Financial Services, Privacy and Training - Information Management Today

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Regular training and periodic audits shall be conducted to ensure the effectiveness of data security measures in place. The Draft Measures reflects PBOC’s approach in implementing the DSL requirements within the financial services industry.

Financial Services

Financial Services Personal data Compliance Data collection

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. with the California Consumer Privacy Act (CCPA) effective Jan.

Data Privacy

Data Privacy Compliance Privacy Security

Three data-driven trends to watch in financial services in 2022

Collibra

JANUARY 18, 2022

The financial services industry has had a longstanding tradition of being at the forefront of adopting new technologies. This will help ensure data is fully governed for use and in compliance with privacy policies and regulatory stipulations. . Is the data trustworthy and fully governed for use?

Financial Services

Financial Services Cloud Artificial Intelligence Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. This includes not only recruitment of those with cybersecurity experience and skills but a commitment by insurers to these employees’ training and development so as to “properly understand and evaluate cyber risk.”. 1 See W.B.

Insurance

Insurance Financial Services Cybersecurity Risk

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Hunton Privacy

APRIL 22, 2020

On April 13, 2020, the New York Department of Financial Services (“NYDFS”) issued guidance (“April guidance”) to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic.

Financial Services

Financial Services Cybersecurity Phishing Risk

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”). As part of the “training and monitoring” requirements under Section 500.14

Financial Services

Financial Services Cybersecurity Risk Passwords

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

The Last Watchdog

JULY 11, 2023

Related: Preserving the privacy of the elderly As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Conduct employee training and awareness programs. Here are seven tips to protect investor data in alternative asset trading.

IT

IT Encryption Risk Financial Services

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule. implement a privileged access management (PAM) system that is reasonable and appropriate to reduce the risk of unauthorized access to privileged accounts pursuant to the HIPAA Privacy Rule. 45 CFR 164.308(a)(5)(i).

Cybersecurity

Cybersecurity Privacy Insurance Risk

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Financial services orgs, especially those in capital markets, frequently has been on the forefront of generative AI investment.

Marketing

Marketing Government Financial Services Artificial Intelligence

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. The authority claimed a violation of data minimisation and privacy by design principles under the EU General Data Protection Regulation (GDPR). . Why should this be a high priority project?

Privacy

Privacy Compliance Personal data Risk

The aftermath of an incident – business considerations surrounding record-keeping

Data Protection Report

AUGUST 2, 2022

In our previous publication , we discussed the legal obligations and procedural considerations surrounding maintaining records of privacy incidents. Organizations should also be aware of sector-specific statutory obligations which may apply to them, for example in health or financial services industries.

Compliance

Compliance Privacy Risk Financial Services

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

Hunton Privacy

NOVEMBER 8, 2023

On November 1, 2023, New York Governor Hochul announced that the New York State Department of Financial Services (“NYDFS”) amended its Cybersecurity Regulation applicable to covered financial institutions. Our previous blog post covered key proposed changes to the Cyber Regulation.

Cybersecurity

Cybersecurity IT Compliance Financial Services

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

noyb accuses Meta of unlawfully ignoring users’ right to easily withdraw consent The privacy rights group noyb has accused Meta’s “pay or okay” system, which requires users to pay a “privacy fee” to avoid being tracked, of violating the GDPR’s requirements relating to the withdrawal of consent.

Data Privacy

Data Privacy Privacy Manufacturing Retail

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy

Data Privacy Privacy Compliance Analytics

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

IBM Big Data Hub

AUGUST 1, 2023

We are bringing the power of foundation models with the availability of a GPU as a service on IBM Cloud offering to help organizations tap into artificial intelligence (AI) in a secured environment while aiming to mitigate third- and fourth-party risk.

Financial Services

Financial Services Computer and Electronics Cloud Digital transformation

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

IBM Big Data Hub

DECEMBER 18, 2023

For organizations of all types—and especially those in highly regulated industries such as financial services, government, healthcare and telco—considerations including the rise of generative AI, evolving regulations and data sovereignty laws and ongoing security challenges must be top of mind.

Cloud

Cloud Financial Services Compliance Digital transformation

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Other Notable Changes. The proposed changes would amend the Rule to reflect this change.

Privacy

Privacy IT Information Security Insurance

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

The Last Watchdog

MARCH 31, 2020

Over the years processes, training and tooling to account for data privacy and data integrity have been woven in, driven by data breach lawsuits and the rise of data handling regulations. Keep in mind, software security was an afterthought when legacy software development processes first took shape. Enter DevOps.

Security

Security Privacy Financial Services Risk

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

IBM Big Data Hub

JANUARY 10, 2024

This unique capability is designed for workloads that have strong data sovereignty, regulatory or data privacy requirements. Protecting the confidentiality of proprietary algorithms and sensitive training data is crucial. As such, confidential containers play a key role across industries engineered to secure data and foster innovation.

Security

Security Cloud Data Privacy Financial Services

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

Licensees are wholly exempt from the law if they are compliant with the New York Department of Financial Services Cybersecurity Requirements for Financial Services Companies (23 NYCRR §§ 500.0 to 500.23) and they submit a written statement to the Commissioner certifying such compliance.

Insurance

Insurance Security Information Security Cybersecurity

How Jamworks protects confidentiality while integrating AI advantages

IBM Big Data Hub

JANUARY 12, 2024

Robust encryption, granular access controls and privacy-preserving techniques become imperative to counter the risks of unauthorized data access and use. Technical assurance delivers the highest level of privacy and protection Operational assurance means your cloud provider will not access your data based on trust, visibility and control.

Cloud

Cloud Data Privacy Encryption Privacy

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

The first chapter covers the lawful basis for training generative AI models on web-scraped data and is open until 1 March. Subscribe now The post The Week in Cyber Security and Data Privacy: 15 – 21 January 2024 appeared first on IT Governance UK Blog.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The Court of Justice of the European Union (CJEU) will determine the validity of the EU Standard Contractual Clauses (SCCs) ( Data Protection Commissioner v Facebook Ireland Limited, Maximillan Schrems ) whilst the General Court of the EU will consider the future of Privacy Shield (La Quadrature du Net v Commission). In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Conversational AI use cases for enterprises

IBM Big Data Hub

FEBRUARY 23, 2024

DL models can improve over time through further training and exposure to more data. HR and internal processes: Conversational AI applications streamline HR operations by addressing FAQs quickly, facilitating smooth and personalized employee onboarding, and enhancing employee training programs. AI training is a continuous process.

Analytics

Analytics Artificial Intelligence Marketing Education

What can AI and generative AI do for governments?

IBM Big Data Hub

SEPTEMBER 20, 2023

When implemented in a responsible way—where the technology is fully governed, privacy is protected and decision making is transparent and explainable—AI has the power to usher in a new era of government services. AI’s value is not limited to advances in industry and consumer products alone.

Government

Government Artificial Intelligence Privacy Digital transformation

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

Thales Cloud Protection & Licensing

DECEMBER 20, 2023

This development model enables enterprises to conduct model training and processing directly at the edge or on-premises. By moving computation and model training to the edge, organizations can train their models locally without uploading datasets to hyperscalers or relying on foundational models.

Cybersecurity

Cybersecurity Blockchain Artificial Intelligence Encryption

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk

Risk Financial Services Insurance Cybersecurity

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

This blogpost summarises our recent webinar: “ An urgent message from Berlin: The importance of record retention in privacy and cybersecurity ”. The authority claimed a violation of data minimisation and privacy by design principles under the EU General Data Protection Regulation (GDPR). . Why should this be a high priority project?

Privacy

Privacy Compliance Personal data Risk

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

IoT devices help remotely control our household appliances, power plants, smart buildings, factories, airports, shipyards, trucks, trains and military. In one very recent caper, the attackers targeted the CFO of a financial services firm, as he worked from home, Sherman says. And we’re just getting started.

IoT

IoT Passwords Artificial Intelligence Risk

The compliance challenges of hybrid working

IT Governance

AUGUST 26, 2021

Protecting employees’ privacy. For example, financial services firms may be worried about employees breaching insider trading laws. Although monitoring software comes with understandable privacy issues, remember that the GDPR (General Data Protection Regulation) doesn’t prohibit their use. Preventing data breaches.

Compliance

Compliance Data breaches Privacy Risk

BIPA Year in Review: Where Are We Now and What’s Coming Next?

Data Protection Report

NOVEMBER 16, 2022

2022 has been a record year for Illinois Biometric Information Privacy Act (“BIPA”) litigation. Since its enactment in 2008, BIPA has been one of the most litigated privacy-related laws with some of the highest penalties. However, it wasn’t until last month that the first BIPA jury verdict was ever rendered. 21C3001 at 5 (N.D.

Financial Services

Financial Services Privacy Compliance Insurance

Tackling Data Sovereignty with DDR

Security Affairs

JUNE 20, 2023

Data sovereignty also encompasses the rights and regulations governing data storage, processing, and transfer and often intersects with privacy, security, and legal considerations. When data is sovereign, an organization retains control and ownership over that data.

Compliance

Compliance Cybersecurity Risk Encryption

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

AI Governance: Why our tested framework is essential in an AI world

Collibra

AUGUST 14, 2023

Our framework is informed by our definition of AI governance: AI governance is the application of rules, processes and responsibilities to drive maximum value from your automated data products by ensuring applicable, streamlined and ethical AI practices that mitigate risk, adhere to legal requirements and protect privacy.

Government

Government Risk Financial Services Compliance

How to Prevent Data Breaches: Data Breach Prevention Tips

eSecurity Planet

AUGUST 22, 2023

Jump ahead to: Prioritize Data Protection Document Your Response Process Make Users Part of the Process Understand Business Context Be Thorough Proactively Collect and Organize Data Don’t Forget Network Analysis Train and Drill Enlist Outside Help Go on the Offensive 1. See the Top Cybersecurity Employee Training Programs 4.

Data breaches

Data breaches Big data Cybersecurity Security

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

But right now, pure AI can be programmed for many tasks that require thought and intelligence , as long as that intelligence can be gathered digitally and used to train an AI system. Generative AI can produce high-quality text, images and other content based on the data used for training. We’re all amazed by what AI can do.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

KnowBe4

FEBRUARY 14, 2023

This means you have a bunch of users that unwittingly follow a set of unusual and unnecessary clicks that they should know better than to follow – something they learn very quickly if they are enrolled in new-school security awareness training. Blog post with links: [link] Are Your Users Making Risky Security Mistakes?

Phishing

Phishing Security awareness Compliance Risk

NYDFS Files First Cybersecurity Enforcement Action

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity

Cybersecurity Risk Financial Services Insurance

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

Train Information Security Personnel to Follow Policies and Procedures Concerning the Disclosure of Material Issues: The Order alleges that First American’s CISO and CIO failed to inform the company’s senior executives of their prior knowledge of the vulnerability. See CF Disclosure Guidance: Topic No. 2, Cybersecurity (Oct. 14, 2011).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

From principles to actions: building a holistic approach to AI governance

IBM Big Data Hub

SEPTEMBER 27, 2022

Whether it be financial services, employee hiring, customer service management or healthcare administration, AI is increasingly powering critical workflows across all industries. These questions translate into five fundamental principles for trustworthy AI: fairness, robustness, privacy, explainability and transparency.

Government

Government Compliance Data science Financial Services

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

Three data-driven trends to watch in financial services in 2022

Webinars

NYDFS Amends Cybersecurity Rules for Financial Services Companies

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

NY Department of Financial Services Issues Guidance to Regulated Entities Regarding Cybersecurity During the COVID-19 Pandemic

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Capital Markets, AI, and the need for governance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

The aftermath of an incident – business considerations surrounding record-keeping

NYDFS Updates Its Cybersecurity Regulation to Protect Against Growing Cyber Threats

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

The Privacy Officers’ New Year’s Resolutions

5 things to know: IBM Cloud’s mission to accelerate innovation for clients

5 things to know: Driving innovation with AI and hybrid cloud in the year ahead

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

NEW TECH: Security Compass streamlines the insertion of security best practices into DevOps

Confidential Containers with Red Hat OpenShift Container Platform and IBM® Secure Execution for Linux

Vermont Enacts Insurance Data Security Law

How Jamworks protects confidentiality while integrating AI advantages

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Privacy Officers’ New Year’s Resolutions

Conversational AI use cases for enterprises

What can AI and generative AI do for governments?

2024 Tech and Cybersecurity Forecast: Navigating New Frontiers in Business

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The compliance challenges of hybrid working

BIPA Year in Review: Where Are We Now and What’s Coming Next?

Tackling Data Sovereignty with DDR

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

AI Governance: Why our tested framework is essential in an AI world

How to Prevent Data Breaches: Data Breach Prevention Tips

The most valuable AI use cases for business

CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake

NYDFS Files First Cybersecurity Enforcement Action

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

From principles to actions: building a holistic approach to AI governance

Stay Connected