Exercises and Financial Services - Information Management Today

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. The new rules provide more details on how the senior governing body of the covered entity is expected to exercise oversight of its cybersecurity risk management.

Financial Services

Financial Services Cybersecurity Compliance Government

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Data Matters

SEPTEMBER 20, 2018

Office of the Comptroller of the Currency (OCC) announced its decision (the Fintech Charter Decision) to begin accepting applications from financial technology (fintech) companies for special purpose national bank charters. The Fintech Charter Decision is discussed in greater detail in a prior Sidley Banking and Financial Services Update.

Financial Services

Financial Services Paper Marketing Privacy

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. The proposed amendments revise several aspects of the draft Cybersecurity Rule amendments released on July 29, 2022.

Financial Services

Financial Services Cybersecurity Ransomware Risk

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance.

Insurance

Insurance Financial Services Compliance Retail

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Other government agencies, like the New York Department of Financial Services and the Federal Trade Commission, are also increasingly focused on the need for broad implementation of MFA. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Banking on mainframe-led digital transformation for financial services

IBM Big Data Hub

JULY 31, 2023

Financial services companies are considered institutions because they manage and move the core aspects of our global economic system. And the beating heart of financial institutions is the IBM mainframe. As efforts are scrapped, IT leaders within these organizations felt like they bit off more than they could chew.

Financial Services

Financial Services Digital transformation Computer and Electronics Analytics

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

Hunton Privacy

AUGUST 15, 2022

On July 29, 2022, the New York Department of Financial Services (“NYDFS”) posted proposed amendments (“Proposed Amendments”) to its Cybersecurity Requirements for Financial Services Companies (“Cybersecurity Regulations”).

Financial Services

Financial Services Cybersecurity Risk Passwords

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

Hunton Privacy

JULY 12, 2021

On June 30, 2021, the New York State Department of Financial Services (“NYDFS,” the “Department”) issued guidance to all New York state regulated entities on ransomware (the “Guidance”), identifying controls it expects regulated companies to implement whenever possible.

Ransomware

Ransomware Security Financial Services Cybersecurity

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

JANUARY 29, 2017

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. Does it really mean that in 481 days, European privacy regulators will be heralding the first megafine for non-compliance with one of the GDPR’s more obscure requirements? I think not.

GDPR

GDPR Privacy Compliance Personal data

Deploying applications built in external CI through IBM Cloud DevSecOps

IBM Big Data Hub

OCTOBER 10, 2023

These attacks are even more detrimental in critical systems, which include IT infrastructure and financial services organizations. IBM Cloud for Financial Services This is where IBM Cloud for Financial Services shines—it helps clients to fill that gap by supporting innovation while guaranteeing security and compliance.

Cloud

Cloud Financial Services Compliance Risk

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise.

Artificial Intelligence

Artificial Intelligence Analytics Big data Mining

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

However, we caution that while a robust data quality platform should correct flaws, platform leaders should exercise caution in requesting single products/projects to combine both observability and correction. For financial services, data governance found its roots in risk.

Government

Government Risk Financial Services Access

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

NOVEMBER 14, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period. NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.

Cybersecurity

Cybersecurity Passwords Risk Compliance

What Every CIO Needs to Know About DORA: An IT Operations Perspective

OpenText Information Management

JANUARY 24, 2025

Developing and testing incident response plans: Regularly testing your incident response capabilities through simulations and exercises ensures you are prepared for real-world events. A coordinated monitoring response across both the IT operations and cybersecurity front will be critical to DORA compliance.

IT

IT Compliance Risk Cloud

Ireland & UK: Latest trends in data subject access requests in pending litigation

DLA Piper Privacy Matters

JULY 22, 2021

Every financial services organisation will have been subject to a DSAR in order to obtain information as a pre-cursor to a claim against them for mis-selling a service or breaching an agreement in some way. This allows for restrictions on the right of access: “ where the restrictions are necessary and proportionate ….

Access

Access Personal data GDPR Financial Services

New York hospitals have new cybersecurity requirements

Data Protection Report

OCTOBER 23, 2024

The regulation includes elements of both the Health Insurance Portability and Accountability Act (HIPAA) and the New York Department of Financial Services (NYDFS) cybersecurity regulation. Therefore, covered hospitals may need to revise their risk analysis and management process to comply with the new regulation.

Cybersecurity

Cybersecurity Risk Access Financial Services

Business Architecture and Process Modeling for Digital Transformation

erwin

JULY 11, 2019

For instance, millennials are adept at using digital channels, and they are the fastest-growing customer base for financial services companies. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

Digital transformation

Digital transformation Information capture Compliance Financial Services

Big California Privacy News: Legislative and Enforcement Updates

Data Matters

SEPTEMBER 6, 2022

Targets of OAG investigations included several entities in the healthcare space (HIPAA exemption), a financial services firm (GLBA exemption) and a medical device manufacturer (B2B exemption). The examples provided show the OAG has been investigating businesses whose data we would expect to be largely exempt from CCPA.

Privacy

Privacy B2B Sales Compliance

ICYMI – Late December in privacy and cybersecurity

Data Protection Report

JANUARY 30, 2023

the country in which Processing occurs e. the identity of Affiliates, Processors, or Third-Parties Personal Data is shared with f. methods by which Consumers can exercise their Data Rights request; or g. Processing purposes.

Privacy

Privacy Cybersecurity Personal data Insurance

Process Excellence: A transformational lever to extreme automation

IBM Big Data Hub

APRIL 20, 2023

With the success of initial automation deployment, the focus has shifted to optimization of adjacent business-critical processes, e.g. service order management, reverse value chain, and more, for cycle time reduction and quality improvement.

Mining

Mining Financial Services Digital transformation Retail

CFPB Indicates Intent to Regulate Service Providers to Financial Institutions

Hunton Privacy

AUGUST 8, 2012

Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions.

Financial Services

Financial Services Compliance Privacy IT

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

HL Chronicle of Data Protection

APRIL 1, 2019

How will the financial incentives and anti-discrimination provisions actually work when consumers exercise their rights? How do the CCPA’s exceptions for certain regulated companies, such as financial services, work? How far does a business have to go to implement a consumer’s opt-out of sales to third parties?

Sales

Sales Financial Services Privacy Compliance

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

DLA Piper Privacy Matters

MARCH 4, 2021

In reviewing the answers to these and further queries, the DPC noted that organisations must be able to demonstrate effective and real exercise of management activities in Ireland that determine the main decisions as to the purposes and means of processing through stable arrangements. Financial Services Sector Focus.

GDPR

GDPR Compliance Data breaches Marketing

Rock the Blockchain: Thales and DigiCert Secure the Data

Thales Cloud Protection & Licensing

SEPTEMBER 15, 2021

It’s not hard to understand why companies are exercising diligence when selecting a data protection solution. A number of their industry partners, including IBM, Oracle, financial service providers, and others, use Hyperledger Fabric. The needs are loud and clear: make it automated, and straightforward.

Blockchain

Blockchain Security Authentication Compliance

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

The Data Strategy proposed the establishment of nine common European data spaces for data sharing and pooling, including health, mobility, manufacturing, financial services, energy, and agriculture. The EC’s Data Strategy sets out a vision of common European data spaces, a Single Market for data.

Government

Government Personal data Marketing Agriculture

UK Government sets out proposals to shake up UK data protection laws

Data Protection Report

SEPTEMBER 28, 2021

Depending on the activity in question, organisations would have to consider how disapplying the balancing test would work in light of a request to exercise those rights which require reconsidering the legitimate interest. Organisations will need to factor this in as part of their compliance program.

Government

Government FOIA GDPR Compliance

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

Data Matters

JUNE 24, 2022

The definition generally includes three elements for determining whether a person is an investment adviser: (i) The person provides advice, or issues analyses or reports, concerning securities; (ii) the person is in the business of providing such services; and (iii) the person provides such services for compensation. 2, 1987).

Marketing

Marketing Financial Services Security Analytics

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11.

Personal data

Personal data GDPR Privacy Records Management

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

Hunton Privacy

FEBRUARY 12, 2013

Where applicable, the Full Notice should contain information about the use of public do-not-contact registries, such as (1) the Public Register of Consumers established pursuant to the Federal Consumer Protection Law and (2) the Public Register of Users established pursuant to the Law for the Protection and Defense of Users of Financial Services.

Privacy

Privacy Personal data Data collection Financial Services

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

And several speakers from the financial services industry asked that the Attorney General clarify that banks and other financial institutions’ incidental receipt of personal information during the course of a transaction is exempted from the Act’s coverage. Safe Harbors and Concrete Guidance.

Sales

Sales Privacy Data Privacy Compliance

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

MARCH 5, 2018

For example, PNC Financial Services Group’s annual report mentions the business initiative to “grow profitability through the acquisition and retention of customers and deepening relationships.” We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise.

Artificial Intelligence

Artificial Intelligence Analytics Mining Big data

Security in the finance sector: Whose role is it anyway?

CGI

OCTOBER 25, 2015

All of this leads one to ask: In the midst of these heightened risks, increasing regulations and digital innovation, whose role is it to make sure that financial and personal data is kept safe? The answer is easy—all key players in the finance sector, including consumers, financial services providers and systems integrators.

IT

IT Security Digital transformation Compliance

“Am I a CII operator?” – New regulation in China provides more clarity

Data Protection Report

AUGUST 18, 2021

In addition, some companies have received an official notice that it is a CII, but we expect more to come so companies operating in sensitive or highly regulated sectors like energy, financial services, and telecoms should be aware that the issuance of a notice still remains a possibility.

Financial Services

Financial Services Data collection Security Communications

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

For example, government contractors or subcontractors with reporting obligations to the DOD or DOE for cyber incidents, or financial services entities that are already required to report cyber incidents to their primary federal regulator would be considered “covered entities” under the CIRCIA.

Ransomware

Ransomware Agriculture Cybersecurity Government

Getting ready for artificial general intelligence with examples

IBM Big Data Hub

APRIL 18, 2024

It might create interactive simulations, personalized exercises and even gamified learning experiences to keep students engaged and motivated. The student practices with personalized exercises that cater to their specific knowledge gaps and the AGI provides feedback and encouragement throughout the process. Mastering a topic?

Artificial Intelligence

Artificial Intelligence Marketing e-Delivery Manufacturing

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. In the U.S., Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

“If you are not tying what you are doing, in any kind of data initiative, to a business vision and some tangible outcomes that a business is trying to achieve, then MDM can become just a complex academic exercise.”. Prioritise people, process and governance.

MDM

MDM Retail IT Government

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.

Cybersecurity

Cybersecurity Risk Passwords Compliance

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

Vertical data platforms owned and operated by telcos and targeting a specific industry such as automotive, agriculture or financial services already exist today. The EoT needs to be built on open innovation platforms grounded in interoperable infrastructure, common standards and a connective fabric of data and services.

IoT

IoT Agriculture Artificial Intelligence Blockchain

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

For example, the New York Department of Financial Services (‘NYDFS’) in March 2017 issued its Cybersecurity Regulation (23 NYCRR 500) (‘the NYDFS Cybersecurity Regulation’), a groundbreaking and far-reaching regulatory regime focused on financial institutions licensed in New York, including insurance companies.

Insurance

Insurance Cybersecurity Data breaches Financial Services

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

New York State Department of Financial Services Challenges OCC Authority on Fintech Charters

Webinars

Trending Sources

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Webinars

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Banking on mainframe-led digital transformation for financial services

Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs

NYDFS Issues Ransomware Guidance Outlining Expected Security Controls

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Deploying applications built in external CI through IBM Cloud DevSecOps

Artificial Intelligence: 6 Step Solution Decomposition Process

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Why you should keep data observability separate from data cleansing

NYDFS proposes significant cybersecurity regulation amendments

What Every CIO Needs to Know About DORA: An IT Operations Perspective

Ireland & UK: Latest trends in data subject access requests in pending litigation

New York hospitals have new cybersecurity requirements

Business Architecture and Process Modeling for Digital Transformation

Big California Privacy News: Legislative and Enforcement Updates

ICYMI – Late December in privacy and cybersecurity

Process Excellence: A transformational lever to extreme automation

CFPB Indicates Intent to Regulate Service Providers to Financial Institutions

You’re Invited to an In-Person Event: CCPAnow: Understanding the Challenge Ahead and What You Should Be Doing Now

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

The Privacy Officers’ New Year’s Resolutions

Ireland: DPC Annual Report 2020: Enforcement & Transfers Dominate Agenda

Rock the Blockchain: Thales and DigiCert Secure the Data

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

UK Government sets out proposals to shake up UK data protection laws

SEC Requests Comment on Regulation of Information Providers Under the U.S. Investment Advisers Act

The Impact of Data Protection Laws on Your Records Retention Schedule

Mexico Issues Cookie and Web Beacon Rules and Privacy Notice Requirements

Takeaways From CCPA Public Forums

Artificial Intelligence: 6 Step Solution Decomposition Process

Security in the finance sector: Whose role is it anyway?

“Am I a CII operator?” – New regulation in China provides more clarity

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Getting ready for artificial general intelligence with examples

The Privacy Officers’ New Year’s Resolutions

#ModernDataMasters: Mike Evans, Chief Technology Officer

NYDFS proposes significant cybersecurity regulation amendments

The Economy of Things: the next value lever for telcos

Cybersecurity: Managing Risks With Third Party Companies

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Stay Connected