Remove category
article thumbnail

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category.

article thumbnail

News alert: INE Security’s cybersecurity training service earns 2024 SC Excellence Award

The Last Watchdog

This designation underscores INE Security’s commitment to excellence and leadership in the cybersecurity industry. This year’s awards were presented across 33 categories, celebrating both established industry leaders and emerging innovators. Their contributions help drive progress in securing our digital environments.”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

Regulated Data includes personal and non-personal data categories, but state secrets are specially carved out from the scope of Regulated Data. Financial institutions and other organizations (“ Data Handlers ”) processing Regulated Data with the territory of China must comply with the requirements of the Draft Measures.

article thumbnail

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. Notice of Cybersecurity Event. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.

article thumbnail

$8 million penalty to NYDFS – and another case of over-retention

Data Protection Report

On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its virtual currency regulations.

article thumbnail

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk 147
article thumbnail

First American Financial Pays Farcical $500K Fine

Krebs on Security

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. First American is not out of the regulatory woods yet from this enormous data leak.

Insurance 282