Access, Data collection and Insurance - Information Management Today

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Hunton Privacy

NOVEMBER 20, 2013

On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”).

Insurance

Insurance Personal data Authentication Records Management

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Data Protection Report

FEBRUARY 23, 2023

AVs currently under development can collect location data, biometric data, driver behaviour information, and information acquired through synced mobile devices (e.g., A considerable amount of the data collected by AVs could be considered personal information, and in some cases, “sensitive information.”

Privacy

Privacy Manufacturing Artificial Intelligence Data collection

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

For example, they can decline to have their data shared with third parties while allowing the app to generate personalized offers. The app heavily encrypts all user financial data. Only administrators can access customer data on the backend. Even if the data is stolen in a cyberattack , hackers can’t use it.

Data Privacy

Data Privacy Privacy GDPR Personal data

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

credit or debit card number, or any financial account number in combination with any required security code, access code or password that would permit access to such financial account.

Data breaches

Data breaches IT Insurance Passwords

Driving Conversations Around Careers In Telematics

Information Governance Perspectives

APRIL 5, 2023

Wireless telematics devices and “black box” technologies collect and transmit data on vehicle use, maintenance requirements, and automotive servicing. John Danenberger, CPCU, is Corporate Counsel at State Farm Insurance and specializes in addressing emerging issues around telematics. What’s it like to work in this field?

Insurance

Insurance Military Artificial Intelligence Manufacturing

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity

Cybersecurity Privacy Insurance Risk

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

For example, the government alleged that the company placed personal information “in a shared electronic folder, which unauthorized persons whom Cerebral has been unable to identify accessed multiple times” In addition, “former employees and contractors accessed 266 patient files using access credentials Cerebral failed to revoke.”

Personal data

Personal data Privacy Information governance Compliance

Data Innovator Spotlight - Interview with Charles Joseph, DataZed

Reltio

JUNE 12, 2020

1 sentence company description: DataZed is a consultancy that works with organizations to improve their data quality, data governance and data strategy. 1-2 Previous Roles & Companies: Worked as a consultant with general insurers, Lloyd’s market firms, brokers and reinsurers, including Beazley Group and RSA.

Insurance

Insurance Customer Experience B2B MDM

Nationwide Agrees to Pay $5.5 Million to Settle Multistate Data Breach Investigation

Hunton Privacy

AUGUST 10, 2017

On August 9, 2017, Nationwide Mutual Insurance Co. million settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 In October 2012, Nationwide and its affiliate, Allied Property & Casualty Insurance Co. Nationwide”) agreed to a $5.5

Data breaches

Data breaches Insurance Data collection Risk

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Main takeaways from the EDBP guidelines are: Connected vehicles raise various privacy and data protection concerns, such as the lack of control and information asymmetry, the risk of excessive data collection; the risk of unlawful further processing of personal data; Most data associated with connected vehicles are considered as personal data (e.g.

Privacy

Privacy Personal data GDPR Insurance

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

Hunton Privacy

NOVEMBER 6, 2019

After conducting onsite inspections in June 2017 and March 2019, the Berlin Commissioner noticed that Deutsche Wohnen SE was retaining personal data of tenants for an unlimited period, without examining whether the retention was legitimate or at all necessary. After the inspection of 2017, Deutsche Wohnen SE improved its archiving system.

GDPR

GDPR Archiving Personal data Insurance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

Summary of key requirements under the DPDP Act Scope of the DPDP Act: The DPDP Act is applicable to the processing of “digital personal data”, which includes personal data collected either digitally, or collected in a non-digitised form and subsequently converted into digital form. payments, insurance etc).

Personal data

Personal data GDPR Data breaches Compliance

Generative AI that’s tailored for your business needs with watsonx.ai

IBM Big Data Hub

SEPTEMBER 28, 2023

Business-targeted, IBM-developed foundation models built from sound data Business leaders charged with adopting generative AI need model flexibility and choice. They also need secured access to business-relevant models that can help accelerate time to value and insights. The synthetic data generator service in watsonx.ai

Risk

Risk Insurance Data collection Libraries

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

This aligns with other recent guidance putting clearer parameters around use of biometric data in China). Purposes/Restrictions on Use Collection and processing of data must be directly related to the purpose of processing specified in the privacy notice. Excessive data collection must be avoided.

Data Privacy

Data Privacy Privacy Compliance Analytics

Privacy in an open-data world: Why government agencies need to be proactive

Collibra

JUNE 23, 2023

They are the California Consumer Privacy Act (CPRA), the Health Insurance Portability and Accountability Act (HIPAA), the FBI’s Criminal Justice Information Services (or CJIS), and many more. At the same time, there is a pressing need for increased regulation of data brokers to prevent them from operating without accountability.

Privacy

Privacy Government Data Privacy Data breaches

What IG Professionals Should Know About the Internet of Bodies

ARMA International

FEBRUARY 21, 2020

A company in Wisconsin had a “chipping party” in 2017 to implant microchips in some of its employees to make it easier for them to access the buildings and systems and to buy food in the company break room. [1]. Case law is beginning to address data collection and data privacy issues associated with the IoB.

Computer and Electronics

Computer and Electronics Privacy Artificial Intelligence IoT

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

Data Matters

JUNE 22, 2022

In practice, this carve out largely may be meaningless to businesses because they rarely will collect personal data only for payment purposes, especially where payments are made by the same person submits an order for goods or services that needs to be fulfilled. Data Subject Rights – New Obligation to Create Revocation Mechanism.

Data Privacy

Data Privacy Privacy Personal data Sales

Best Practices for Building a Data-Driven Business Model

Information Matters

SEPTEMBER 17, 2018

Many of the devices which make up the Internet of Things (IoT) and the apps we use on our phones are throwing off data at increasing speed and volume. The data collected from these technologies is not only leading to a better understanding of ways to improve operating efficiencies but also to create new services and revenue streams.

Artificial Intelligence

Artificial Intelligence Insurance Data collection Sales

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

As I often highlight in my blogs, data breaches have become all too common, and these continue to have a negative influence on corporate reputation and brand image, resulting in reduced market value and revenues. Protecting the integrity and confidentiality of data collected by all connected devices.

IoT

IoT Encryption Agriculture Data collection

Conversational AI use cases for enterprises

IBM Big Data Hub

FEBRUARY 23, 2024

Marketing and sales: Conversational AI has become an invaluable tool for data collection. It assists customers and gathers crucial customer data during interactions to convert potential customers into active ones. This data can be used to better understand customer preferences and tailor marketing strategies accordingly.

Analytics

Analytics Artificial Intelligence Marketing Education

U.S. states pass data protection laws on the heels of the GDPR

Data Protection Report

JULY 9, 2018

South Carolina ( H4655 ) – South Carolina imposes heightened breach notification and security requirements on the insurance industry. Moreover, the Insurance Commissioner must be notified within 72 hours of a security breach.

GDPR

GDPR Data breaches Personal data Insurance

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. The bill uses the same definition of “genetic data” as provided for in AB-825.

Privacy

Privacy Insurance Security Data breaches

FTC Hosts Workshop on Informational Injury

Hunton Privacy

DECEMBER 15, 2017

Injuries 101 : The first panel discussed negative outcomes that arise from unauthorized access to and misuse of consumers’ personal data. The panel also discussed considerations businesses take into account when choosing privacy and data security practices, and consumer decision making regarding sharing their information.

Privacy

Privacy Retail Risk Insurance

34 Most Common Types of Network Security Protections

eSecurity Planet

MARCH 17, 2023

Definition, Threats & Protections 10 Network Security Threats Everyone Should Know Network Security Tools at a Glance Network Security Type Purpose Vulnerability Scanning and Management Security and vulnerability life cycle management for cross-functional teams Threat Intelligence and Detection External threat feed processing, consolidation, and (..)

Security

Security Encryption Analytics Cloud

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

AB 375 goes beyond the ballot initiative by adding requirements for businesses that collect personal information (as defined in the bill) from consumers to delete such information on request as well as to provide access to specific pieces of personal information collected.

GDPR

GDPR Privacy Sales Data breaches

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

In particular, the AU-054 does not cover fraud prevention systems implemented by insurance, capitalization, reassurance, assistance companies or insurance brokers CMF (these companies must refer to Single Authorization No. Strict requirements regarding access rights and management of the fraud prevention/detection system.

Personal data

Personal data Financial Services Risk Insurance

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

Several strong themes emerged from 2022’s crop of breaches, including the targeting or impersonating of employees to gain access to internal company tools; multiple intrusions at the same victim company; and less-than-forthcoming statements from victim firms about what actually transpired. com, which was fed by pig butchering scams.

Passwords

Passwords Ransomware Computer and Electronics Encryption

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

AB 375 goes beyond the ballot initiative by adding requirements for businesses that collect personal information (as defined in the bill) from consumers to delete such information on request as well as to provide access to specific pieces of personal information collected.

GDPR

GDPR Privacy Sales Data breaches

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

processing on a large scale of special categories of data referred to in Article 9 (1) or of a personal data relating to criminal convictions and offences referred to in Article 10; or. when the data controller has a doubt, it is also advisable to proceed to a DPIA. in the automotive insurance sector); Monitoring.

Data Privacy

Data Privacy IT GDPR Privacy

Top MDR Services for 2021

eSecurity Planet

MAY 5, 2021

Clients also have full access to Rapid7’s cloud SIEM InsightIDR for internal use. Full access to Rapid7 InsightIDR. This framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Rapid7 offers a few additional benefits along with its MDR service.

Cloud

Cloud Compliance Artificial Intelligence Analytics

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR

GDPR Personal data Compliance Data breaches

NHS’ Plans to Share Patient Records with Third Parties

Data Matters

JUNE 9, 2021

NHS Digital (the national custodian for health and care data in England) in May 2021, announced a new data sharing initiative called the General Practice Data for Planning and Research (GPDPR) service. Once collected, the data will be combined to create a single, national data lake.

Healthcare

Healthcare Data collection Personal data GDPR

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

be “accessible to consumers with disabilities” by, at a minimum, letting consumers with disabilities know how to access the notice in an alternative format. Finally, the regulations make clear that, if a business does not provide the relevant notice, it shall not collect personal information from the consumer.

Privacy

Privacy Sales Paper Compliance

Best Fraud Management Systems & Detection Tools in 2022

eSecurity Planet

SEPTEMBER 16, 2022

Banks, financial services, and insurance companies are especially vulnerable to fraud due to their access to large amounts of money and sensitive information for customers and employees alike. As the volume of data collected increases, users may experience slower processing times than they expect.

Analytics

Analytics Risk Authentication Financial Services

The Hacker Tool to Get Personal Data from Credit Bureaus

Schneier on Security

SEPTEMBER 7, 2023

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header.

Personal data

Personal data Insurance Access Data collection

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

erwin

APRIL 18, 2019

These include: Medical information covered by the Confidentiality of Medical Information Act (CMIA) and the Health Insurance Portability and Accountability Act (HIPAA). What about access requests? . Under the GDPR, organizations must make any personal data collected from an EU citizen available upon request.

GDPR

GDPR Compliance Privacy Personal data

MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns

The Last Watchdog

SEPTEMBER 20, 2019

Eventually, governments will address the risk by beefing up security and purchasing cyber insurance, which go hand in glove. SMBs tend not to have ready access a dedicated security operations center (SOC) or an army of analysts and security techs. Ransomware attacks against local government entities at some point will run its course.

Ransomware

Ransomware Government Retail Security

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

eSecurity Planet

OCTOBER 11, 2022

In the world of cybersecurity, the path of least resistance has consistently been shown to be the human element, specifically user accounts with enough access privileges or credentials for the cybercriminal to execute their plan. This might be due in part to the small sample size of bot attacks that researchers had access to, however.

Analytics

Analytics Cybersecurity IT Data breaches

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Encrypting critical data assets. Using appropriate access controls. Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on board meeting agendas. Using Appropriate Access Controls. Aligning cyber risk with corporate strategy.

Cybersecurity

Cybersecurity Risk Passwords Authentication

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., New guidance EDPB publishes information on Data Protection Framework redress mechanism The European Data Protection Board’s Information Note on the redress mechanism for EU/EEA individuals in relation to alleged violations of U.S.

Data Privacy

Data Privacy Privacy Manufacturing Security

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Data Matters

MARCH 4, 2021

These are (i) government entities; (ii) entities subject to the Gramm-Leach-Bliley Act; (iii) entities subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act; (iv) nonprofits; and (v) institutions of higher education. Controllers must.

Personal data

Personal data GDPR Sales Privacy

Celebrating Data Privacy Day: A look at protecting your private data in a COVID-19 era

Collibra

JANUARY 28, 2022

Because this sort of privacy is so near and dear to us—and so important for everyone to understand and be aware of—we want to do our best to open the door to understanding data privacy, using this day as an access point to start the conversation. Some data privacy laws —like the U.S.

Data Privacy

Data Privacy Privacy Insurance Data collection

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. would be permanently deleted.

Government

Government Insurance Data collection Paper

China Insurance Regulatory Agency Promulgates New Rule Protecting Personal Data of Life Insurance Customers

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Webinars

Trending Sources

Data privacy examples

Webinars

Connecticut Tightens its Data Breach Notification Laws

Driving Conversations Around Careers In Telematics

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

$10,000,000 civil penalty for disclosing personal data without consent

Data Innovator Spotlight - Interview with Charles Joseph, DataZed

Nationwide Agrees to Pay $5.5 Million to Settle Multistate Data Breach Investigation

EUROPE: New privacy rules for connected vehicles in Europe?

Berlin Commissioner Issues Fine to Deutsche Wohnen SE

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

India: New Digital Personal Data Protection Act, Start Planning Now.

Generative AI that’s tailored for your business needs with watsonx.ai

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Privacy in an open-data world: Why government agencies need to be proactive

What IG Professionals Should Know About the Internet of Bodies

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

Best Practices for Building a Data-Driven Business Model

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Conversational AI use cases for enterprises

U.S. states pass data protection laws on the heels of the GDPR

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

FTC Hosts Workshop on Informational Injury

34 Most Common Types of Network Security Protections

California Enacts Broad Privacy Laws Modeled on GDPR

FRANCE: CNIL adopts new single authorization on fraud prevention systems

Happy 13th Birthday, KrebsOnSecurity!

California Enacts Broad Privacy Protections Modeled on GDPR

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

Top MDR Services for 2021

GDPR is upon us: are you ready for what comes next?

NHS’ Plans to Share Patient Records with Third Parties

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Best Fraud Management Systems & Detection Tools in 2022

The Hacker Tool to Get Personal Data from Credit Bureaus

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

MY TAKE: SMBs can do much more to repel ransomware, dilute disinformation campaigns

Behavioral Analytics in Cybersecurity: Does It Work as Advertised?

An Approach to Cybersecurity Risk Oversight for Corporate Directors

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

East Coast Meets West Coast: Enter the Virginia Consumer Data Protection Act

Celebrating Data Privacy Day: A look at protecting your private data in a COVID-19 era

Senators Urge FTC to Probe ID.me Over Selfie Data

Stay Connected