Financial Services, Government, Personal data and Security

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

On December 15, 2022, the UK government and the Dubai International Financial Centre Authority (“DIFC”) issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. the pursuit of a closer UK-DIFC partnership on data flows as a way of realizing untapped economic growth.”.

Government

Government Financial Services Personal data Security

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. Beyond these economic effects, the rules have important data security benefits. You have no choice in the matter.

Financial Services

Financial Services Privacy Personal data Marketing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Some patients also had their Social Security numbers exposed.”

Data Privacy

Data Privacy Privacy Security Data breaches

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. This is an important public action by the U.S. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured.

Personal data

Personal data Phishing Risk Financial Services

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 4: payments data.

Compliance

Compliance Security Financial Services Data collection

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How do you build an effective information governance program?

Privacy

Privacy Compliance Personal data Risk

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. The Order alleges that this vulnerability exposed over 800 million images dating back to 2003, including sensitive personal data, such as Social Security numbers and financial information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Indonesia Publishes Proposed Data Protection Rule

Hunton Privacy

JULY 17, 2015

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). 82 of 2012.

Personal data

Personal data Archiving Financial Services Communications

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Not surprisingly, everyone was talking about Artificial Intelligence (AI). Already using AI?

Marketing

Marketing Government Financial Services Artificial Intelligence

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data. What are the security risks of Slack? Admin Roles. Third Party Apps.

Encryption

Encryption Risk Financial Services Privacy

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

Collibra

NOVEMBER 10, 2023

Discussions surrounding AI governance, regulation, and ethics have taken center stage. The United States government, along with many other countries, has recognized the need to establish a framework for responsible AI development and deployment. Personal data should be handled with care.

Artificial Intelligence

Artificial Intelligence Government Security Data Privacy

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cyberattack Statistics. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How do you build an effective information governance program?

Privacy

Privacy Compliance Personal data Risk

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

But it looks like my own personal data has been breached – again. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. That makes a cavalier attitude about data security much less forgivable. Not used in years.

Retail

Retail Data breaches Encryption Mining

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

The anchor identity of the device along with metadata about the device itself, data about its locatio , and transactions made on its own behalf is its own unit of value. Telcos can also play the role of data providers as well as data marketplace and brokerage operators within the ecosystem.

IoT

IoT Artificial Intelligence Agriculture Blockchain

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% As I came to understand it, this new approach leverages multi-factor secret sharing algorithms previously only used by government entities. billion by 2022.

Encryption

Encryption Security Compliance Digital transformation

Network Encryption Keeps Our Data in Motion Secure for Business Services

Thales Cloud Protection & Licensing

JULY 24, 2023

Network Encryption Keeps Our Data in Motion Secure for Business Services madhav Tue, 07/25/2023 - 04:59 The demand for high-speed networks and fast data transfers is increasing due to cloud adoption, digital transformation, and hybrid work.

Business Services

Business Services Encryption Manufacturing Security

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed.

Data Privacy

Data Privacy Privacy Security Data breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Compromised information includes patients’ personal data, health and medical records, financial data, internal emails and software source code. Data breached: 5 TB.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Related: Applying ‘zero trust’ to managed security services. based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Governance and attestation quickly became a very big deal.

Access

Access Government Authentication Data breaches

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Remember after last month’s relatively serene cyber security scene we said this wasn’t the beginning of the GDPRevolution ? Hackers steal names and Social Security numbers from Maryland Department of Labour (78,000). Croatian government targeted by mysterious hackers (unknown). Data breaches. Libraries in Onondaga Co.,

Data breaches

Data breaches Ransomware Personal data Government

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data set is a collection of 1 billion credentials sourced from stealer logs and hosted on the illicit.services website. million customers’ data.

Data Privacy

Data Privacy Privacy Manufacturing Retail

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation?

Government

Government Personal data Marketing Artificial Intelligence

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Data Protection Report

JULY 5, 2021

The Data Act will complement other European Union (EU) measures to create a solid framework for digital trust, opening up public sector data, removing digital borders, encouraging trade in data, opening up competition and facilitating better security within the EU single market. Data Act Consultation.

B2B

B2B Personal data Cloud Access

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Before explaining data sovereignty, let us understand a broader concept—digital sovereignty—first. Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations.

Cloud

Cloud Compliance Data Privacy Privacy

Countdown to GDPR: it’s time for action

CGI

MAY 25, 2017

The General Data Protection Regulation comes into force a year from now. It will usher in a new data management regime for any organisation collecting, storing or processing personal data. GDPR extends the notion of personal data to any information that contributes to individual identification.

GDPR

GDPR Personal data Financial Services Compliance

The Business of Data Newsletter – Issue 7 (7 December 2018)

Information Matters

DECEMBER 7, 2018

. “Seven out of 10 UK consumers and two-thirds, on average, around the world would stop doing business with a brand that suffers a breach of users’ financial or personal data. What Great Data Analysts Do — and Why Every Organization Needs Them – Harvard Business Review, 4 December 2018. ” [link].

IoT

IoT Blockchain Personal data Analytics

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Data breached: 4,186,879,104 messages. Keyboard app vulnerabilities reveal keystrokes to network eavesdroppers Security researchers have identified critical security vulnerabilities in Cloud-based pinyin keyboard apps from Baidu, Inc., Honor, Huawei, iFlytek, OPPO, Samsung Electronics, Tencent, Vivo and Xiaomi Technology.

Data Privacy

Data Privacy Privacy Manufacturing Security

Is Your Customer Experience Future-Ready?

Reltio

APRIL 25, 2019

How do you ensure security and privacy while personalizing the customer experience? If the digital transformation doesn’t have an end date, then is your data platform able to scale infinitely to support your long-term, evolving customer experience? Do you have fail-safe processes to guarantee security of customer data?

Customer Experience

Customer Experience Digital transformation B2B B2C

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

provide additional CCPA analyses and reports. The original exemption did not address protected health information collected by business associates.

Privacy

Privacy Compliance GDPR Data breaches

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Webinars

Trending Sources

CFPB’s Proposed Data Rules

Webinars

Security Compliance & Data Privacy Regulations

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Catches of the Month: Phishing Scams for October 2023

Navigating the EU-US Data Protection Framework

Multinational ICICI Bank leaks passports and credit card numbers

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Improve your data relationships with third parties

Singapore Parliament Passes Personal Data Protection Act

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Indonesia Publishes Proposed Data Protection Rule

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Capital Markets, AI, and the need for governance

Slack Launched Encryption Key Addon For Businesses

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

The Privacy Officers’ New Year’s Resolutions

What is a Cyberattack? Types and Defenses

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

It’s time to think twice about retail loyalty programs

The Economy of Things: the next value lever for telcos

The Privacy Officers’ New Year’s Resolutions

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

Network Encryption Keeps Our Data in Motion Secure for Business Services

Privacy and Cybersecurity Top 10 for 2018

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Living in a data sovereign world

Countdown to GDPR: it’s time for action

The Business of Data Newsletter – Issue 7 (7 December 2018)

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Is Your Customer Experience Future-Ready?

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

Stay Connected