Bank fined for violating PDPO

(May 23, 2019) Citibank Hong Kong received a HK$10,000 fine after admitting it violated a direct marketing offense under the Personal Data Privacy Ordinance. The bank failed to comply with a request from a data subject to stop using his personal data in the use of direct marketing. In 2016, the data subject applied for a credit card online and, despite opting out of the use of his personal data in direct marketing during the application phase, he still received a direct marketing call from the bank. Under the ... Read More

Equifax's credit rating dips due to cybersecurity concerns

(May 23, 2019) CNBC reports credit-monitoring service Moody's has downgraded the financial outlook of Equifax from stable to negative based on the company's cybersecurity issues. “We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change,” Moody's Spokesperson Joe Mielenhausen said. “This is the first time the fallout from a breach has moved the needle enough to contribute to the change.” Equifax remains in recovery from its 2017 breach, an... Read More

FTC grants deadline extension for Safeguards Rule comments

(May 22, 2019) The U.S. Federal Trade Commission has announced it is extending the deadline for comments on proposed changes to Safeguards Rule to Aug. 2. The FTC began seeking comments in March regarding the rule, which focuses on information security programs at financial institutions. Despite the 60-day extension for comments on the Safeguards Rule, the FTC is sticking to a June 3 deadline for comments on the changes to the Privacy Rule, which requires institutions to communicate with customers about sharin... Read More

Research shows correlation between data breaches and stock value

(May 16, 2019) Infosecurity Magazine reports a recent analysis that shows publicly traded companies that have experienced a data breach can be subject to a subsequent drop in stock value. Data security firm Bitglass' "Kings of the Monster Breaches" report looked at breaches for Marriott in 2018, Equifax in 2017 and Yahoo in 2016, revealing the companies endured a combined 7.5% post-breach drop in stock value. Each company lost an average of $5.4 billion, and Marriott and Yahoo averaged 46 days to redeem their ... Read More

Global accounting tech firm endures cyberattack

(May 13, 2019) Wolters Kluwer, a Netherlands-based global accounting software provider, is dealing with the aftermath of a hack on its software used to run a reported 93% of the world's small- and mid-sized accounting firms, Bloomberg reports. Wolters Kluwer Chief Information Officer Martin Wuite discovered oddities on the company's servers caused by malware and promptly took those servers offline while notifying customers via social media; however, customer communications were cut off for two days. The softwa... Read More

AI-powered identification platform receives $20M for expansion

(May 10, 2019) Evident ID has raised $20 million toward the expansion of its artificial intelligence–driven identity and credential verification platform, according to a Yahoo Finance news release. The Series B financing will help Evident add AI components and improve pre-existing tech, which already includes facial recognition, crytopgraphy and machine learning. The platform offers identity verification based on such factors as business licenses, biometrics, insurance and criminal history while abiding by str... Read More

Hong Kong urges financial groups to consider data ethics

(May 9, 2019) The Hong Kong Monetary Authority is imploring financial institutions to employ the Privacy Commissioner for Personal Data's Ethical Accountability Framework, Insurance Business reports. The framework promotes the ethical and fair processing of personal data, which the HKMA believes companies need to put more consideration into with respects to consumer privacy during the collection and use of data. “The HKMA supports the concept of data ethics and stewardship in the context of collecting and usi... Read More

US Senate banking committee discusses future financial privacy rules

(May 8, 2019) The U.S. Senate Committee on Banking, Housing, and Urban Affairs held a hearing on "Privacy Rights and Data Collection in a Digital Economy," in which an assortment of witnesses testified on the existing gaps related to financial institutions and consumer privacy. While the hearing was held at the banking committee, the conversation was focused more broadly than on financial institutions, with discussions ranging from social media companies’ troves of data to the secretive world of ad tech. IAPP... Read More

Pa. credit union suing fintech company over security issues

(May 8, 2019) KrebsOnSecurity reports Bessemer System Federal Credit Union in Pennsylvania is suing financial technology company Fiserv for software security issues that are affecting bank customers. According to the bank’s claim at the end of April, Fiserv’s platform allowed online banking passwords to be reset by knowing a customer’s account number and the last four digits of their Social Security number. An August 2018 report revealed Fiserv was exposing online bank account numbers to customers before the ... Read More

Financial privacy pros look back on GDPR, forward to CCPA

(May 3, 2019) If one were to describe the state of privacy in 2019, the argument could easily be made that the industry is both in a state of reflection and anticipation. On one hand, the EU General Data Protection Regulation is weeks away from its first birthday. On the other, privacy professionals are counting down the days until the California Consumer Privacy Act makes its debut. However, a group of privacy professionals who has worked in the financial industry discussed both laws in a session here at t... Read More