Data, Exercises, Insurance and Security - Information Management Today

California Legislature Passes Bill Regulating Data Brokers

Hunton Privacy

SEPTEMBER 21, 2023

362 (“Act”), a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data. The Act would grant California consumers the right to request that data brokers (1) delete and (2) limit the further sale and sharing of consumers’ personal data.

Insurance

Insurance Personal data Sales Compliance

Security Affairs newsletter Round 408 by Pierluigi Paganini

Security Affairs

FEBRUARY 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Security

Security Military Ransomware Insurance

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

JANUARY 2, 2019

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance

Insurance Cybersecurity Data breaches Encryption

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. We have backups, the data is there, but the application to actually do the restoration is encrypted.’

Ransomware

Ransomware Encryption Insurance Cybersecurity

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

On December 3, 2018, twelve attorneys general (“AGs”) jointly filed a data breach lawsuit against Medical Informatics Engineering and its subsidiary, NoMoreClipboard LLC (collectively “the Company”), an electronic health records company, in federal district court in Indiana. See Indiana v. Informatics Eng’g, Inc. , 3:18-cv-00969 (N.D.

Data breaches

Data breaches Computer and Electronics Security Insurance

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

The vast majority of cybersecurity decision makers – 91 percent, in fact – find it difficult to select security products due to unclear marketing, according to the results of a survey of 800 cybersecurity and IT decision makers released today by email security company Egress. Assessing AI and Security Training.

IT

IT Security Cybersecurity Marketing

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. 45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. This article examines some of its key features. What does the PDPL cover and who does it apply to? Definitions.

Personal data

Personal data Data breaches GDPR Compliance

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

Back in the mid-1990s, big banks and insurance companies came up with something called “bespoke assessments” as the approach for assessing third party vendor risk. CyberGRX launched in 2016 as a clearinghouse for companies to pool and share standardized assessment data and actually analyze the results for action. Visibility boost.

Risk

Risk Insurance Access Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

The bill also contains a number of exemptions, including exceptions for financial institutions, affiliates, and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996, nonprofit organizations and institutions of higher education.

Privacy

Privacy Personal data Sales Insurance

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). The bill is pending California Governor Gavin Newsom’s signature. Violations of the Act are subject to civil penalties.

Privacy

Privacy Insurance Marketing Information governance

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Hunton Privacy

MARCH 24, 2022

following California, Virginia and Colorado, to enact a consumer data privacy law, the Utah Consumer Privacy Act (the “UCPA”). Notably, the UCPA adopts the VCDPA’s more narrow definition of “sale,” which is limited to the exchange of personal data for monetary consideration by a controller to a third party.

Privacy

Privacy Personal data Sales B2B

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

Hunton Privacy

FEBRUARY 25, 2020

Most companies are no strangers to the consequences of a data breach. Incident readiness includes having a state-of-the-art incident response plan, conducting tabletop exercises, implementing a vendor management program and having adequate cybersecurity insurance. It’s now rare to be unaffected by such incidents.

Insurance

Insurance Data breaches Cybersecurity Privacy

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s ( KSA ) newly published Personal Data Protection Law ( PDPL ). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR. Deceased’s data.

Personal data

Personal data Compliance Computer and Electronics IoT

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Time and tide waits for no man – IoT in Insurance. This old saying could also be applied for what is happening in the insurance market with IoT and that given the drive behind IoT in both the consumer and business markets. For example, car insurance could be varied between theft and fully comprehensive when the Car is not being used.

Insurance

Insurance IoT Marketing Manufacturing

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

DECEMBER 2, 2020

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). Mandatory data breach notification (the DBN Obligation).

Data Privacy

Data Privacy Privacy Data breaches Personal data

Oregon Consumer Privacy Act

Hunton Privacy

JULY 12, 2023

Thus, like most other comprehensive state privacy laws, employee data and business-to-business data are excluded from the scope of the OCPA. The OCPA provides an exemption to personal data subject to the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and a number of other federal laws.

Privacy

Privacy Personal data Insurance Sales

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

If I’m not Zooming with my primary care provider, I’m swapping data with a specialist via a phone app or transmitting my blood pressure readings from my remote monitor to the disembodied nurse in my voicemail who chides me with messages if I miss a reading. Your symptoms will often be diagnosable from that data. Or so it seems.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

Understanding HIPAA: A Guide to Avoiding Common Violations

Armstrong Archives

AUGUST 25, 2023

The Health Insurance Portability and Accountability Act (HIPAA) ensures individuals’ health data protection and privacy. This includes insurance companies, nurses, and doctors. Healthcare has become more interconnected than ever, making it important to protect patients’ sensitive information.

Computer and Electronics

Computer and Electronics Insurance Compliance Risk

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

The Spanish Data Protection Authority (the “AEPD”) recently published a report on data processing activities carried out by data controllers in the private and public sectors as a result of the spread of the COVID-19 virus (the “Report”). The Report then turns to legal bases for processing personal data in the COVID-19 context.

Personal data

Personal data GDPR Risk Insurance

Regulatory Update: NAIC Summer 2020 National Meeting

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance

Insurance Paper Artificial Intelligence Big data

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Data Privacy and Open Data: Secondary Uses under GDPR. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Compliance Privacy Data Privacy

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data. And this isn’t just happening in New York.

Compliance

Compliance GDPR Encryption Data Privacy

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Or as is often the case with security, what costs can we skip and still escape big penalties later? Unfortunately for those of us indulging in wishful thinking, the likelihood and costs of data breaches continue to increase.

Insurance

Insurance Ransomware Data breaches Cloud

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

On November 26, 2020, the French Data Protection Authority (the “CNIL”) announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies.

GDPR

GDPR Personal data Data collection Marketing

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance

Insurance Paper Risk Big data

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

While the transition to remote appointments may help flatten the curve of Covid-19 cases and provide much-needed relief to medical professionals, it does create a new set of cybersecurity concerns, especially regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA ).

Communications

Communications Insurance Compliance Cybersecurity

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JULY 20, 2023

On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act ( H.B. 154 ) (the “DPDPA”), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. This could make Delaware the 13th U.S. state to enact comprehensive privacy legislation.

Privacy

Privacy Personal data Sales Risk

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

Hunton Privacy

MAY 22, 2018

On May 16, 2018, the Irish Data Protection Bill 2018 (the “Bill”) entered the final committee stage in Dáil Éireann (the lower house and principal chamber of the Irish legislature). Children’s Data : The Bill notes that for the purposes of Data Protection Regulation in Ireland, a child is a person under 18 years of age.

GDPR

GDPR Personal data Marketing Insurance

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

In this case, the attackers used both publicly available PII and data gained through phishing attacks aimed at gaining access to customer accounts. Below is the list of mitigations recommended by the FBI: Ensure anti-virus and anti-malware is enabled and security protocols are updated regularly and in a timely manner.

Passwords

Passwords Phishing Authentication Communications

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Vehicles, drivers and passengers are becoming more and more connected, generating increasing amounts of data. Adjacent to these initiatives, the European Data Protection Board (“EDPB”) recently published draft guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications.

Privacy

Privacy Personal data GDPR Insurance

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

The panel’s key messages for clients included the following: Data security and privacy are mission critical and should be discussed at the most senior levels of the organisation. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

Data Matters

SEPTEMBER 24, 2019

Today, more than 120 countries have privacy and data protection laws or regulations in place. Many of the new or modernized laws tend to be based on comprehensive legislation, rather than sectoral rules, as data needs to move across industry groups and borders. An Overview of the BDPA.

Personal data

Personal data GDPR Data Privacy Privacy

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Data Matters

DECEMBER 1, 2021

Concurrently, the OCC , the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (the Agencies) released a joint statement alerting the industry of their intent to provide additional guidance in the coming months concerning certain activities related to cryptoassets conducted by banking organizations.

Compliance

Compliance Risk Insurance Sales

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

JANUARY 25, 2019

Sovrn , a company I still chair, has a similar mission, but with a serious data and tech focus. My current work is split between two projects: One has to do with data governance, the other political media. First, Data. Big data, data breaches, data mining, data science…Today, we’re all about the data.

Government

Government IT Marketing ROT

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. geolocation data. geolocation data. biometric information.

GDPR

GDPR Privacy Sales Data breaches

FRANCE: New data protection law declared constitutional and ready for promulgation

DLA Piper Privacy Matters

JUNE 14, 2018

The French Constitutional Council has issued its ruling on June 12 regarding the new data protection law implementing the EU General Data Protection Regulation (GDPR). By Denise Lebeau-Marianna and Caroline Chancé. It’s a PASS!

GDPR

GDPR Personal data Insurance Government

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

On November 14, 2013, the Minister of the Malaysian Communications and Multimedia Commission (the “Minister”) announced that Malaysia’s Personal Data Protection Act 2010 (the “Act”) would be going into effect as of November 15, marking the end of years of postponements. The law imposes a number of generally applicable principles.

Personal data

Personal data Marketing Communications Insurance

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

Data Matters

APRIL 10, 2020

Responses to a request to know must identify, to a certain extent, the data that a business cannot disclose (§ 999.313). When responding to an access request, the revised regulations clarify that a business must “inform the consumer with sufficient particularity” the type of data it has collected about the consumer.

Privacy

Privacy Sales Insurance Compliance

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

Hunton Privacy

OCTOBER 14, 2021

During the week of October 4, 2021, California Governor Gavin Newsom signed into law bills amending the California Privacy Rights Act of 2020 (“CPRA”), California’s data breach notification law and California’s data security law. Genetic Data: California Data Breach Notification and Data Security Law Amendment Bill.

Privacy

Privacy Insurance Security Data breaches

The Netherlands: Health sector once again on the radar of DPA

DLA Piper Privacy Matters

DECEMBER 14, 2018

The Dutch Data Protection Authority ( Autoriteit Persoonsgegevens , “ Dutch DPA “) previously stated that it shall focus its enforcement actions on the public and health sector, and seems to act upon its words. First of all, the focus seems to lie on accountability, one of the core data protection principles.

GDPR

GDPR Personal data Insurance Privacy

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. geolocation data. geolocation data. biometric information.

GDPR

GDPR Privacy Sales Data breaches

UK Parliament Calls for Prison Sentences for Data Theft

Hunton Privacy

OCTOBER 31, 2011

Members of Parliament on the House of Commons Justice Select Committee have called for courts in the United Kingdom to be given greater powers to imprison and fine individuals who breach the Data Protection Act (“DPA”). Commissioner Christopher Graham to the Committee earlier this year.

Personal data

Personal data Insurance Data breaches Government

California Legislature Passes Bill Regulating Data Brokers

Security Affairs newsletter Round 408 by Pierluigi Paganini

Webinars

Trending Sources

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Webinars

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

UAE: Federal level data protection law enacted

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

California Legislature Passes Bill to Establish the Genetic Information Privacy Act, Pending Governor’s Signature

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

NSL Podcast Series: Part 3 Betting on a Breach – How to Prepare for the Inevitable

Saudi Arabia’s New Data Protection Law – What you need to know

Time and tide waits for no man – IoT in Insurance

Guidelines Published for Changes to the Singapore Data Privacy Regime

Oregon Consumer Privacy Act

Information Management in the Not-So-Distant Future of Health Care

Understanding HIPAA: A Guide to Avoiding Common Violations

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Regulatory Update: NAIC Summer 2020 National Meeting

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

How to Develop an Incident Response Plan

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Regulatory Update: NAIC Fall 2018 National Meeting

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Irish Data Protection Bill in Final Committee Stage Before the Irish Legislature

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

EUROPE: New privacy rules for connected vehicles in Europe?

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Assessing the Impact of the Barbados’ Proposed Data Protection Bill on the Barbadian Private Sector

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Our Data Governance Is Broken. Let’s Reinvent It.

California Enacts Broad Privacy Laws Modeled on GDPR

FRANCE: New data protection law declared constitutional and ready for promulgation

Malaysian Data Protection Law Takes Effect

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

California Governor Signs into Law Bills Updating the CPRA and Bills Addressing the Privacy and Security of Genetic and Medical Data, Among Others

The Netherlands: Health sector once again on the radar of DPA

California Enacts Broad Privacy Protections Modeled on GDPR

UK Parliament Calls for Prison Sentences for Data Theft

Stay Connected