Financial Services, Personal data and Risk - Information Management Today

Toyota Financial Services discloses a data breach

Security Affairs

DECEMBER 11, 2023

Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial Services (TFS) is warning customers it has suffered a data breach that exposed sensitive personal and financial data.

Financial Services

Financial Services Data breaches Ransomware Insurance

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. This would change the economics of consumer finance and the illicit data economy that exists today.

Financial Services

Financial Services Privacy Personal data Marketing

NYDFS Settles with Mortgage Company for Data Breach

Hunton Privacy

MARCH 11, 2021

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Data breaches

Data breaches Cybersecurity Financial Services Personal data

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

If malicious actors accessed the exposed data, the company could have faced devastating consequences and put their clients at risk, as financial services are the main target for cybercriminals. Employees, businesses, and individuals whose data were exposed could be at risk of spear phishing campaigns,” added researchers.

Personal data

Personal data Phishing Risk Financial Services

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

Keeping informed about current attacks is one of the best ways of reducing the risk of falling victim. So, as ever, this blog series examines recent phishing campaigns and the tactics criminals use to trick people into compromising their data. Can you spot a phishing scam?

Phishing

Phishing Financial Services Manufacturing Personal data

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

Hunton Privacy

OCTOBER 24, 2022

On October 18, 2022, the New York State Department of Financial Services (“NYDFS”) announced that EyeMed Vision Care LLC (“EyeMed”) agreed to a $4.5 As part of the settlement, EyeMed agreed to conduct a comprehensive cybersecurity risk assessment and prepare an action plan that addresses the risks identified in that assessment.

Cybersecurity

Cybersecurity Financial Services Risk Phishing

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. MFA was also expressly named by both Microsoft and Mandiant as one of the most important recommendations to mitigate risk.

Cybersecurity

Cybersecurity Financial Services Authentication Government

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. NYDFS found that none of the assessments addressed the risks associated with the compromised O365 mailbox.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How should businesses change their attitudes towards data retention?

Privacy

Privacy Compliance Personal data Risk

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. enable companies to identify cybersecurity risks and incidents. evaluate the significance associated with such risks and incidents.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

AI Governance: Why our tested framework is essential in an AI world

Collibra

AUGUST 14, 2023

Our framework is informed by our definition of AI governance: AI governance is the application of rules, processes and responsibilities to drive maximum value from your automated data products by ensuring applicable, streamlined and ethical AI practices that mitigate risk, adhere to legal requirements and protect privacy.

Government

Government Risk Financial Services Compliance

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

Suggested activities include monitoring, detecting or correcting bias in AI systems; using personal data for internal R&D or “business innovation purposes aimed at improving services to customers”; and using audience measurement cookies to improve webpages. Complaints and DSARs.

Government

Government FOIA GDPR Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. As a result, organisations need to revisit their current cookie consent mechanisms and notices and reassess their appetite to risk.

Privacy

Privacy GDPR Data breaches Risk

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. Although organizations should consider the optics of partial implementation, companies should not forgo the risk mitigation of incremental improvements. (2)

Passwords

Passwords Financial Services Authentication Insurance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

The GDPR provision that may keep IT security teams busiest is Article 32, which requires “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How should businesses change their attitudes towards data retention?

Privacy

Privacy Compliance Personal data Risk

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

So, you are carrying out profiling if you collect and analyse personal data using algorithms or AI, make associations between habits and characteristics based on that data, and predict individuals’ behaviour based on the demographic or profile that you’ve assigned them. What is profiling under the GDPR?

GDPR

GDPR Personal data Financial Services Compliance

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. They can share chats, files and other data , all while still meeting their own risk mitigation requirements. What are the security risks of Slack? Admin Roles.

Encryption

Encryption Risk Financial Services Privacy

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford. This ensures consistent messaging to all relevant parties.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

HL Chronicle of Data Protection

JULY 9, 2019

The ICO intends to use its own Sandbox to support organisations that are looking to use personal data in innovative ways through the use of new technologies and approaches. In the UK financial services industry, the Financial Conduct Authority (FCA) introduced a regulatory sandbox in 2015.

GDPR

GDPR Personal data Privacy Financial Services

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. What are BCRs? Following market leaders.

GDPR

GDPR Personal data Marketing Healthcare

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. As a result, organisations need to revisit their current cookie consent mechanisms and notices and reassess their appetite to risk.

Privacy

Privacy GDPR Data breaches Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

Pursuant to several provisions of the French Code Monétaire et Financier , entities from the banking and financial sector are required to implement processes and strategies to detect, measure and manage operational risks within their group (on a consolidated basis).

Personal data

Personal data Financial Services Risk Insurance

Consumer concerns over GDPR should set alarm bells ringing for businesses

Thales Cloud Protection & Licensing

NOVEMBER 16, 2017

Ahead of the May 2018 legislation, we’ve been asking organisations if they’re #FITforGDPR – whether they’re ready to improve their personal data protections, as well as take on the increased accountability for data breaches, should they occur. As expected, responses have been mixed. A role of responsibility.

GDPR

GDPR Retail Data breaches Financial Services

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired. 6) Adjusts the security program in light of business changes or new circumstances.

Security

Security Financial Services Passwords Risk

A consumer perspective on FinTech disruption (part 2)

CGI

JANUARY 12, 2017

Consumers lack trust in the companies that provide these services (largely FinTechs) due to their newness in the market and divergence away from traditional banking. In addition, consumers have trust issues when it comes to providing the personal data these services require. Finally, many consumers are simply risk averse.

Financial Services

Financial Services IoT Risk Insurance

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

HL Chronicle of Data Protection

NOVEMBER 15, 2018

This news should unquestionably be welcomed by international businesses that are looking for both certainty and consistency in the measures they have to take to protect personal data. What constitutes personal data that is subject to the withdrawal agreement is currently unclear. Transition period.

GDPR

GDPR Personal data Government Financial Services

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Despite increasing regulations across the finance sector globally, fraud and associated risks continue to increase—and at a staggering pace. Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. Finance service providers.

IT

IT Security Digital transformation Compliance

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The GDPR replaces Directive 95/46/EC and will become applicable in May 2018.

GDPR

GDPR Data Privacy Compliance Privacy

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined,” the report warned. Crimeware and spyware.

Ransomware

Ransomware Cybersecurity Phishing Encryption

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Hunton Privacy

JULY 22, 2009

The UK Financial Services Authority (FSA) has announced today fines for three HSBC entities totaling £3 million for failing to have adequate systems and controls in place to protect their customers’ confidential data. The fine is the highest to date in the UK and reflects a 30% discount for cooperating with the FSA.

Security

Security Insurance Data breaches Personal data

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. The regulation also proposes this chart with respect to risk levels and bulk thresholds: (at 25). What is included in the special category of “government related data”?

Access

Access Military Compliance Personal data

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Mitigating Risk in AI So, what happens when AI gets out of control and good intentions lead to bad results.

Marketing

Marketing Government Financial Services Artificial Intelligence

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. See Department Justice press release, Seattle Tech Worker Arrested for Data Theft Involving Large Financial Services Company , July 29, 2019.) Thompson in connection with the incident.

Cloud

Cloud Data breaches Encryption Access

Ireland & UK: Latest trends in data subject access requests in pending litigation

DLA Piper Privacy Matters

JULY 22, 2021

The rights around DSARs are set out in the GDPR and Recital 63 makes it clear that it is the intention that “a data subject should have the right of access to personal data… in order to be aware of, and verify, the lawfulness of the processing”. Approach of the Irish Data Protection Commission. Dealing with the DSAR.

Access

Access Personal data GDPR Financial Services

Toyota Financial Services discloses a data breach

Top financial services trends of 2024

Webinars

Trending Sources

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Webinars

CFPB’s Proposed Data Rules

NYDFS Settles with Mortgage Company for Data Breach

Improve your data relationships with third parties

Multinational ICICI Bank leaks passports and credit card numbers

Catches of the Month: Phishing Scams for October 2023

Navigating the EU-US Data Protection Framework

NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

NYDFS settles with EyeMed for $4.5 million

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

The Impact of Data Protection Laws on Your Records Retention Schedule

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

AI Governance: Why our tested framework is essential in an AI world

UK Government sets out proposals to shake up UK data protection laws

The Privacy Officers’ New Year’s Resolutions

New York SHIELD Act $600,000 settlement

Security Compliance & Data Privacy Regulations

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

GDPR automated decision-making and profiling: what are the requirements?

Slack Launched Encryption Key Addon For Businesses

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

EU: Binding Corporate Rules are Generating Greater Interest

The Privacy Officers’ New Year’s Resolutions

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

FRANCE: CNIL adopts new single authorization on fraud prevention systems

Consumer concerns over GDPR should set alarm bells ringing for businesses

New York’s Breach Law Amendments and New Security Requirements

A consumer perspective on FinTech disruption (part 2)

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

Security in the finance sector: Whose role is it anyway?

CIPL and AvePoint Release Global GDPR Readiness Report

What is a Cyberattack? Types and Defenses

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HSBC Fined £3 Million ($5 Million) for Data Security Failings in UK

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Capital Markets, AI, and the need for governance

Privacy and Cybersecurity Top 10 for 2018

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Ireland & UK: Latest trends in data subject access requests in pending litigation

Stay Connected