Financial Services, Government and Personal data

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

With every financial services organization focused on making better and faster decisions, data professional and business leaders are eager to better understand how AI can facilitate their strategic goals. Not surprisingly, everyone was talking about Artificial Intelligence (AI). Already using AI?

Marketing

Marketing Government Financial Services Artificial Intelligence

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Hunton Privacy

DECEMBER 19, 2022

On December 15, 2022, the UK government and the Dubai International Financial Centre Authority (“DIFC”) issued a joint statement on the shared commitment to deepening the UK-DIFC data partnership. the pursuit of a closer UK-DIFC partnership on data flows as a way of realizing untapped economic growth.”.

Government

Government Financial Services Personal data Security

AI Governance: Why our tested framework is essential in an AI world

Collibra

AUGUST 14, 2023

As we speed into a new AI era, there’s a critical element that’s often missing when organizations rush forward in hyper-competitive markets to build scalable, trusted AI programs — and that’s AI governance. An AI governance framework offers a blueprint for how to create successful AI products.

Government

Government Risk Financial Services Compliance

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike. The act mandates that businesses implement reasonable safeguards to protect personal data and timely report data breaches.

Cybersecurity

Cybersecurity Computer and Electronics Compliance Privacy

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

SEPTEMBER 24, 2024

Online credit bureaus, like Equifax, Experian, and TransUnion, often see an uptick in new users after breaches because consumers realize the potential risks to their financial well-being and identity. Governments can create a digital identity at birth to replace SSN in its current use. That identity is tied to specific vendors.

Authentication

Authentication IT ROT Compliance

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

FEBRUARY 25, 2019

based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. Governance and attestation quickly became a very big deal. Compliance became a huge driver for governance and attestation,” Curcio said. “It

Access

Access Government Authentication Data breaches

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

On June 24, 2022, the New York State Department of Financial Services (“NYDFS” or the “Department”) announced it had entered into a $5 million settlement with Carnival Corp. Since Carnival was licensed by the Department to sell insurance in NY State, it was treated as a covered entity under the Cybersecurity Regulation.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

CFPB’s Proposed Data Rules

Schneier on Security

JANUARY 31, 2024

In October, the Consumer Financial Protection Bureau (CFPB) proposed a set of rules that if implemented would transform how financial institutions handle personal data about their customers. This would change the economics of consumer finance and the illicit data economy that exists today.

Financial Services

Financial Services Privacy Personal data Marketing

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. First , all of the reports specifically focus on the threat of Russian state-sponsored cyberattacks.

Cybersecurity

Cybersecurity Financial Services Authentication Government

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

On 25 November 2020, the European Commission ( EC ) published its proposed Data Governance Regulation (the DGR ), which will create a new legal framework to encourage the development of a European single market for data. What are the objectives of the Data Governance Regulation?

Government

Government Personal data Marketing Artificial Intelligence

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

EvilProxy phishing campaign targets Microsoft 365 accounts via indeed.com A phishing campaign identified by Menlo Security has been targeting senior executives in various industries – most notably banking and financial services, property management and real estate, and manufacturing – since July. Can you spot a phishing scam?

Phishing

Phishing Financial Services Manufacturing Personal data

Improve your data relationships with third parties

Collibra

FEBRUARY 11, 2020

Seizing an opportunity to improve data relationships with third parties. Regulators are focusing on the data relationships financial services organizations have with third parties, including how well personal information is being managed. Exploring third party data relationship risk.

Financial Services

Financial Services Digital transformation Personal data Compliance

Navigating the EU-US Data Protection Framework

Thales Cloud Protection & Licensing

JANUARY 10, 2024

That decision of adequacy provides in substance that there is an adequate level of protection—comparable to that in the EU—for personal data transferred from the EU to US companies that are participating in the DPF. However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy

Data Privacy Personal data Privacy Cloud

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

On October 15, 2012, the Singapore Parliament passed the Personal Data Protection Act 2012. The new law will apply only to data processing in the private sector as data processing by public agencies (or organizations acting on behalf of public agencies) are already subject to internal government rules.

Personal data

Personal data Financial Services Data Privacy Data breaches

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national level, the security of crucial data was not ensured. million files belonging to ICICI Bank.

Personal data

Personal data Phishing Risk Communications

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

DLA Piper Privacy Matters

FEBRUARY 28, 2022

Primary areas of focus for the DPC in 2021 included the safeguarding of children’s data protection rights, progressing ongoing large-scale inquires and prioritising responding to complaints which have raised issues of substance, with a data subject centric approach to resolution. Ongoing Inquiries & Data Transfer Enforcement.

Financial Services

Financial Services Data breaches Personal data Compliance

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How do you build an effective information governance program?

Privacy

Privacy Compliance Personal data Risk

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

IT Governance

JULY 31, 2019

Croatian government targeted by mysterious hackers (unknown). LaPorte, Indiana, government pays $132 after its systems crippled by ransomware (unknown). New Bedford, MA, and Syracuse, NY, governments also hit by ransomware (unknown). NV, becomes latest US government to be hit by ransomware (unknown). Data breaches.

Data breaches

Data breaches Ransomware Personal data Government

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Data Protection Report

JULY 5, 2021

The Commission is assessing the application of the Trade Secrets Directive in the context of the data economy, including a study focusing on four key sectors (automotive, health, energy and financial services) with a view to providing clarifying guidance at a later date. B2B data sharing: Ensuring fairness and competitiveness.

B2B

B2B Personal data Cloud Access

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Security

Security Data breaches Ransomware Artificial Intelligence

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

SEPTEMBER 23, 2019

Tech consultancy IDC recently estimated that global spending on security-related hardware, software and services is growing at a compound annual growth rate of 9.2% As I came to understand it, this new approach leverages multi-factor secret sharing algorithms previously only used by government entities. billion by 2022.

Security

Security Encryption Compliance Data breaches

The Relevance of Privacy-Preserving Techniques and Generative AI to DORA Legislation

Thales Cloud Protection & Licensing

OCTOBER 28, 2024

It aims to ensure that financial institutions, ranging from banks to payment processors, can manage and mitigate risks associated with information and communication technology. Key areas covered by DORA include incident reporting, regular ICT risk assessments, third-party risk management, and maintaining robust governance frameworks.

Privacy

Privacy Encryption Compliance Risk

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

DLA Piper Privacy Matters

APRIL 20, 2021

This introduces a data lifecycle security framework, and represents the key guideline for handling personal and other financial information by financial institutions (i.e. similar to the PIS Specification, but focused on the banking and financial services industry). Level 1: public data.

Compliance

Compliance Security Financial Services Data collection

Indonesia Publishes Proposed Data Protection Rule

Hunton Privacy

JULY 17, 2015

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). 82 of 2012.

Personal data

Personal data Archiving Financial Services Communications

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

IT Governance

NOVEMBER 13, 2023

The data included shoppers’ names, email addresses, phone numbers, countries of residence and membership numbers. The post The Week in Cyber Security and Data Privacy: 6 – 12 November 2023 appeared first on IT Governance UK Blog. The information mostly related to court proceedings.

Data Privacy

Data Privacy Privacy Security Data breaches

Network Encryption Keeps Our Data in Motion Secure for Business Services

Thales Cloud Protection & Licensing

JULY 24, 2023

As global data is predicted to grow by more than 100% from 2022 to 2026, making it a top target for cybercriminals, businesses must prioritize cybersecurity solutions that offer protection without affecting network performance or management. These solutions encrypt data as it moves across networks for maximum security and performance.

Business Services

Business Services Encryption Security Manufacturing

GDPR automated decision-making and profiling: what are the requirements?

IT Governance

NOVEMBER 9, 2018

So, you are carrying out profiling if you collect and analyse personal data using algorithms or AI, make associations between habits and characteristics based on that data, and predict individuals’ behaviour based on the demographic or profile that you’ve assigned them. appeared first on IT Governance Blog.

GDPR

GDPR Personal data Compliance Financial Services

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021. The Order alleges that this vulnerability exposed over 800 million images dating back to 2003, including sensitive personal data, such as Social Security numbers and financial information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

The GDPR provision that may keep IT security teams busiest is Article 32, which requires “a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing” of personal data. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

The Data Breach Disclosure Conundrum

Troy Hunt

SEPTEMBER 27, 2024

As it relates to the UK GDPR, there are two essential concepts to understand, and they're the first two bulleted items in their personal data breaches guide : The UK GDPR introduces a duty on all organisations to report certain personal data breaches to the relevant supervisory authority.

Data breaches

Data breaches GDPR Personal data Risk

EU-U.S. Privacy Shield Passes Its Third Annual Review

HL Chronicle of Data Protection

OCTOBER 25, 2019

continues to provide an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S. On 12 July 2016, the European Commission issued its adequacy decision concerning the Privacy Shield framework for the transfer of personal data from the EU to the U.S.

Privacy

Privacy IT Personal data Financial Services

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Data Protection Report

DECEMBER 23, 2019

The most significant action came in October, when the Berlin Commissioner for Data Protection and Freedom of Information issued a €14.5million fine against German real estate company, Deutsche Wohnen SE, relating to the excessive retention of personal data. How do you build an effective information governance program?

Privacy

Privacy Compliance Personal data Risk

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Data sovereignty is the control of sensitive data in adherence to local geographical jurisdiction and prevention of unauthorized access and loss of data. Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data.

Cloud

Cloud Compliance Data Privacy Privacy

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

HL Chronicle of Data Protection

NOVEMBER 15, 2018

The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection. What constitutes personal data that is subject to the withdrawal agreement is currently unclear.

GDPR

GDPR Personal data Government Financial Services

Grove Pension Solutions fined £40,000 for PECR violation

IT Governance

APRIL 2, 2019

The ICO’s d irector of i nvestigations and i ntelligence , Andy White , said : “Spam email uses people ’ s personal data unlawfully, filling up their inboxes and promoting products and services which they don’t necessarily want. . “We In this instance, Grove rel ied on indirect consent.

Marketing

Marketing Personal data GDPR Compliance

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Slack Launched Encryption Key Addon For Businesses

Security Affairs

MARCH 18, 2019

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. There are millions of third party app available on the internet that needs permission, integration and access to your personal data. Third Party Apps. Third Party Apps.

Encryption

Encryption Risk Financial Services Privacy

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

Collibra

NOVEMBER 10, 2023

Discussions surrounding AI governance, regulation, and ethics have taken center stage. The United States government, along with many other countries, has recognized the need to establish a framework for responsible AI development and deployment. Personal data should be handled with care.

Artificial Intelligence

Artificial Intelligence Government Security Data Privacy

Countdown to GDPR: it’s time for action

CGI

MAY 25, 2017

The General Data Protection Regulation comes into force a year from now. It will usher in a new data management regime for any organisation collecting, storing or processing personal data. GDPR extends the notion of personal data to any information that contributes to individual identification.

GDPR

GDPR Personal data Financial Services Compliance

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

But it looks like my own personal data has been breached – again. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. Since in Tech we often travel “for a living”, I found in my bag an older Starwood preferred guest card.

Retail

Retail Data breaches Encryption Mining

The Economy of Things: the next value lever for telcos

IBM Big Data Hub

JULY 11, 2023

Telcos can also play the role of data providers as well as data marketplace and brokerage operators within the ecosystem. Vertical data platforms owned and operated by telcos and targeting a specific industry such as automotive, agriculture or financial services already exist today.

IoT

IoT Artificial Intelligence Agriculture Blockchain

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

In the UK, the Information Commissioner’s Office (ICO) has been very outspoken on the ad tech industry’s use of special category personal data and onwards data sharing without explicit consent. In the U.S.,

Privacy

Privacy GDPR Data breaches Risk

Capital Markets, AI, and the need for governance

UK Government and the Dubai International Financial Centre Issue Joint Statement on Data Bridge

Trending Sources

AI Governance: Why our tested framework is essential in an AI world

2024 Cybersecurity Laws & Regulations

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

CFPB’s Proposed Data Rules

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Catches of the Month: Phishing Scams for October 2023

Improve your data relationships with third parties

Navigating the EU-US Data Protection Framework

Singapore Parliament Passes Personal Data Protection Act

Multinational ICICI Bank leaks passports and credit card numbers

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Ireland: Large-scale inquiries progress as DPC budget and staff numbers ramp up

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

List of data breaches and cyber attacks in July 2019 – 2.2 billion records leaked

EU’s possible Data Act: What can we anticipate from the Inception Impact Assessment and the Consultation?

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Relevance of Privacy-Preserving Techniques and Generative AI to DORA Legislation

China: Navigating China episode 16: New data lifecycle guidelines for financial institutions in China – detailed assessments, additional security measures and some data localisation introduced

Indonesia Publishes Proposed Data Protection Rule

The Week in Cyber Security and Data Privacy: 6 – 12 November 2023

Network Encryption Keeps Our Data in Motion Secure for Business Services

GDPR automated decision-making and profiling: what are the requirements?

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Security Compliance & Data Privacy Regulations

The Data Breach Disclosure Conundrum

EU-U.S. Privacy Shield Passes Its Third Annual Review

Record Retention is a Key Component of Your Privacy and Cyber Compliance Program

Living in a data sovereign world

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Data Protection and the Draft EU-UK Withdrawal Agreement: Ten Initial Conclusions

Grove Pension Solutions fined £40,000 for PECR violation

The Privacy Officers’ New Year’s Resolutions

Slack Launched Encryption Key Addon For Businesses

AI governance: Key for addressing the Executive Order on safe, secure and trustworthy artificial intelligence

Countdown to GDPR: it’s time for action

It’s time to think twice about retail loyalty programs

The Economy of Things: the next value lever for telcos

The Privacy Officers’ New Year’s Resolutions

Stay Connected