Compliance, Exercises and Insurance - Information Management Today

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. Unlawful Discrimination.

Insurance

Insurance Financial Services Compliance Retail

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

However, the Act would not extend to entities covered by the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, as well as entities covered by the California Insurance Code. If enacted, the Act’s provisions would become effective in multiple steps between 2024 and 2028.

Insurance

Insurance Personal data Sales Compliance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Three Critical Steps for GDPR Compliance. GDPR Compliance Starts with Data Discovery. There are a number of areas where GDPR strengthens compliance obligations and imposes additional legal liabilities. This is the 11th post in a series on privacy by Andrew Pery. Data Privacy and Open Data: Secondary Uses under GDPR.

GDPR

GDPR Compliance Privacy Data Privacy

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019. The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. (e) Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

Every year, new regulations and compliance orders come into play that impact businesses across the world. You can find more information on the Thales website about GDPR and compliance. The post 2018 Global Data Regulations & Compliance Heat Up – Are you Ready? You can also read more about GDPR on the Thales eSecurity blog.

Compliance

Compliance GDPR Encryption Data Privacy

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

While the transition to remote appointments may help flatten the curve of Covid-19 cases and provide much-needed relief to medical professionals, it does create a new set of cybersecurity concerns, especially regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA ).

Communications

Communications Insurance Compliance Cybersecurity

Understanding HIPAA: A Guide to Avoiding Common Violations

Armstrong Archives

AUGUST 25, 2023

The Health Insurance Portability and Accountability Act (HIPAA) ensures individuals’ health data protection and privacy. This includes insurance companies, nurses, and doctors. In this article, we’ll talk more about the HIPAA, the importance of compliance, some common HIPAA violations, and more!

Computer and Electronics

Computer and Electronics Insurance Compliance Risk

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Data Matters

DECEMBER 1, 2021

Concurrently, the OCC , the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (the Agencies) released a joint statement alerting the industry of their intent to provide additional guidance in the coming months concerning certain activities related to cryptoassets conducted by banking organizations.

Compliance

Compliance Risk Insurance Sales

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

International businesses with global privacy compliance programs should seek to expand those to cover the UAE and achieve some synergies. While the PDPL will not be effective immediately, we recommend that businesses take compliance steps as soon as possible. It is not yet clear what the penalties for non-compliance with PDPL will be.

Personal data

Personal data Data breaches GDPR Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. Between June 8, 2018 and April 6, 2019, the CNIL received 15 complaints from individuals relating to the exercise of their data protection rights with affiliates of the Carrefour Group. and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

Still, just 32 percent said creating a culture of security is the key driver for their security awareness training (SA&T) program, compared to 67 percent who are more focused on regulatory compliance and 62 percent who conduct training simply to meet cyber insurance requirements.

IT

IT Security Cybersecurity Marketing

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

Ongoing compliance with existing laws and NDMO Personal Data Protection Interim Regulations. The PDPL does not appear to repeal the existing NDMO Personal Data Protection Interim Regulations, and so Data Controllers would appear to still need to comply with those regulations, while developing their compliance with the new PDPL.

Personal data

Personal data Compliance Computer and Electronics IoT

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Conduct regular network security assessments to stay up to date on compliance standards and regulations. Advise all employees to exercise caution while revealing sensitive information such as login credentials through phone or web communications. Mitigate vulnerabilities related to third-party vendors.

Passwords

Passwords Phishing Authentication Communications

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

Data Matters

APRIL 10, 2020

Businesses will not need to dramatically change compliance plans as the proposed revised regulations seek to refine requirements in prior drafts rather than introduce any wholesale changes to the regulatory framework. For more resources and information on CCPA compliance planning, visit Sidley’s CCPA Monitor.

Privacy

Privacy Sales Insurance Compliance

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

Performing a task carried out in the public interest: Article 6(1)(e) of the GDPR may also provide a legal basis where data processing is necessary to perform a task carried out in the public interest or in the course of exercising official authority vested in the data controller.

Personal data

Personal data GDPR Risk Insurance

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

DECEMBER 2, 2020

financial information, life/health insurance information, specified medical information, information leading to identification of a vulnerable adult, child, or young person who is the subject of an investigation or relating to court proceedings involving a child and young person, or.

Data Privacy

Data Privacy Privacy Data breaches Personal data

The Netherlands: Health sector once again on the radar of DPA

DLA Piper Privacy Matters

DECEMBER 14, 2018

Just a few months after the Dutch DPA inspected more than 100 hospitals and health insurers on whether they comply with the obligation to appoint (and publish the details of) a Data Protection Officer, this week it announced more news and monitoring action with respect to the health sector. Ilias Abassi.

GDPR

GDPR Personal data Insurance Privacy

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

In addition, the business must ensure that all individuals responsible for handling requests and compliance with AB 375 are educated about relevant aspects of the bill and how to direct consumers to exercise their rights under these sections. A consumer may request this information twice in a 12-month period.

GDPR

GDPR Privacy Sales Data breaches

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

This would cause the risk that there are insufficient functionalities or options offered to exercise the control necessary for affected individuals to avail themselves of their data protection and privacy rights. Personal data may be processed for a wide variety of purposes such as driver safety, insurance and efficient transportation.

Privacy

Privacy Personal data GDPR Insurance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

The GDPR was designed to harmonize data protection laws across Europe and to protect EU residents’ data privacy rights; and, its coming triggered significant privacy and data protection compliance activities amongst organizations doing business in the EU and working with the personal data of EU residents. Non-Compliance.

Personal data

Personal data GDPR Data Privacy Privacy

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

In addition, the business must ensure that all individuals responsible for handling requests and compliance with AB 375 are educated about relevant aspects of the bill and how to direct consumers to exercise their rights under these sections. A consumer may request this information twice in a 12-month period.

GDPR

GDPR Privacy Sales Data breaches

Catching up, again, part 4

InfoGovNuggets

JANUARY 4, 2019

Is that Governance, or Compliance? How does Compliance deal with an accusation that is not sustained? Two aspects here, first dealing with the use of a number derived from supposedly unbiased people to govern “your” deal, and, second, the cost of non-compliance, even if long-delayed. Libor was information, too.

Compliance

Compliance Government Insurance Paper

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

Compliance risks – this means failure to comply with the regulations, procedures, internal policies, rules, laws or business standards. Determine the degree of impact were the threat to be exercised e.g. low, medium or high Look at the different categories of information to adequately analyze the control environment.

Risk

Risk Cybersecurity Compliance Data breaches

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

HL Chronicle of Data Protection

APRIL 29, 2019

Thus, prior to this recent exercise of “enforcement discretion” the Department interpreted the HITECH Act to allow an annual limit of $1.5 Under the HITECH Act of February 2009, Congress strengthened HHS’s HIPAA enforcement authority by authorizing increased minimum and maximum potential Civil Monetary Penalties (CMPs) for HIPAA violations.

Compliance

Compliance IT Insurance Privacy

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

For many readers of this post, a huge amount of work will have been done in recent months in building up to compliance with the new regime. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR. What do we expect in terms of enforcement priorities? Challenge #1.

GDPR

GDPR Personal data Compliance Data breaches

How to improve your cyber resilience

IT Governance

FEBRUARY 15, 2019

Standards such as ISO 27001 and ISO 22301 provide a framework of activities that you must perform to achieve compliance and support your cyber resilience strategy, and they can be leveraged to help you meet regulatory requirements, such as the GDPR (General Data Protection Regulation) and the NIS (Network and Information Systems) Regulations 2018.

Risk

Risk GDPR Communications Insurance

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11. resumes, personnel files, video/call recordings).

Personal data

Personal data GDPR Privacy Records Management

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

Additional bills, amending the California Confidentiality of Medical Information Act (“CMIA”) and the California Insurance Code, also were also signed into law. Penalties for Non-Compliance : The law will be enforced by the California Attorney General or certain district attorneys or city prosecutors.

Privacy

Privacy Insurance Security Data breaches

Preparing for GDPR – Is the Way You Process Information Compliant with Data Protection Laws?

Managing Your Information

MAY 30, 2017

As the presentation went on, however, it became clear that nobody seemed to have considered compliance with data protection legislation. However, the summary below covers terms that, if you are responsible for data protection compliance, you will need to become familiar with. Ensuring Your Processing is Lawful.

GDPR

GDPR Compliance Personal data Access

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy

Privacy Healthcare Sales Insurance

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. Anti-Discrimination Provisions. As can be seen in SB-1121, amendments are only just beginning to trickle in.

Privacy

Privacy Sales Compliance Cybersecurity

Preparing for GDPR – Is the Way You Process Information Compliant with Data Protection Laws?

Managing Your Information

MAY 30, 2017

As the presentation went on, however, it became clear that nobody seemed to have considered compliance with data protection legislation. However, the summary below covers terms that, if you are responsible for data protection compliance, you will need to become familiar with. Ensuring Your Processing is Lawful.

GDPR

GDPR Compliance Personal data Access

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy

Privacy Healthcare Sales Insurance

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy

Privacy Healthcare Sales Insurance

FRANCE: New data protection law declared constitutional and ready for promulgation

DLA Piper Privacy Matters

JUNE 14, 2018

Then Senators specifically challenged the constitutionality of a dozen provisions, which were all eventually found valid, except a portion of article 13 of the law.

GDPR

GDPR Personal data Insurance Government

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. Anti-Discrimination Provisions. As can be seen in SB-1121, amendments are only just beginning to trickle in.

Privacy

Privacy Sales Education Compliance

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws.

Insurance

Insurance Blockchain Big data Risk

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

This obligation could impose significant recordkeeping, contracting and other compliance burdens on both businesses that obtain, as well as those that provide personal information. The regulations require businesses to explain that they may not discriminate against consumers who exercise their CCPA rights. Right to Non-Discrimination.

Privacy

Privacy Sales Paper Compliance

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

Exempts from deletion personal information needed to complete insurance transactions. 5/29 – referred to Senate Committee on Judiciary and Senate committee on Insurance. Redefines “personal information” to exclude information from government records. 5/22 – referred to Senate Committee on Judiciary.

Sales

Sales Privacy Insurance Manufacturing

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

IGI

NOVEMBER 10, 2017

These exchanges provided many more compelling use cases for long-term born-digital and digitized records and information that are essential to maintain compliance and keep their business operations running. So as the benchmark study reported, the need for long-term digital preservation and access capabilities is pervasive.

Digital preservation

Digital preservation Government Digital transformation Access

#ModernDataMasters: Mike Evans, Chief Technology Officer

Reltio

MARCH 19, 2019

“If you are not tying what you are doing, in any kind of data initiative, to a business vision and some tangible outcomes that a business is trying to achieve, then MDM can become just a complex academic exercise.”. Prioritise people, process and governance.

MDM

MDM Retail IT Government

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

Enforcement Uber fined €10 million for GDPR breaches The Dutch data protection authority, Autoriteit Persoonsgegevens, has fined Uber €10 million for failing to be transparent about its data retention practices and making it difficult for drivers to exercise their data privacy rights.

Data Privacy

Data Privacy Privacy Insurance Security

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Reltio

JUNE 20, 2019

I like to walk and bicycle – it is good exercise but you can also think while you do these things. No, I think we have covered all my pet hobby horses! What do you like to do outside of work? I am at an age now where I have grandchildren so I really like to be with them. It is as much to freshen my mind and do some out-of-the-box thinking.

MDM

MDM Manufacturing Computer and Electronics Digital transformation

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

California Legislature Passes Bill Regulating Data Brokers

Webinars

Trending Sources

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Webinars

Over-Retention of Personal Data

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Understanding HIPAA: A Guide to Avoiding Common Violations

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

UAE: Federal level data protection law enacted

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

Saudi Arabia’s New Data Protection Law – What you need to know

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Guidelines Published for Changes to the Singapore Data Privacy Regime

The Netherlands: Health sector once again on the radar of DPA

California Enacts Broad Privacy Laws Modeled on GDPR

EUROPE: New privacy rules for connected vehicles in Europe?

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

California Enacts Broad Privacy Protections Modeled on GDPR

Catching up, again, part 4

Cybersecurity: Managing Risks With Third Party Companies

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

GDPR is upon us: are you ready for what comes next?

How to improve your cyber resilience

The Impact of Data Protection Laws on Your Records Retention Schedule

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Preparing for GDPR – Is the Way You Process Information Compliant with Data Protection Laws?

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Preparing for GDPR – Is the Way You Process Information Compliant with Data Protection Laws?

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

California Consumer Privacy Act: The Challenge Ahead – Four Key Considerations for Health and Life Sciences Companies

FRANCE: New data protection law declared constitutional and ready for promulgation

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Regulatory Update: NAIC Spring 2019 National Meeting

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Nevada, New York and other states follow California’s CCPA

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

#ModernDataMasters: Mike Evans, Chief Technology Officer

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

#ModernDataMasters: Henrik Liliendahl, Chairman & CTO, Product Data Lake

Stay Connected