2014, Information Security, Insurance and Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

The case is significant because: (1) it is only the second time that the Australian regulator has brought court proceedings of this kind despite having the power to do so since 2014; and (2) it signals the regulator’s priority in ensuring that cybersecurity incidents are responded to swiftly. Class actions.

Data breaches

Data breaches Privacy Risk Information Security

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

Hunton Privacy

OCTOBER 14, 2014

On October 8, 2014, the Department of Homeland Security reported that over the course of several months, the network of a large critical manufacturing company was compromised. The incident raises some issues for cyber insurance.

Insurance

Insurance Cybersecurity Manufacturing Information Security

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Hunton Privacy

FEBRUARY 24, 2014

Securities and Exchange Commission that its health insurance subsidiary, Triple-S Salud, Inc. Triple S”), which is Puerto Rico’s largest health insurer, will be fined $6.8 According to the 8-K, Triple S was notified of the pending sanctions on February 11, 2014. million for a data breach that occurred in September 2013.

Insurance

Insurance Data breaches IT Security

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

AUGUST 19, 2019

The public availability of such kind of information could expose the owners to identity theft and other scams. The experts also discovered a large number of insurance certificates that expose various personally identifiable information (PII), such as names, phone numbers, postal and email addresses. Pierluigi Paganini.

Military

Military Insurance Education Phishing

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

The Security Ledger

SEPTEMBER 11, 2019

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk Episode 159: Deep Fakes and Election (in)Security with ZeroFOX. Read the whole entry. » » Related Stories Third Party Cyber Risk is growing. Most Companies aren’t prepared. Third party cyber risk is growing. There are lots of reasons for this.

Risk

Risk GDPR Data Privacy Personal data

New York Banking Regulator Announces New Cybersecurity Assessment Process

Hunton Privacy

DECEMBER 11, 2014

On December 10, 2014, the New York State Department of Financial Services (the “Department”) announced that it issued an industry guidance letter to all Department-regulated banking institutions that formally introduces the Department’s new cybersecurity preparedness assessment process.

Cybersecurity

Cybersecurity Financial Services Insurance Information Security

HHS Announces Pre-Audit HIPAA Surveys

Hunton Privacy

MARCH 19, 2014

In a notice published in the Federal Register, OCR stated that the survey will collect information such as “number of patient visits or insured lives, use of electronic information, revenue, and business locations” to assess the organizations’ “size, complexity and fitness” for an audit.

Compliance

Compliance Insurance Privacy Risk

FTC Reaches Settlement with Accretive Health

Hunton Privacy

JANUARY 3, 2014

Under the terms of the settlement with the FTC, which will be in force for 20 years, Accretive must establish a comprehensive information security program that will be evaluated both initially and every two years by a certified, independent third party. The settlement is open for public comment until January 30, 2014.

Insurance

Insurance Information Security Risk Access

Wyndham Settles FTC Charges in FTC v. Wyndham

Hunton Privacy

DECEMBER 9, 2015

In response, Wyndham challenged the FTC’s authority to bring charges against private companies’ data security, arguing that by adopting targeted security legislation such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, Congress had precluded the FTC’s jurisdiction over data security.

Data breaches

Data breaches Information Security Insurance Compliance

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

Data Matters

FEBRUARY 10, 2022

The SEC may also consider updating its guidance on industry best practices, which SCI entities must follow, from the existing guidance that the SEC staff provided in 2014. For more information, please see Sidley’s client alert on the SEC’s market data infrastructure rules available here. 11 See Securities Exchange Act Release No.

Cybersecurity

Cybersecurity Marketing Risk Compliance

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

Hunton Privacy

FEBRUARY 6, 2015

On February 3, 2015, the Securities and Exchange Commission (“SEC”) released a Risk Alert , entitled Cybersecurity Examination Sweep Summary, summarizing observations from the recent round of cybersecurity examinations of registered broker-dealers and investment advisers under the Cybersecurity Examination Initiative.

Cybersecurity

Cybersecurity Insurance Financial Services Risk

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Hunton Privacy

SEPTEMBER 23, 2013

Today, September 23, 2013, marks the deadline for compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Omnibus Rule that was issued in January 2013. Change the notice of privacy practices to be distributed to individuals.

Compliance

Compliance Privacy Insurance Risk

NIST Releases Final Cybersecurity Framework

Hunton Privacy

FEBRUARY 12, 2014

On February 12, 2014, the National Institute of Standards and Technology (“NIST”) issued the final Cybersecurity Framework , as required under Section 7 of the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (the “Executive Order”).

Cybersecurity

Cybersecurity Risk Insurance Privacy

The Problem With the Small Business Cybersecurity Assistance Act

Security Affairs

JULY 18, 2019

The European Union is off to a slow start levying fines for abusing data privacy and security, but the now-year-old General Data Protection Regulation gives the government the power to do so. states are left on their own to fine companies which don’t take cybersecurity or client privacy seriously. Until the U.S.

Cybersecurity

Cybersecurity Education Government Risk

Delaware Enacts New Data Destruction Law

Hunton Privacy

JULY 31, 2014

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. confidential health care information.

Financial Services

Financial Services Insurance Privacy Paper

Germany Issues Revised Draft Cybersecurity Law

Hunton Privacy

AUGUST 27, 2014

On August 19, 2014, the German Federal Ministry of the Interior published a revised draft cybersecurity law (the “Draft Law”). Critical Infrastructure” and Security Requirements. The revised Draft Law will amend a number of laws and provisions relating to IT security. Powers of Federal Office for Information Security.

Cybersecurity

Cybersecurity Insurance Information Security Security

Third Circuit Hears Oral Arguments in FTC v. Wyndham

Hunton Privacy

MARCH 5, 2015

In response, Wyndham challenged the FTC’s authority to bring charges against private companies’ data security, arguing that by adopting targeted security legislation such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act of 1996, Congress had precluded the FTC’s jurisdiction over data security.

Insurance

Insurance Data breaches Security Access

Obama Administration Releases Incentive Reports on Cybersecurity

Hunton Privacy

AUGUST 7, 2013

The reports, taken as a whole, suggest eight areas for potential incentives: (1) cybersecurity insurance, (2) federal grants, (3) process preference, (4) liability limitation, (5) streamline regulations, (6) public recognition, (7) rate recovery for price regulated industries and (8) cybersecurity research and development.

Cybersecurity

Cybersecurity Insurance Risk Security

DOJ Announces Multinational Efforts to Disrupt Gameover Zeus Botnet

Hunton Privacy

JUNE 20, 2014

On June 2, 2014, the U.S. Read the FTC’s Consumer Information blog post. Read our previous blog entry about Gameover Zeus and how cyber insurance may help mitigate risks posed by malware. Department of Justice announced a U.S.-led Documents and resources related to the action are available on the DOJ website.

Insurance

Insurance Encryption Risk Security

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Morrisons previously lost two cases related to its March 2014 data breach , in which Andrew Skelton, a senior internal auditor at the supermarket’s Bradford office, leaked the payroll data of 99,998 employees.

Data breaches

Data breaches GDPR Passwords Personal data

First American Financial exposed 16 years’ worth of personal and financial documents

Security Affairs

MAY 27, 2019

The US real-estate insurance biz, First American Financial, accidentally leaked customers’ highly personal files online, hundreds of millions of documents. The US real-estate insurance company First American Financial Corp. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. billion in 2018.

Insurance

Insurance Access Security Privacy

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

Hunton Privacy

NOVEMBER 25, 2014

On November 21, 2014, Massachusetts Attorney General Martha Coakley announced that Boston hospital Beth Israel Deaconess Medical Center (“BIDMC”) has agreed to pay a total of $100,000 to settle charges related to a data breach that affected the personal and protected health information of nearly 4,000 patients and employees.

Security

Security Insurance Data breaches Education

Weekly podcast: Supermicro, federal data privacy law and Morrisons

IT Governance

OCTOBER 25, 2018

This week, we discuss the stalemate between Bloomberg Businessweek and Supermicro, Apple and Facebook’s call for a federal data privacy law in the US, and what the Morrisons Appeal Court ruling means for every organisation. We at Apple are in full support of a comprehensive federal privacy law in the United States.”.

Data Privacy

Data Privacy Privacy Data breaches GDPR

Information Management Today

Security Compliance & Data Privacy Regulations

Australian Privacy Regulator Sues in Data Breach Case

Trending Sources

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Puerto Rico Health Insurer Reports Record Fine Following PHI Breach Incident

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

New York Banking Regulator Announces New Cybersecurity Assessment Process

HHS Announces Pre-Audit HIPAA Surveys

FTC Reaches Settlement with Accretive Health

Wyndham Settles FTC Charges in FTC v. Wyndham

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

SEC Releases Observations from Recent Cybersecurity Examinations of Broker-Dealers and Advisers

HIPAA Omnibus Rule Compliance Deadline Has Arrived

NIST Releases Final Cybersecurity Framework

The Problem With the Small Business Cybersecurity Assistance Act

Delaware Enacts New Data Destruction Law

Germany Issues Revised Draft Cybersecurity Law

Third Circuit Hears Oral Arguments in FTC v. Wyndham

Obama Administration Releases Incentive Reports on Cybersecurity

DOJ Announces Multinational Efforts to Disrupt Gameover Zeus Botnet

2019 end-of-year review part 1: January to June

First American Financial exposed 16 years’ worth of personal and financial documents

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

Weekly podcast: Supermicro, federal data privacy law and Morrisons

Stay Connected