Financial Services, Information Security, Insurance and Privacy

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance

Insurance Security Information Security Cybersecurity

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance

Insurance Financial Services Cybersecurity Risk

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction.

Insurance

Insurance Risk Financial Services Mining

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies.

Digital transformation

Digital transformation Insurance Compliance Healthcare

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. In this regard, notified consent remains the primary (if not sole) basis for processing of personal information.

Data Privacy

Data Privacy Privacy Compliance Analytics

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 EyeMed’s privacy policy stated that the company would “follow generally accepted industry standards to protect the personal information submitted to us, and to guard that information against loss, misuse or alteration. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. Finally, the plan must require evaluation and revisions to it as necessary following a security event.

Privacy

Privacy Risk Cybersecurity Information Security

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. Privacy Shield. Privacy Shield. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

Almost half of the broker-dealers (47%) reportedly participate in information sharing organizations such as the Financial Services Information Sharing and Analysis Center. A majority of examined firms broker-dealers (93%) and advisers (79%) reported that they conduct cybersecurity risk assessments on periodic basis.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

Delaware Enacts New Data Destruction Law

Hunton Privacy

JULY 31, 2014

confidential health care information. Notably, a consumer’s information qualifies as “personal identifying information” if either his or her name or the accompanying data element is unencrypted at the time of disposal.

Financial Services

Financial Services Insurance Privacy Paper

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication

Authentication Paper Risk Insurance

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Privacy governance and management. LogicManager. Back to top.

Compliance

Compliance Risk Government Retail

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Data Matters

OCTOBER 8, 2020

Encourages financial institutions and other companies that engage with victims of ransomware (such as those involved in providing cyber insurance, digital forensics, and incident response) to implement risk-based sanctions compliance programs and to consider their obligations under FinCEN regulations. 1, 2020, [link].

Ransomware

Ransomware Compliance Risk Government

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Privacy governance and management. LogicManager. Back to top.

Compliance

Compliance Risk Government Retail

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The fine is the highest to date in the UK and reflects a 30% discount for cooperating with the FSA.

Security

Security Insurance Data breaches Personal data

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. The consultation closes on 17 April.

Data Privacy

Data Privacy Privacy Security Data breaches

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

The Guidance is not intended to serve as a comprehensive framework but rather provides financial institutions with examples of effective risk management practices without endorsing any specific information security framework or standard. 1 The Federal Financial Institutions Examination Council is a U.S.

Authentication

Authentication Access Risk Financial Services

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Is this confidence misplaced?

Cybersecurity

Cybersecurity Artificial Intelligence Data breaches IoT

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

This was because, as the complexity of business networks continued to intensify, so did the challenges of meeting data handling requirements under the Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the Federal Information Security Management Act.

Access

Access Government Authentication Data breaches

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., Subscribe now The post The Week in Cyber Security and Data Privacy: 22 – 28 April 2024 appeared first on IT Governance UK Blog. To learn more about our research methodology, click here.

Data Privacy

Data Privacy Privacy Manufacturing Security

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

IGI

MAY 1, 2018

The experience of Ameritas Life Insurance Corp., The insurance company was already reviewing its information governance processes before New York Department of Financial Services introduced new regulatory standards in March 2017. headquartered in Lincoln, Nebraska, clearly makes such a case.

Information governance

Information governance Government Records Management Insurance

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

Banking, financial services, media, insurance, and e-commerce companies have the lead in transformational initiatives in India. While digital transformation is driving benefits to companies and their customers alike, it also introduces new challenges for information security professionals.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

Data Matters

DECEMBER 7, 2017

Department of Treasury released a 176-page Report examining the current regulatory framework for asset management and insurance industries. This Report may significantly impact the evolution of state-law cybersecurity regulations for the financial services sector. 3, 2017), and makes recommendations to ensure alignment.

Insurance

Insurance Data breaches Security Cybersecurity

President Trump Signs Financial Services Regulatory Reform Legislation

Data Matters

JUNE 5, 2018

The definition of “banking entity” now excludes insured depository institutions (and their parent companies and affiliates) if (i) the institution has less than $10 billion in total consolidated assets and (ii) the institution’s trading assets and liabilities are less than 5 percent of its total consolidated assets.

Financial Services

Financial Services Insurance Privacy Authentication

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. SECURITI’s solutions help organizations secure data while automating privacy and compliance using AI and machine learning tactics. Cape Privacy.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Vermont Enacts Insurance Data Security Law

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Trending Sources

Security Compliance & Data Privacy Regulations

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

First American Financial Pays Farcical $500K Fine

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

New York SHIELD Act $600,000 settlement

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Privacy and Cybersecurity Top 10 for 2018

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

NYDFS settles with EyeMed for $4.5 million

New York Banking Regulator Announces New Cybersecurity Assessment Process

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

CIPL and AvePoint Release Global GDPR Readiness Report

New York Enacts Stricter Data Cybersecurity Laws

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Delaware Enacts New Data Destruction Law

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Top GRC Tools & Software for 2021

Office of Foreign Assets Control: Making or Facilitating Ransomware Payments May Violate U.S. Sanctions

Top 10 Governance, Risk and Compliance (GRC) Vendors

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Survey Says…Cybersecurity Remains A Critical Challenge For Business

An Approach to Cybersecurity Risk Oversight for Corporate Directors

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Download IGI’s Whitepaper: Ameritas Leverages Technology For Improved Information Governance

India’s Digital Future Is Bright

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

President Trump Signs Financial Services Regulatory Reform Legislation

Top Cybersecurity Startups to Watch in 2022

Stay Connected