Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. Some requirements also apply specifically to larger covered entities falling under the “Class A companies” category.

Financial Services 111

Financial Services Cybersecurity Compliance Government 111

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. According to the FBI, BEC scams are the most costly form of cybercrime today.

Insurance 288

Insurance Risk Financial Services Mining 288

eSecurity Planet

AUGUST 9, 2022

Relatedly, PIPL outlines some categories of sensitive information that do not receive additional protection under GDPR. Also, health and financial data, among other categories of more sensitive data, is often treated as a more protected category of data under general data-privacy laws – subject to stricter protection requirements.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services 52

Financial Services Communications Compliance Risk 52

Collibra

MARCH 23, 2021

ATB Financial provides a diversified set of financial services to more than 770,000 residents of Alberta, Canada. Being a regionally focused institution, the group is dedicated to knowing its customers intimately, understanding their needs and providing products and services that help them achieve their goals.

Cloud 59

Cloud Government Access Metadata 59

DLA Piper Privacy Matters

AUGUST 23, 2021

Government Access to/Disclosure of Personal Information Data controllers must not provide personal information stored within China to overseas legal or enforcement authorities unless approval is obtained from a China authority.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Data Matters

AUGUST 5, 2019

The law broadens the definition of “private information” which sets forth the information elements that, if breached, could trigger a notification obligation. Moreover, unlike the contemplated New York Privacy Act, the SHIELD Act does not provide a private right of action.

Cybersecurity 68

Cybersecurity Data breaches Privacy Risk 68