Home > IT Blogs > Regulatory Reality/

Regulatory Reality:

PII

12
October 22, 2012  2:09 PM

Are banks unfairly scrutinized?



Posted by: David Schneier
ACH, assess, assessment, assessments, Audit, auditor, audits, banking, banks, business, CISA, CISO, community bank, compliance, credit unions, CU, exam, examination, examinations, examiner, examiners, exams, FFIEC, financial institutions, general controls, GLBA, identify theft, identity theft, information security, information security office, Information Technology General Controls, internal audit, internal controls, ITGC, NPPI, observations, oversight, personally identifiable informaiton, PII, privacy, risk assess, risk assessment, risk assessments, risk management, risk-based, risks

A few years back when I first cut over to working somewhat exclusively with financial institutions I memorized an elevator speech that still somewhat defines who I am and what I do professionally.  Part of the speech pointed out that my firm helped "banks and credit unions meet regulatory...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

August 21, 2012  2:21 PM

Has PayPal lost its collective mind?



Posted by: David Schneier
checking account, checks, credit, credit card, cyber security, data security, hack, hacker, hackers, hacking, identify theft, identity management, identity theft, information security, NPPI, password, password theft, phish, phishing, PII, privacy, regulation, regulations

I'm not much of a shopper.  I decide what it is I need/want to buy, assess the market place to determine quality and price and once I have a generally strong sense for both make a decision and move forward.  My wife on the other hand loves the constant trolling, scouring and scouting of just...

  Bookmark and Share     2 Comments     RSS Feed     Email a friend

July 29, 2012  6:39 PM

Credit Card Breaches: The times they need a changin’



Posted by: David Schneier
ATM, bank, banking, banks, breach, checking account, community bank, credit, credit card, cyber security, data security, evidence, financial institutions, hack, hacker, hackers, hacking, id theft, identity theft, information security, network, oversight, PCI, personally identifiable informaiton, PII, regulation, regulations, Security, security breach, theft

If my blogging about credit card breaches has a bit of a deja vu feel to it you're not crazy, I last touched on it less than six months ago.  Sadly I was handed a new update this week in the form of my bank card being cancelled from right out underneath me again.   For those of you keeping score...

  Bookmark and Share     1 Comment     RSS Feed     Email a friend

July 21, 2012  8:25 PM

CFPB: Filling the regulatory void left by Sheila Bair



Posted by: David Schneier
Add new tag, assess, assessment, assessments, bank, banking, banking crisis, banks, community bank, compliance, compliance officer, compliant, control, credit, credit card, data security, Dodd-Frank, economy, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, examiners, exams, Federal Reserve Bank, FFIEC, financial, financial institutions, framework, information security office, lending, LinkedIn, mortgage, NCUA, NCUA Sheila Bair, NPPI, observations, oversight, personally identifiable informaiton, PII, policy, privacy, procedure, regulation, regulations, regulations audit, regulatory, regulatory guidance, risk assess, risk assessment, risk assessments, risk management, risk-based, risks, security PII, Sheila Bair, social security numbers, technology, third party management, third party oversight, vendor, Vendor Management, vendor risk, vendor risk assessment

I was an unabashed fan of Sheila Bair and made no secret of that fact.  She was a breath of fresh air in a line of work where everything is stale and always at least a little boring.  Not that Martin Gruenberg is any less effective running the FDIC, he's just a whole lot less interesting to pay...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

July 6, 2012  3:18 AM

Risk: The core issue behind regulatory requirements



Posted by: David Schneier
assess, assessment, assessments, Audit, audits, bank, banking, banks, compliance, compliant, control, credit union, credit unions, CU, enterprise risk, enterprise risk management, ERM, exam, examination, examinations, examiner, exams, FDIC, Federal Reserve Bank, FFIEC, financial institutions, framework, FRB, general controls, GLBA, governance, GRC, guidance, information security, information security office, infrastructure, NCUA, PII, policy, procedure, regulation, regulations, regulations audit, risk assessment, risk assessments, Risk IT, risk management, risk rating, risk-based, risks, threats, vendor, Vendor Management, vendor risk, vendor risk assessment

There's a joke of sorts within my personal circle of family and friends regarding what it is that I do these days.  Ask me and I'll tell you that I'm a regulatory compliance expert who advises financial institutions on how to comply with the myriad rules and regulations governing information...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

December 22, 2011  9:44 PM

Why I don’t trust hosted or SaaS solutions.



Posted by: David Schneier
assessment, Audit, compliance, GLBA, NPPI, PCI, PII, regulatory, Regulatory Compliance, risk, risk assessment

Let me begin by sharing a story from the way back files.   In the mid 80’s when I was first starting out in my career I was working as a junior programmer in Manhattan.  Courtesy of playing on the corporate softball team I became acquainted with a fairly diverse group of...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

October 13, 2011  10:42 PM

Does everyone value their privacy or is it just me?



Posted by: David Schneier
compliance, Facebook, identify theft, LinkedIn, NPPI, PCI, PII, privacy, regulatory, Regulatory Compliance, Security

I just came to find out that I’m old.  It was somewhat sudden and sort of unexpected as I’m not quite half way to one hundred and have fooled myself into thinking that old doesn’t roll in until somewhere beyond sixty.  But apparently one persons middle-aged...

  Bookmark and Share     2 Comments     RSS Feed     Email a friend

August 3, 2011  6:16 PM

Are you security unaware?



Posted by: David Schneier
compliance, GLBA, NCUA, NPPI, PII, regulatory, Regulatory Compliance, Security, security awareness

When I first started blogging professionally a colleague of mine cautioned that I should avoid posting anything where a client might recognize themselves in any story or example I might relate, good or bad.  And so in the years since I've gone to sometimes great length to anonymize my content to...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

November 29, 2010  3:19 PM

You can’t have partial regulatory compliance



Posted by: David Schneier
assessment, Audit, CISO, compliance, compliance officer, HIPAA, ISO, PII, regulatory, Regulatory Compliance

I recently decided to establish an automatic link between my personal checking account and a mutual fund account that was established for my son years ago when he was a baby.  The account was originally funded with a gift from a family member and while it's grown reasonably well percentage-wise,...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

September 5, 2010  5:17 AM

Managing today’s privacy threats and security risks



Posted by: David Schneier
CISO, compliance, Facebook, GLBA, information security, ISO, LinkedIn, NCUA, PII, regulatory, Regulatory Compliance, Security, social network

A few months back, the big blinking light in the middle of the information security radar was a story about how someone had harvested all sorts of personal...

  Bookmark and Share     0 Comments     RSS Feed     Email a friend

12