Definition, Events and Financial Services - Information Management Today

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Revised Definition of Class A Companies.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. Revised Definition of Class A Companies and other Key Requirements. Notice of Cybersecurity Event.

Cybersecurity

Cybersecurity Passwords Risk Compliance

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

The new law generally follows MDL-668’s provisions, adopting the model law’s broad definition of nonpublic information and requiring licensees to, in part, maintain a written information security program (“WISP”) and investigate cybersecurity incidents. Cybersecurity Event Investigation and Notification Requirements.

Insurance

Insurance Security Information Security Cybersecurity

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

We are hosting an event on the CCPA, on April 16 in New York. A few key topics that will be addressed are: How should you interpret key definitions like “personal information,” “sale,” “third party,” and “business” when operationalizing the CCPA?

Sales

Sales Financial Services Privacy Compliance

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. The FTC will publish information from the notification event report on a publicly available database.

Encryption

Encryption Cybersecurity Data breaches Financial Services

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

.” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C. But if recent events are any indication, legal landscape is shifting towards increased accountability and transparency.” According to Buckley LLP , a financial services law firm based in Washington, D.C.,

Financial Services

Financial Services IT Data breaches Passwords

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Definition and Purpose of a Records Retention Schedule. Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. 8 This is the GDPR definition and other countries have similar broad definitions of personal data.

Personal data

Personal data GDPR Privacy Records Management

Webinar Invitation — Operationalizing the California Consumer Privacy Act

HL Chronicle of Data Protection

JUNE 14, 2019

In this presentation, Hogan Lovells partners Mark Brennan and Bret Cohen will explore the impact of the CCPA including: Key terms used by the law that are fundamental to planning compliance – including broad definitions of “personal information” and “sale”; How the act will interact with existing regulations covering organizations in healthcare, (..)

Privacy

Privacy GDPR Compliance Financial Services

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

This blog post provides background on the scope of the exemption and an overview of key considerations for financial institutions developing CCPA compliance programs. The financial services industry is one of the most heavily regulated industries when it comes to protecting the privacy of personal information. Background.

Privacy

Privacy Financial Services Compliance Data breaches

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy

Privacy Risk Cybersecurity Information Security

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers.

Data breaches

Data breaches Cybersecurity Financial Services Risk

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

HL Chronicle of Data Protection

NOVEMBER 15, 2018

The second scenario is invoked in the event of the UK being granted adequacy. Article 71(3) creates a backstop in the event of a finding of adequacy being withdrawn or invalidated, committing the UK to ensuring a level of protection of personal data “essentially equivalent” to that under EU law. Definition of Union law.

GDPR

GDPR Personal data Government Financial Services

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

Generally, if finalized, the NPR would require banking organizations and bank service providers (each, as defined further below) to provide accelerated notices of certain cybersecurity and related events. Definition of Subject Entities: . bank holding companies and savings and loan holding companies, state member banks, the U.S.

Security

Security Cybersecurity Insurance Communications

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised. This aligns with the new Data Security Law.

Data Privacy

Data Privacy Privacy Compliance Analytics

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

For example, government contractors or subcontractors with reporting obligations to the DOD or DOE for cyber incidents, or financial services entities that are already required to report cyber incidents to their primary federal regulator would be considered “covered entities” under the CIRCIA.

Ransomware

Ransomware Agriculture Cybersecurity Government

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

The reporting requirements will cover multiple sectors of the economy, including chemical industry entities, commercial facilities, communications sector entities, critical manufacturing, dams, financial services entities, food and agriculture sector entities, healthcare entities, information technology, energy, and transportation.

Ransomware

Ransomware Cybersecurity Agriculture Communications

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads.

Cloud

Cloud Financial Services Security Compliance

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

DLA Piper Privacy Matters

MARCH 3, 2023

The discussion paper, which acknowledges that the Australian Government was “ill-equipped” to respond to the large scale data breaches which occurred in 2022 (namely Medibank and Optus), emphasises the importance of protecting customer data and enduring that Australians can continue to access critical services in the event of a cyber-attack.

Data breaches

Data breaches Security Paper Financial Services

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Cybersecurity Event Notification Would Expand.

Cybersecurity

Cybersecurity Risk Passwords Compliance

Sibos 2018 – a whirlwind tour of my week down under

CGI

DECEMBER 18, 2018

Sibos is one of the biggest banking industry events and is run in a different location every year allowing the great and the good of the financial services world to get away from the office for a week and spend some time seeing what else is going on in the market. as part of the launch of the Trade Information Network.

Financial Services

Financial Services Encryption Marketing GDPR

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

This want to commingle the solutions likely stems from the Gartner definition published in the Magic Quadrant for Data Quality Solutions, which rightfully states that data quality needs “identification, understanding[,] and correcting flaws in data.”. For financial services, data governance found its roots in risk.

Government

Government Risk Financial Services Access

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

That's quite a narrow definition. What can they do within the workforce, although this sort of job and sort of landscape we try and work out what they can do, which is the definition of authorization, essentially, this is Simon, what can he do today? Vamosi: And it’s not just in the work environment. I use a password manager.

Passwords

Passwords Authentication Access Data breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Only 3 definitely haven’t had data breached. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 83,463,951 records known to be compromised, and 210 organisations suffering a newly disclosed incident. 138 of them are known to have had data exfiltrated or exposed.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Only 1 definitely hasn’t had data breached. Publicly disclosed data breaches and cyber attacks: full list This week, we’ve found 130,036,285 records known to be compromised, and 116 organisations suffering a newly disclosed incident. 96 of them are known to have had data exfiltrated, exposed or otherwise breached.

Data Privacy

Data Privacy Privacy Manufacturing Security

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

MUSIC] VAMOSI: So we talked about Unix as a definition of an early operating system. CODEN: They definitely could benefit for several reasons. But it's definitely a place where we see significant benefits of work. VAMOSI: Michael mentioned financial services. It's definitely not a product, it's a project.

Analytics

Analytics Communications Computer and Electronics IT

Digital Enterprises: Built on Modern MDM

Reltio

MARCH 31, 2019

Aaron Zornes believes that Machine Learning will definitely play a bigger role in the modern MDM, increasingly solving scalability, complexity, and agility issues. If you missed this event, check out the video presentations here to get the latest buzz in the data management industry (Login: dd19@reltio.com | Password: berightfaster).

MDM

MDM Digital transformation Analytics Cloud

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In a moment we'll hear about a cool new framework that MITRE developed it attempts to map potential threats by looking at past events and catalogs, all known tactics and techniques used by criminal hackers. Vamosi: ATT&CK also allows you to move to the next level to get ahead of the adversary ATT & CK based on past events.

Government

Government IT Access Analytics

Information Management Today

NYDFS Amends Cybersecurity Rules for Financial Services Companies

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Webinars

Trending Sources

NYDFS proposes significant cybersecurity regulation amendments

Webinars

Vermont Enacts Insurance Data Security Law

NYDFS finalizes cybersecurity rule amendments

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

FTC amendment to Safeguards Rule

Scary Fraud Ensues When ID Theft & Usury Collide

New York Updates Cybersecurity Regulation for Financial Institutions

The Impact of Data Protection Laws on Your Records Retention Schedule

Webinar Invitation — Operationalizing the California Consumer Privacy Act

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

US: Surviving the service provider data breach

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

NYDFS proposes significant cybersecurity regulation amendments

Sibos 2018 – a whirlwind tour of my week down under

Why you should keep data observability separate from data cleansing

The Hacker Mind Podcast: Going Passwordless

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

Digital Enterprises: Built on Modern MDM

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected