Financial Services, Information Security, Privacy and Security

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me. That’s just a starting point.

Privacy

Privacy Data Privacy GDPR Personal data

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. On May 27, 2022, Vermont Governor Phil Scott signed H.515

Insurance

Insurance Security Information Security Cybersecurity

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. Throughout 2022, Thales hosted more than 40 webinars on a wide variety of cybersecurity topics, including, cloud security, data sovereignty, compliance, data threat trends, and rethinking approaches to role-based authentication.

Compliance

Compliance Cloud Security Financial Services

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. The post New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance appeared first on Data Matters Privacy Blog. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

Hybrid cloud has become the dominant approach for enterprise cloud strategies , but it comes with complexity and concerns over integration, security and skills. Hybrid cloud is also forcing a significant rethinking of how to secure and protect data and assets.

Security

Security Cloud Data Privacy Financial Services

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. First American Financial Corp.

Insurance

Insurance Risk Financial Services Mining

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Data Matters

MAY 14, 2019

William Long, partner and global co-leader of at Sidley’s Privacy and Cybersecurity practice, and has been working on global data privacy and information security matters for a number of years. Read the Full Interview.

Financial Services

Financial Services GDPR Big data Data Privacy

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year. Recent U.S.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). This follows the invalidation of the EU-US Privacy Shield, by the Court of Justice of the European Union on 16 July 2020.

Data Privacy

Data Privacy Personal data Privacy Cloud

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. The service determines whether an application is malicious or suspicious and, if so, will block it from making changes to any files in a protected folder. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. In this regard, notified consent remains the primary (if not sole) basis for processing of personal information.

Data Privacy

Data Privacy Privacy Compliance Analytics

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Data Matters

DECEMBER 6, 2022

On November 9, 2022, the New York Department of Financial Services (DFS) published its proposed second amendment to its cybersecurity regulations (23 NY CRR Part 500). This proposal follows a July 29 pre-proposal and comment period.

Cybersecurity

Cybersecurity Financial Services Privacy IT

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. Why should this be a high priority project? Increased regulation and enforcement action.

Privacy

Privacy Compliance Personal data Risk

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

The G7 expresses its concern over ransomware attacks

Security Affairs

OCTOBER 14, 2020

Cyber threats cause significant economic damage and threaten customer protection and data privacy. Experts are observing a significant increase in the number of Ransomware attacks against hospitals, financial institutions, schools, and other critical infrastructure in G7 countries. . ” continues the statement.

Ransomware

Ransomware IT Financial Services Data Privacy

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

The key security lesson is that an identity gets assigned to each and every RPA, creating fresh attack vectors. All these privacy regulations have a direct impact on IGA service, which help companies automate, as much as possible, governance processes, as a foundation proving compliance. Talk more soon.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Those who fail to take a proactive approach to secure their data often learn the hard way how vulnerable – and valuable – that data can be. Data sovereignty plays a crucial role in a robust security strategy. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

In total, information for approximately 2.1 The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. When you enter personal information on our Site, we encrypt transmissions involving such information using secure protocols.” Background. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Obama Proposes New Financial Services Consumer Protection Agency

Hunton Privacy

JUNE 17, 2009

The proposal raises a number of privacy and data security questions, such as the role of the new financial services consumer protection agency in protecting privacy and data security and the continued role of the Federal Trade Commission as the lead agency in this area.

Financial Services

Financial Services Privacy Security IT

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In the Order, the SEC alleges that First American’s disclosures concerning the vulnerability were deficient because senior executives were not provided all available and relevant information, specifically that First American’s information security personnel had identified and failed to remediate the vulnerability months earlier in January 2019.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

Hunton Privacy

FEBRUARY 8, 2013

On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union (“Strategy”). Establishing a coherent international cyberspace policy for the EU that promotes core EU values.

Information Security

Information Security Cybersecurity Security Cloud

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

The Cybersecurity Guidance is directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act of 1974 (ERISA) as well as plan participants and beneficiaries. Online Security Tips for plan participants and beneficiaries. Considerations for Plan Sponsors and Other Fiduciaries.

Cybersecurity

Cybersecurity Insurance Risk Compliance

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

The statement explains that “[t]here are over 5,000 UK companies operating in the UAE, many of which depend on the free and secure flow of safe data across borders.” The DIFC has already recognized the UK’s strong data protections and the UK is now in the advanced stages of its technical data protection assessment of the DIFC.

Government

Government Financial Services Personal data Security

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million. 23 NYCRR § 500.13.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. In 2019, we saw regulators put a renewed focus on how long businesses retain personal information. Why should this be a high priority project? Increased regulation and enforcement action.

Privacy

Privacy Compliance Personal data Risk

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

Data Matters

NOVEMBER 13, 2017

Banks are often concerned about the effect of these services on their systems, the commercial value of their data and the security of the information, for which the bank could potentially be held responsible. Security: Consumer data should be accessed, stored, used and distributed securely.

Financial Services

Financial Services Privacy Access Marketing

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and Privacy Rule. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

What is credential stuffing? And how to prevent it?

Security Affairs

MARCH 29, 2022

Earmarked by the FBI as a particular threat to the financial service industry just over a year ago, the increase of internet traffic, data breaches and API usage all contribute to the perfect conditions for successful credential stuffing attacks. Salt Security says in their recommendations for how to defend against credential stuffing.

IT

IT Passwords Authentication Data Privacy

Summary – “Industry in One: Financial Services”

ARMA International

NOVEMBER 7, 2019

The scope of a records and information management (RIM) program in financial services can seem overwhelming. Compared to other industries, the complexities of managing records and information in financial services are arguably some of the toughest to solve, primarily because of the intense regulatory scrutiny.

Financial Services

Financial Services Communications Compliance Risk

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Hunton Privacy

SEPTEMBER 15, 2016

The proposed regulation requires regulated financial institutions to take various actions, including: adopting a written cybersecurity policy; establishing a cybersecurity program; designating a Chief Information Security Officer to oversee and enforce its new program and policy; and.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

Former FTC Counsel Markus Heyder Joins Centre for Information Policy Leadership at Hunton

Hunton Privacy

MARCH 11, 2014

Markus has a distinguished reputation as a privacy lawyer and brings an impressive background in global data privacy, information security and consumer protection law and policy, including with the FTC, the primary U.S. privacy authority. He will be resident in the firm’s Washington, D.C.

Privacy

Privacy Financial Services Data Privacy Information Security

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

FTC Settles Charges of Improper Disposal of Personal Information

Hunton Privacy

NOVEMBER 8, 2012

On November 7, 2012, the Federal Trade Commission announced that it had settled charges against payday lending and check cashing companies alleged to have improperly disposed of consumers’ personal information. In its complaint , the FTC maintained that PLS Financial Services, Inc.,

Financial Services

Financial Services Retail Privacy Compliance

Popular apps left biometric data, IDs of millions of users in danger

Security Affairs

JANUARY 27, 2022

Millions of customers of large businesses have been left vulnerable to identity theft, thanks to a security flaw that exposes their personal data to illicit download. Among those affected are clients of Europcar, a vehicle rental service, and FxPro, a trading platform. ” -Mikail Tunç, a security researcher.

Personal data

Personal data Phishing Data breaches Passwords

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Senate Passes Cybersecurity Information Sharing Act

Hunton Privacy

OCTOBER 28, 2015

CISA is intended to facilitate and encourage the sharing of Internet traffic information between and among companies and the federal government to prevent cyber attacks, by giving companies legal immunity from antitrust and privacy lawsuits. Chamber of Commerce and various financial industry groups. Bentsen Jr.

Cybersecurity

Cybersecurity Privacy Financial Services Government

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

Vermont Enacts Insurance Data Security Law

Webinars

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

First American Financial Pays Farcical $500K Fine

DataGuidance by OneTrust Speak to William Long About Data Protection Issues in the Financial Sector

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Navigating the EU-US Data Protection Framework

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

NY DFS Proposes New Class of Entities and More Detailed Regulations in Second Amendment to Cybersecurity Regulations

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

The G7 expresses its concern over ransomware attacks

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Tackling Data Sovereignty with DDR

New York SHIELD Act $600,000 settlement

Privacy and Cybersecurity Top 10 for 2018

Obama Proposes New Financial Services Consumer Protection Agency

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

European Commission Launches Cybersecurity Strategy and Draft Directive on Network and Information Security

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

NYDFS settles with EyeMed for $4.5 million

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

New York Enacts Stricter Data Cybersecurity Laws

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

What is credential stuffing? And how to prevent it?

Summary – “Industry in One: Financial Services”

New York Announces Proposed Cybersecurity Regulation to Protect Consumers and Financial Institutions

Former FTC Counsel Markus Heyder Joins Centre for Information Policy Leadership at Hunton

New York Banking Regulator Announces New Cybersecurity Assessment Process

FTC Settles Charges of Improper Disposal of Personal Information

Popular apps left biometric data, IDs of millions of users in danger

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Senate Passes Cybersecurity Information Sharing Act

Stay Connected