Financial Services, Information Security and Privacy

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me. That’s just a starting point.

Privacy

Privacy Data Privacy GDPR Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance appeared first on Data Matters Privacy Blog. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Data Matters

MAY 14, 2019

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. Read the Full Interview.

Financial Services

Financial Services GDPR Big data Data Privacy

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

The new law generally follows MDL-668’s provisions, adopting the model law’s broad definition of nonpublic information and requiring licensees to, in part, maintain a written information security program (“WISP”) and investigate cybersecurity incidents. Information Security Program Requirements.

Insurance

Insurance Security Information Security Cybersecurity

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Data Matters

DECEMBER 6, 2022

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period.

Cybersecurity

Cybersecurity Financial Services Privacy IT

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

Tune into this webinar to hear from experts from Thales and IDC on how to approach data protection in a cloud computing ecosystem, and the challenges around orchestrating effective security controls in a hybrid cloud environment that depend on proprietary tools and APIs. Security & Compliance for SAP Data in Financial Services.

Compliance

Compliance Cloud Security Financial Services

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy

Data Privacy Personal data Privacy Cloud

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. Why should this be a high priority project? Increased regulation and enforcement action.

Privacy

Privacy Compliance Personal data Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Aside from its core business competency — checking to make sure the property at issue in any real estate transaction is unencumbered by any liens or other legal claims against it — First American basically has one job: Protect the privacy and security of all these documents.

Insurance

Insurance Risk Financial Services Mining

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. In this regard, notified consent remains the primary (if not sole) basis for processing of personal information.

Data Privacy

Data Privacy Privacy Compliance Analytics

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

It also involves actively identifying and securing potential vulnerabilities in IT/OT supply chains, and identity protection implementation for citizens and e-government. 5️ Digital Identity in the Crosshairs of Cyber Attacks Expect a proliferation of attacks against digital identity, leading to unprecedented large-scale data breaches.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Like an incident response plan, MFA has become a critical element of cybersecurity programs. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Obama Proposes New Financial Services Consumer Protection Agency

Hunton Privacy

JUNE 17, 2009

The proposal raises a number of privacy and data security questions, such as the role of the new financial services consumer protection agency in protecting privacy and data security and the continued role of the Federal Trade Commission as the lead agency in this area.

Financial Services

Financial Services Privacy Security IT

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Cyber threats cause significant economic damage and threaten customer protection and data privacy. Experts are observing a significant increase in the number of Ransomware attacks against hospitals, financial institutions, schools, and other critical infrastructure in G7 countries. . ” continues the statement.

Ransomware

Ransomware IT Financial Services Data Privacy

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Payment Card Industry Data Security Standard, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, and the Federal Information Security Management Act set forth longstanding data handling privacy and security rules.

Digital transformation

Digital transformation Insurance Compliance Healthcare

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

IBM is further adding additional zero trust principles designed to increase security and ease of use with the IBM Hyper Protect Platform. This unique capability is designed for workloads that have strong data sovereignty, regulatory or data privacy requirements.

Security

Security Cloud Data Privacy Financial Services

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

EyeMed’s privacy policy stated that the company would “follow generally accepted industry standards to protect the personal information submitted to us, and to guard that information against loss, misuse or alteration. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. Why should this be a high priority project? Increased regulation and enforcement action.

Privacy

Privacy Compliance Personal data Risk

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

Hunton Privacy

FEBRUARY 8, 2013

On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union (“Strategy”).

Information Security

Information Security Cybersecurity Security Cloud

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

Furthermore, sharing login credentials with third parties raises significant issues of consumer privacy, choice and transparency. They may also demonstrate the CFPB’s expectations of market participants and its broader viewpoints about consumer privacy and consent. Security practices should be adapted to new risks and threats.

Financial Services

Financial Services Privacy Access Marketing

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

The statement explains that “[t]here are over 5,000 UK companies operating in the UAE, many of which depend on the free and secure flow of safe data across borders.”

Government

Government Financial Services Personal data Security

Former FTC Counsel Markus Heyder Joins Centre for Information Policy Leadership at Hunton

Hunton Privacy

MARCH 11, 2014

Markus has a distinguished reputation as a privacy lawyer and brings an impressive background in global data privacy, information security and consumer protection law and policy, including with the FTC, the primary U.S. privacy authority. He will be resident in the firm’s Washington, D.C.

Privacy

Privacy Financial Services Data Privacy Information Security

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. Finally, the plan must require evaluation and revisions to it as necessary following a security event.

Privacy

Privacy Risk Cybersecurity Information Security

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

FTC Settles Charges of Improper Disposal of Personal Information

Hunton Privacy

NOVEMBER 8, 2012

On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint , the FTC maintained that PLS Financial Services, Inc.,

Financial Services

Financial Services Retail Privacy Compliance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Senate Passes Cybersecurity Information Sharing Act

Hunton Privacy

OCTOBER 28, 2015

CISA is intended to facilitate and encourage the sharing of Internet traffic information between and among companies and the federal government to prevent cyber attacks, by giving companies legal immunity from antitrust and privacy lawsuits. Chamber of Commerce and various financial industry groups. Bentsen Jr.

Cybersecurity

Cybersecurity Privacy Financial Services Government

EU Parliament Approves Collective Redress Directive

Hunton Privacy

NOVEMBER 25, 2020

The scope of the Collective Redress Directive covers all infringements of EU law by traders that harm or may harm the collective interests of consumers in a variety of areas such as data protection, travel and tourism, financial services, energy, telecommunications and health and the environment?including

Financial Services

Financial Services GDPR IT Information Security

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. She has written for Bora , Venafi, Tripwire and many other sites. .

IT

IT Passwords Authentication Data Privacy

Tiao Discusses Cyber Threats on CNBC

Hunton Privacy

AUGUST 27, 2013

Tiao talked about the steps the financial services industry has taken to protect against significant cybersecurity incidents, including “putting in best-of-breed information security policies” and “working across the industry to share information in a way that many other industries are not.”.

Financial Services

Financial Services Cybersecurity Marketing Information Security

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Security Compliance & Data Privacy Regulations

Trending Sources

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Vermont Enacts Insurance Data Security Law

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Navigating the EU-US Data Protection Framework

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

First American Financial Pays Farcical $500K Fine

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Resecurity Released a 2024 Cyber Threat Landscape Forecast

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Privacy and Cybersecurity Top 10 for 2018

Obama Proposes New Financial Services Consumer Protection Agency

The G7 expresses its concern over ransomware attacks

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

New York SHIELD Act $600,000 settlement

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

Summary – “Industry in One: Financial Services”

Tackling Data Sovereignty with DDR

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Former FTC Counsel Markus Heyder Joins Centre for Information Policy Leadership at Hunton

NYDFS settles with EyeMed for $4.5 million

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

New York Banking Regulator Announces New Cybersecurity Assessment Process

FTC Settles Charges of Improper Disposal of Personal Information

New York Enacts Stricter Data Cybersecurity Laws

Senate Passes Cybersecurity Information Sharing Act

EU Parliament Approves Collective Redress Directive

What is credential stuffing? And how to prevent it?

Tiao Discusses Cyber Threats on CNBC

Stay Connected