come so companies operating in sensitive or highly regulated sectors like energy, financial services, and telecoms should be aware that the issuance of a notice still remains a possibility.

Financial Services

Financial Services Data collection Security Communications

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

SEPTEMBER 6, 2022

Targets of OAG investigations included several entities in the healthcare space (HIPAA exemption), a financial services firm (GLBA exemption) and a medical device manufacturer (B2B exemption). The examples provided show the OAG has been investigating businesses whose data we would expect to be largely exempt from CCPA.

Privacy

Privacy B2B Sales Compliance

Getting ready for artificial general intelligence with examples

IBM Big Data Hub

APRIL 18, 2024

It might create interactive simulations, personalized exercises and even gamified learning experiences to keep students engaged and motivated. The student practices with personalized exercises that cater to their specific knowledge gaps and the AGI provides feedback and encouragement throughout the process. Mastering a topic?

Artificial Intelligence

Artificial Intelligence Marketing e-Delivery Manufacturing

CFPB Indicates Intent to Regulate Service Providers to Financial Institutions

Hunton Privacy

AUGUST 8, 2012

Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions.

Financial Services

Financial Services Compliance Privacy IT

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

Vertical data platforms owned and operated by telcos and targeting a specific industry such as automotive, agriculture or financial services already exist today. The EoT needs to be built on open innovation platforms grounded in interoperable infrastructure, common standards and a connective fabric of data and services.

IoT

IoT Artificial Intelligence Agriculture Blockchain

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe? The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.

IT

IT Security Digital transformation Compliance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11.

Personal data

Personal data GDPR Privacy Records Management

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

Depending on the activity in question, organisations would have to consider how disapplying the balancing test would work in light of a request to exercise those rights which require reconsidering the legitimate interest. Organisations will need to factor this in as part of their compliance program.

Government

Government FOIA GDPR Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

And several speakers from the financial services industry asked that the Attorney General clarify that banks and other financial institutions’ incidental receipt of personal information during the course of a transaction is exempted from the Act’s coverage. Safe Harbors and Concrete Guidance.

Sales

Sales Privacy Data Privacy Compliance

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Drafting BCRs, obtaining approval and implementing are time-consuming, but completing this exercise serves as a stamp of quality and accountability. There are several reasons why multinationals are choosing to adopt BCRs with greater frequency: Gold plating your data protection compliance programme.

GDPR

GDPR Personal data Marketing Healthcare

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

“If you are not tying what you are doing, in any kind of data initiative, to a business vision and some tangible outcomes that a business is trying to achieve, then MDM can become just a complex academic exercise.”. Prioritise people, process and governance.

MDM

MDM Retail IT Government

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Companies in the financial services, technology, airline and hotel industries are among those that could face substantial compliance obligations. We provide a brief overview of BDPA’s principles relating to the processing of personal data, requirements with respect to data subject rights, international transfers, and compliance.

Personal data

Personal data GDPR Data Privacy Privacy

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Reltio

JUNE 20, 2019

I like to walk and bicycle – it is good exercise but you can also think while you do these things. No, I think we have covered all my pet hobby horses! What do you like to do outside of work? I am at an age now where I have grandchildren so I really like to be with them. It is as much to freshen my mind and do some out-of-the-box thinking.

MDM

MDM Manufacturing Computer and Electronics Digital transformation

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise.

Artificial Intelligence

Artificial Intelligence Analytics Big data Mining

Ireland & UK: Latest trends in data subject access requests in pending litigation

DLA Piper Privacy Matters

JULY 22, 2021

Every financial services organisation will have been subject to a DSAR in order to obtain information as a pre-cursor to a claim against them for mis-selling a service or breaching an agreement in some way. This allows for restrictions on the right of access: “ where the restrictions are necessary and proportionate ….

Access

Access Personal data GDPR Financial Services

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Data Protection Report

NOVEMBER 3, 2017

These communications may include: (i) general communications about the incident with media, investors, customers, or regulators; and (ii) formal notifications ranging from those necessitated by legal or regulatory requirements to formal contractual notices necessary to exercise force majeure or emergency circumstances. Further Investigation.

IoT

IoT Communications Risk Passwords

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

However, we caution that while a robust data quality platform should correct flaws, platform leaders should exercise caution in requesting single products/projects to combine both observability and correction. For financial services, data governance found its roots in risk.

Risk

Risk Government Financial Services Access

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

For example, government contractors or subcontractors with reporting obligations to the DOD or DOE for cyber incidents, or financial services entities that are already required to report cyber incidents to their primary federal regulator would be considered “covered entities” under the CIRCIA.

Ransomware

Ransomware Agriculture Cybersecurity Government

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

It’s not hard to understand why companies are exercising diligence when selecting a data protection solution. A number of their industry partners, including IBM, Oracle, financial service providers, and others, use Hyperledger Fabric. The needs are loud and clear: make it automated, and straightforward.

Blockchain

Blockchain Security Authentication Compliance

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

JUNE 24, 2022

The definition generally includes three elements for determining whether a person is an investment adviser: (i) The person provides advice, or issues analyses or reports, concerning securities; (ii) the person is in the business of providing such services; and (iii) the person provides such services for compensation. 2, 1987).

Marketing

Marketing Financial Services Analytics Sales

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise.

Artificial Intelligence

Artificial Intelligence Analytics Mining Big data

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In reviewing the answers to these and further queries, the DPC noted that organisations must be able to demonstrate effective and real exercise of management activities in Ireland that determine the main decisions as to the purposes and means of processing through stable arrangements. Financial Services Sector Focus.

GDPR

GDPR Compliance Data breaches Marketing

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

the country in which Processing occurs e. the identity of Affiliates, Processors, or Third-Parties Personal Data is shared with f. methods by which Consumers can exercise their Data Rights request; or g. Processing purposes.

Privacy

Privacy Cybersecurity Personal data Insurance

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

Trending Sources

Banking on mainframe-led digital transformation for financial services

Webinars

Deploying applications built in external CI through IBM Cloud DevSecOps

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Process Excellence: A transformational lever to extreme automation

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

NYDFS proposes significant cybersecurity regulation amendments

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Business Architecture and Process Modeling for Digital Transformation

“Am I a CII operator?” – New regulation in China provides more clarity

Big California Privacy News: Legislative and Enforcement Updates

Getting ready for artificial general intelligence with examples

CFPB Indicates Intent to Regulate Service Providers to Financial Institutions

The Privacy Officers’ New Year’s Resolutions

The Economy of Things: the next value lever for telcos

Security in the finance sector: Whose role is it anyway?

The Impact of Data Protection Laws on Your Records Retention Schedule

UK Government sets out proposals to shake up UK data protection laws

The Privacy Officers’ New Year’s Resolutions

Takeaways From CCPA Public Forums

Cybersecurity: Managing Risks With Third Party Companies

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

EU: Binding Corporate Rules are Generating Greater Interest

#ModernDataMasters: Mike Evans, Chief Technology Officer

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Artificial Intelligence: 6 Step Solution Decomposition Process

Ireland & UK: Latest trends in data subject access requests in pending litigation

Discovery of New Internet of Things (IoT) Based Malware Could Put a New Spin on DDoS Attacks

Why you should keep data observability separate from data cleansing

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Rock the Blockchain: Thales and DigiCert Secure the Data

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Artificial Intelligence: 6 Step Solution Decomposition Process

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

ICYMI – Late December in privacy and cybersecurity

Stay Connected