Compliance, Financial Services and Personal data

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

The Draft Measures regulate the processing of electronic data collected and generated during the course of business activities that are under the supervision and management of PBOC (“ Regulated Data ”). The data protection level cannot be reduced even in the context of intra-group processing.

Financial Services

Financial Services Personal data Compliance Data collection

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

SEPTEMBER 24, 2024

Online credit bureaus, like Equifax, Experian, and TransUnion, often see an uptick in new users after breaches because consumers realize the potential risks to their financial well-being and identity. NPD’s practice of scraping data elements from non-public sources without consent raises serious ethical and legal concerns.

Authentication

Authentication IT ROT Compliance

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Let’s explore what to expect from the upcoming regulations, provide insights into critical federal and state laws, and offer practical compliance and risk management strategies. These regulations often set standards for cybersecurity practices, incident reporting, and compliance requirements. What are Federal Cybersecurity Regulations?

Cybersecurity

Cybersecurity Computer and Electronics Compliance Privacy

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

However, this intensive ingestion of personal data points — in the absence of reasonable oversight — has triggered consumer anxiety , and rightly so. This, in turn, has led to rising data privacy regulations. In addition to developing and getting in position to supply the technology, Boyle says.

Privacy

Privacy Data Privacy GDPR Personal data

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

NYDFS Settles with Mortgage Company for Data Breach

Hunton Privacy

MARCH 11, 2021

On March 3, 2020, the New York Department of Financial Services (“NYDFS”) announced it had entered into a settlement with Residential Mortgage Services, Inc. (“RMS”) RMS”) related to allegations that RMS violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Data breaches

Data breaches Cybersecurity Financial Services Personal data

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

Primary areas of focus for the DPC in 2021 included the safeguarding of children’s data protection rights, progressing ongoing large-scale inquires and prioritising responding to complaints which have raised issues of substance, with a data subject centric approach to resolution. Ongoing Inquiries & Data Transfer Enforcement.

Financial Services

Financial Services Data breaches Personal data Compliance

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 1: public data.

Compliance

Compliance Security Financial Services Data collection

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? Perhaps this will be a task for the Data Protection Board. But, in the short term, what new areas of non-compliance might European privacy regulators focus on?

GDPR

GDPR Privacy Compliance Personal data

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

Suggested activities include monitoring, detecting or correcting bias in AI systems; using personal data for internal R&D or “business innovation purposes aimed at improving services to customers”; and using audience measurement cookies to improve webpages. Compliance program. Complaints and DSARs.

Government

Government FOIA GDPR Compliance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Introduction to Data Protection Laws. Data protection laws, regulations, and rules control the collection, use, transfer, and storage of personal and sensitive information. Personal data protection requirements may be issued by federal, state (provincial), or local governments.

Personal data

Personal data GDPR Privacy Records Management

Webinar Invitation — Operationalizing the California Consumer Privacy Act

HL Chronicle of Data Protection

JUNE 14, 2019

Please join the Hogan Lovells Privacy and Cybersecurity team and LexisNexis on June 19 for the webinar, Operationalizing the California Consumer Privacy Act – Key Decisions and Compliance Strategies. As the first broad-based state law on consumers’ personal data in the U.S., Date: Wednesday, June 19, 2019. Time: 2:00 p.m.

Privacy

Privacy GDPR Compliance Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations). 20, 2017). 27, 2020). 5 83 FR 8166 (Feb.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. 2) The EyeMed settlement shows regulators’ growing and continued emphasis on reasonable record retention and data disposition. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

DLA Piper Privacy Matters

MARCH 30, 2023

Two-thirds of the GDPR fines issued by EU data protection authorities last year where from the DPC, illustrating a continued commitment to enforcement. This inquiry involves the processing of personal data in relation to biometric facial templates used in the department’s registration process.

Personal data

Personal data GDPR Compliance Financial Services

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy

Data Privacy Privacy Compliance Analytics

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Reltio

AUGUST 16, 2018

The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union. maintain compliance, reduce costs) data strategies built-in.

GDPR

GDPR MDM Compliance Personal data

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

So, you are carrying out profiling if you collect and analyse personal data using algorithms or AI, make associations between habits and characteristics based on that data, and predict individuals’ behaviour based on the demographic or profile that you’ve assigned them. What is profiling under the GDPR?

GDPR

GDPR Personal data Compliance Financial Services

CIPL Responds to ICO Call for Views on Creating a Regulatory Sandbox

Hunton Privacy

OCTOBER 17, 2018

The regulatory sandbox concept is intended to provide a supervised safe space for piloting and testing innovative products, services, business models or delivery mechanisms in the real market, using the personal data of real individuals.

Financial Services

Financial Services Paper Personal data Compliance

AI Governance: Why our tested framework is essential in an AI world

Collibra

AUGUST 14, 2023

If you’re in financial services, maybe you’re considering how to incorporate AI into fraud detection, or personalized customer service, denial explanations or financial reporting. And you want to understand if the use of the data is legally permissible and within your organization’s policies.

Government

Government Risk Financial Services Compliance

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

HL Chronicle of Data Protection

JULY 9, 2019

The ICO intends to use its own Sandbox to support organisations that are looking to use personal data in innovative ways through the use of new technologies and approaches. In the UK financial services industry, the Financial Conduct Authority (FCA) introduced a regulatory sandbox in 2015.

GDPR

GDPR Personal data Privacy Financial Services

Grove Pension Solutions fined £40,000 for PECR violation

IT Governance

APRIL 2, 2019

The ICO’s d irector of i nvestigations and i ntelligence , Andy White , said : “Spam email uses people ’ s personal data unlawfully, filling up their inboxes and promoting products and services which they don’t necessarily want. . “We In this instance, Grove rel ied on indirect consent.

Marketing

Marketing Personal data GDPR Compliance

EU: Binding Corporate Rules are Generating Greater Interest

DLA Piper Privacy Matters

OCTOBER 16, 2019

Multinationals increasingly turning to BCRs as providing more legal certainty for personal data transfers from the EU. The EU General Data Protection Regulation (“GDPR”) brought about stricter data protection rules, and increased penalties for breaching these rules. What are BCRs?

GDPR

GDPR Personal data Marketing Healthcare

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The survey questions focused on the GDPR topics most relevant to everyday business and compliance concerns.

GDPR

GDPR Data Privacy Compliance Privacy

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The broad range of personal data that can be processed under the AU-054.

Personal data

Personal data Financial Services Risk Insurance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. And, the cost of compliance is on the rise. The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.

IT

IT Security Digital transformation Compliance

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Law § 899-aa) differs from most states’ law in several ways including (1) using separate definitions of “personal information” and “private information;” and (2) providing factors to consider whether personal information had been acquired.

Security

Security Financial Services Passwords Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

Telcos can also play the role of data providers as well as data marketplace and brokerage operators within the ecosystem. Vertical data platforms owned and operated by telcos and targeting a specific industry such as automotive, agriculture or financial services already exist today.

IoT

IoT Artificial Intelligence Agriculture Blockchain

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

Recall that the focus of the Executive Order was not on single transactions, but rather bulk transactions of Americans’ personal data. Will there be some exempt financial transactions? government, including the military and Intelligence Community.” What about inter-affiliate transactions?

Access

Access Military Compliance Personal data

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Privacy

Privacy Cybersecurity Data breaches GDPR

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data. 204 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Top financial services trends of 2024

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

2024 Cybersecurity Laws & Regulations

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NYDFS Settles with Mortgage Company for Data Breach

Improve your data relationships with third parties

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Navigating the EU-US Data Protection Framework

Singapore Parliament Passes Personal Data Protection Act

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

NYDFS settles with EyeMed for $4.5 million

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

UK Government sets out proposals to shake up UK data protection laws

The Impact of Data Protection Laws on Your Records Retention Schedule

Webinar Invitation — Operationalizing the California Consumer Privacy Act

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

New York SHIELD Act $600,000 settlement

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

GDPR automated decision-making and profiling: what are the requirements?

CIPL Responds to ICO Call for Views on Creating a Regulatory Sandbox

AI Governance: Why our tested framework is essential in an AI world

Striking a balance between security and usability of sensitive data

The UK ICO’s Regulatory Sandbox Points to a Future of Pro-Active Engagement

Grove Pension Solutions fined £40,000 for PECR violation

EU: Binding Corporate Rules are Generating Greater Interest

CIPL and AvePoint Release Global GDPR Readiness Report

FRANCE: CNIL adopts new single authorization on fraud prevention systems

The Privacy Officers’ New Year’s Resolutions

Security in the finance sector: Whose role is it anyway?

New York’s Breach Law Amendments and New Security Requirements

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

The Economy of Things: the next value lever for telcos

The Privacy Officers’ New Year’s Resolutions

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Privacy and Cybersecurity Top 10 for 2018

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Stay Connected