Compliance, Financial Services, Personal data and Security

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Top financial services trends of 2024

IBM Big Data Hub

JANUARY 16, 2024

The start of 2024 brings forth many questions as to what we can expect in the year ahead, especially in the financial services industry, where technological advances have skyrocketed and added complexities to an already turbulent landscape.

Financial Services

Financial Services Customer Experience Cloud Digital transformation

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DLA Piper Privacy Matters

AUGUST 8, 2023

Authors: Carolyn Bigg, Amanda Ge and Venus Cheung On July 24, 2023, the People’s Bank of China (“ PBOC ”) released the Measures for the Management of Data Security in the Business Areas Falling into PBOC’s Jurisdiction (Draft for Comment) (“ Draft Measures” ) for public consultation, which closes on August 24, 2023.

Financial Services

Financial Services Personal data Compliance Data collection

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

The Last Watchdog

JANUARY 28, 2024

Scientists at NTT Research are working on an advanced type of cryptography that enables businesses to perform aggregate data analysis on user data — without infringing upon individual privacy rights. Rising data privacy regulations underscores the need for such a capability, Boyle told me.

Privacy

Privacy Data Privacy GDPR Personal data

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). are fulfilled.

Compliance

Compliance Security Financial Services Data collection

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Nevertheless, EyeMed certified its compliance with the Cybersecurity Regulation annually, from 2018-2021.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Striking a balance between security and usability of sensitive data

OpenText Information Management

DECEMBER 4, 2019

Last year, the number of personal records exposed by cyber attacks on the financial services industry was an incredible 446,575,334 – more than triple from the year before. The financial and reputational damage from these data breaches can be immense.

Financial Services

Financial Services Data breaches Security Personal data

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? Perhaps this will be a task for the Data Protection Board. But, in the short term, what new areas of non-compliance might European privacy regulators focus on?

GDPR

GDPR Privacy Compliance Personal data

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

New York SHIELD Act $600,000 settlement

Data Protection Report

FEBRUARY 8, 2022

The latter is the 2019 data security law known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act. EyeMed engaged a forensic investigator, which was unable to determine whether any exfiltration of personal data had occurred, due in part to a lack of log data. Background. SHIELD Act.

Passwords

Passwords Financial Services Authentication Insurance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents.

Personal data

Personal data GDPR Data Privacy Privacy

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

3 The SEC and its staff followed the September 2017 statement with various cybersecurity-related initiatives and guidance, including January 27, 2020, cybersecurity guidance and observations published by the SEC’s Division of Examinations (formerly Office of Compliance Inspections and Examinations).

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. In the U.S.,

Privacy

Privacy Compliance Personal data Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

However, as with all China laws, the PIPL is drafted as high level principles, and we anticipate additional guidelines will be published in the coming months outlining the practical compliance steps organisations will need to take when updating their China data protection compliance programmes.

Data Privacy

Data Privacy Privacy Compliance Analytics

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. In January 2024, it identified more potential victims, and has now written to inform them that their personal data may have been compromised in the incident. Data breached: 2,632,275 people’s data.

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

DLA Piper Privacy Matters

MARCH 30, 2023

Two-thirds of the GDPR fines issued by EU data protection authorities last year where from the DPC, illustrating a continued commitment to enforcement. This inquiry involves the processing of personal data in relation to biometric facial templates used in the department’s registration process.

Personal data

Personal data GDPR Compliance Financial Services

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

Security in the finance sector: Whose role is it anyway? Thomson Reuters was recently quoted as saying, “Increased regulation isn’t just a temporary challenge for global financial institutions—it’s the new reality.”. And, the cost of compliance is on the rise. Finance service providers. Mon, 10/26/2015 - 01:33.

IT

IT Security Digital transformation Compliance

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

The impetuses for the survey were the many significant changes the GDPR will bring to companies’ management and processing of personal data, their privacy compliance programs and their IT systems and infrastructure. The survey questions focused on the GDPR topics most relevant to everyday business and compliance concerns.

GDPR

GDPR Data Privacy Compliance Privacy

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The broad range of personal data that can be processed under the AU-054.

Personal data

Personal data Financial Services Insurance Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

The anchor identity of the device along with metadata about the device itself, data about its locatio , and transactions made on its own behalf is its own unit of value. Telcos can also play the role of data providers as well as data marketplace and brokerage operators within the ecosystem.

IoT

IoT Artificial Intelligence Agriculture Blockchain

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. For years, class actions following data breaches have been common in the United States.

Privacy

Privacy GDPR Data breaches Risk

Network Encryption Keeps Our Data in Motion Secure for Business Services

Thales Cloud Protection & Licensing

JULY 24, 2023

Network Encryption Keeps Our Data in Motion Secure for Business Services madhav Tue, 07/25/2023 - 04:59 The demand for high-speed networks and fast data transfers is increasing due to cloud adoption, digital transformation, and hybrid work. Why do you need network encryption in business services?

Business Services

Business Services Encryption Manufacturing Security

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect the data itself. Here are key takeaways: Security benefits Protect the data itself. Protecting the data itself is logical and smart. billion by 2022.

Encryption

Encryption Security Compliance Digital transformation

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

Collibra

NOVEMBER 10, 2023

Personal data should be handled with care. Transparency about personal data usage is essential for the protection of basic human rights. Security: Instituting a cybersecurity framework or program that will help develop AI safely, and work towards identifying and resolving issues within AI programs.

Artificial Intelligence

Artificial Intelligence Government Security Data Privacy

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

The May 25, 2018 effective date for the EU’s General Data Protection Regulation (GDPR) will no doubt be a central focus of 2018. Europe’s omnibus new framework for data protection law applies to (almost) all entities that collect and process EU personal data regardless of where the data are processed.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Glosbe dictionary exposes almost 7 million records The multilingual online dictionary Glosbe left a MongoDB instance unsecured last year, exposing nearly 7 million users’ information, including personal data, encrypted passwords and social media identifiers. Glosbe did not reply, but the open instance was soon closed.

Data Privacy

Data Privacy Privacy Security Data breaches

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In contrast, only 70 valid data breach notifications were received under the ePrivacy Regulations and 25 notifications under the Law Enforcement Directive. Around 60% of the data breaches notified occurred in the private sector. Unauthorised disclosure of personal data continues to be the leading reason for breach notifications.

GDPR

GDPR Compliance Data breaches Marketing

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Before explaining data sovereignty, let us understand a broader concept—digital sovereignty—first. Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations.

Cloud

Cloud Compliance Data Privacy Privacy

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

Related: Applying ‘zero trust’ to managed security services. Fortunately, the identity management space has attracted and inspired some of the best and brightest tech security innovators and entrepreneurs. Meeting compliance. Compliance became a huge driver for governance and attestation,” Curcio said. “It

Access

Access Government Authentication Data breaches

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

HL Chronicle of Data Protection

SEPTEMBER 12, 2018

Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world’s fifth-largest economy. We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, ?2018. provide additional CCPA analyses and reports.

Privacy

Privacy Compliance GDPR Data breaches

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

The DGR does not create a right to re-use such data, but provides for a set of harmonized basic conditions under which the re-use of such data may be allowed. The DGR does not create a right to re-use such data, but provides for a set of harmonized basic conditions under which the re-use of such data may be allowed.

Government

Government Personal data Marketing Artificial Intelligence

Countdown to GDPR: it’s time for action

CGI

MAY 25, 2017

The General Data Protection Regulation comes into force a year from now. It will usher in a new data management regime for any organisation collecting, storing or processing personal data. GDPR extends the notion of personal data to any information that contributes to individual identification.

GDPR

GDPR Personal data Financial Services Compliance

Is Your Customer Experience Future-Ready?

Reltio

APRIL 25, 2019

How do you ensure security and privacy while personalizing the customer experience? If the digital transformation doesn’t have an end date, then is your data platform able to scale infinitely to support your long-term, evolving customer experience? Do you have fail-safe processes to guarantee security of customer data?

Customer Experience

Customer Experience Digital transformation B2B B2C

India’s Digital Future Is Bright

Thales Cloud Protection & Licensing

DECEMBER 23, 2019

According to the 2019 Thales Data Threat Report-India Edition , digital transformation is well underway in India, with 41% of Indian respondents saying they are either aggressively disrupting the markets they participate in or embedding digital capabilities that enable greater organizational agility. Complexity is a Barrier to Data Security.

Digital transformation

Digital transformation Cloud Encryption Data Privacy

Keeping Customer Data Safe: AI's Privacy Paradox

Thales Cloud Protection & Licensing

MARCH 14, 2024

Putting Personal Data at Risk The results were not all positive, however. The Thales study highlighted how nearly six out of ten (57%) of global consumers were anxious that brands using generative AI would be putting their personal data at risk.

Privacy

Privacy Data Privacy Analytics Risk

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

JANUARY 10, 2019

One of the most notable blockchain skeptics – David Gerard –argues that if “you were silly enough to put personal data into an append-only ledger which is a proof-of-work blockchain — that’d be flat-out insane.”. While pseudonymization falls within GDPR protection as such data may be re-identified (i.e.

Blockchain

Blockchain GDPR Privacy Personal data

Security Compliance & Data Privacy Regulations

Top financial services trends of 2024

Trending Sources

CHINA: New draft proposes more stringent requirements for processing data in the financial services industry

DEEP TECH NEWS: Respecting individual rights by using ‘privacy preserving aggregate statistics’

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Improve your data relationships with third parties

Navigating the EU-US Data Protection Framework

NYDFS settles with EyeMed for $4.5 million

Striking a balance between security and usability of sensitive data

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Singapore Parliament Passes Personal Data Protection Act

New York SHIELD Act $600,000 settlement

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Ireland: DPC Produces “Significant Outputs” for 2022 Concluding 17 Large Scale Inquiries

New York’s Breach Law Amendments and New Security Requirements

Security in the finance sector: Whose role is it anyway?

CIPL and AvePoint Release Global GDPR Readiness Report

The Privacy Officers’ New Year’s Resolutions

FRANCE: CNIL adopts new single authorization on fraud prevention systems

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

The Economy of Things: the next value lever for telcos

The Privacy Officers’ New Year’s Resolutions

Network Encryption Keeps Our Data in Motion Secure for Business Services

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

Privacy and Cybersecurity Top 10 for 2018

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

Living in a data sovereign world

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Countdown to GDPR: it’s time for action

Is Your Customer Experience Future-Ready?

India’s Digital Future Is Bright

Keeping Customer Data Safe: AI's Privacy Paradox

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

Stay Connected