The New York State Department of Financial Services (NYDFS) has made available Update on Cyber Security in the Banking Sector: Third-Party Service Providers (April 2015) (the Update Report), which is based on a survey NYDFS conducted of 40 banking firms about the "cyber security standards those firms have in place for their third-party vendors". The Update Report provides an update on NYDFS's Report on Cyber Security in the Banking Sector (May 2014), which "highlighted the [banking] industry's reliance on third-party service providers for critical banking functions as a continuing challenge".
According to NYDFS, key findings of the Update Report include that:
- "[n]early 1 in 3 ... of the banks surveyed do not require their third-party vendors to notify them in the event of an information security breach or other cyber security breach";
- "[f]ewer than half of the banks surveyed conduct any on-site assessments of their third-party vendors";
- "[a]pproximately 1 in 5 banks surveyed do not require third-party vendors to represent that they have established minimum information security requirements"; and
- "[n]early half of the banks do not require a warranty of the integrity of the third-party vendors' data or products".
NYDFS's media release (9 April 2015)
Related news item:
The New York Times: Wall St. Is Told to Tighten Digital Security of Partners (8 April 2015)
(Source: NYDFS; The New York Times)
PayPal has stated that it has "contained" a security issue made public by Australian school student Joshua Rogers, with the online payment processor maintaining that the vulnerability affected only "a small number of customers".
The United Kingdom Information Commissioner's Office (ICO) has warned barristers and solicitors to keep files secure, following 15 data breaches related to the legal practitioners reported in the last three months. The ICO noted that "barristers and solicitors are generally classed as data controllers in their own right and are therefore legally responsible for the personal information they process".
The Office of the Australian Information Commissioner (OAIC) has made available a statement (21 July 2014) by privacy commissioner Timothy Pilgrim advising that the OAIC was recently informed by online retailer The Catch Group of a data breach that occurred in 2011.
Leslie Caldwell, who commenced in the role of Assistant Attorney General for the United States Department of Justice criminal division in June 2014, has stated her intent to prioritise the combating of cybercrime.
The Office of the Privacy Commissioner of Canada (OPCC) published Insurance company overhauls its security safeguards following privacy breach (3 March 2014) on 2 July 2014, a report of findings under the Personal Information Protection and Electronic Documents Act.
The Office of the Australian Information Commissioner (OAIC) has released Own motion investigation report - Cupid Media Pty Ltd (June 2014), which outlines the findings of Privacy Commissioner Timothy Pilgrim's own motion investigation into Cupid Media Pty Ltd (Cupid), after the personal information of Cupid users was stolen by hackers gaining unauthorised access to Cupid webservers.
Goldman Sachs Group (GS) has filed a complaint in a New York state court against Google after a GS contractor accidentally emailed "highly confidential brokerage account information" to a stranger's account with Google's webmail service Gmail. Reportedly, the contractor sent a report to a "gmail.com" account when it was intended for a "gs.com" account.
Domino's France has acknowledged that the personal data of 592,000 French and 58,000 Belgian patrons of the Domino's franchise have been stolen, with hacker group Rex Mundi demanding a ransom of €30,000 for data including names, addresses, online account login details and favourite pizza toppings.
The United Kingdom Department for Business, Innovation and Skills (BIS) has launched a Cyber Essentials Scheme, which is aimed at highlighting security controls that will help organisations mitigate the risk to their IT systems from internet-based threats. The scheme also provides organisations with guidance on implementation and offers independent certification.
- Anti-Bribery & Anti-Corruption (142)
- Anti-Money Laundering (136)
- Business Ethics and Corporate Culture (180)
- Careful Communication and Proper Use of Computers (16)
- Code of Conduct (6)
- Competition (234)
- Confidentiality and Intellectual Property (35)
- Conflicts of Interest (21)
- Consumer Protection (420)
- Corporate Responsibility and Sustainability (218)
- Employment and Workplace Issues (393)
- Environment, Health & Safety (201)
- Financial Integrity (237)
- Government Contracting (32)
- Information Security (49)
- Insider Trading (96)
- Other (5)
- Privacy and Data Protection (226)
- Records Management (19)
- Respect in the Workplace (6)