Data Matters

OCTOBER 20, 2022

Treasury Department is seeking public comment on the need and scope for a potential federal insurance response to catastrophic cyber incidents, akin to the one put in place for terrorism insurance after the attacks of September 11, 2001. The request, published by the Federal Insurance Office (FIO) in the U.S. Background.

Insurance 88

Insurance Marketing Cybersecurity Risk 88

Hunton Privacy

DECEMBER 4, 2023

On November 28, 2023, the New York Department of Financial Services (“NYDFS”) announced that First American Title Insurance Company (“First American”), the second-largest title insurance company in the United States, would pay a $1 million penalty for violations of the NYDFS Cybersecurity Regulation in connection with a 2019 data breach.

Financial Services 64

Financial Services Insurance Data breaches Cybersecurity 64

Data Protection Report

JANUARY 4, 2024

December tends to be a busy time for everyone, so you may have missed a privacy update or two. The exception applied to the workers’ data because the exception applies to all health care workers’ biometric data. For those making this quiz a competitive event, we have included a tie-breaker/bonus question.) Answers are below.

Privacy 110

Privacy Cybersecurity Artificial Intelligence e-Discovery 110

IT Governance

OCTOBER 24, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023).

Data Privacy 107

Data Privacy Privacy Security Data breaches 107

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

IT Governance

NOVEMBER 13, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The data included shoppers’ names, email addresses, phone numbers, countries of residence and membership numbers.

Data Privacy 85

Data Privacy Privacy Security Data breaches 85

Thales Cloud Protection & Licensing

JULY 4, 2022

How Cybersecurity Insurance Can Work To Help An Organization. For many years, organizations had limited options for addressing data protection risks. In the last 20+ years, cybersecurity insurance has added risk transference to the available palette of palliative choices. The function of cybersecurity insurance.

Insurance 71

Insurance Cybersecurity Cleanup Ransomware 71

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Hathaway breached, 41.5 The compromised data allegedly includes names, email addresses and phone numbers.

Data Privacy 75

Data Privacy Privacy Manufacturing Data breaches 75

Hunton Privacy

MAY 10, 2022

On May 10, 2022, Connecticut Governor Ned Lamont signed An Act Concerning Personal Data Privacy and Online Monitoring , after the law was previously passed by the Connecticut General Assembly in April. Connecticut is now the fifth state to enact a consumer privacy law.

Privacy 118

Privacy Personal data Sales B2B 118

DLA Piper Privacy Matters

NOVEMBER 3, 2022

Anyone with a passing interest in Australian privacy laws will no doubt have heard about the Optus data breach. The news was swiftly followed up with an announcement from Medibank, Australia’s largest private health insurer, of a breach affecting all of its 3.9 Author: Sarah Birkett. million customers.

Privacy 97

Privacy Data breaches Insurance Government 97

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance 68

Insurance Security Cybersecurity Data breaches 68

Data Matters

FEBRUARY 25, 2022

Sidley and OneTrust DataGuidance are pleased to announce that registration is now open for their annual Data Protection in Financial Services (DPFS) Week. Join us from February 28 – March 3 for DPFS Week 2022 , a series of webinars looking at the impacts of data privacy across the financial sector.

Financial Services 103

Financial Services Privacy Data Privacy Cybersecurity 103

Data Protection Report

SEPTEMBER 23, 2021

The declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.” The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019.

Personal data 110

Personal data Insurance GDPR Record destruction 110

Data Matters

JUNE 23, 2022

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law. The post Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law.

Insurance 103

Insurance Security Cybersecurity Information Security 103

Data Protection Report

FEBRUARY 23, 2023

AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. AVs and Personal Information AVs need to collect a significant amount of data to provide driver assistance and other features offered by the vehicle’s infotainment system.

Privacy 85

Privacy Manufacturing Artificial Intelligence Data collection 85

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also requires that the company destroy personal data for which it had not received consent and to create a document retention and destruction policy.

Personal data 85

Personal data Privacy Information governance Compliance 85

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. New EU restrictions could force companies to change data transfer practices and adopt more advanced data encryption methods. In recent years, costly breaches and evolving data security concerns have bubbled up to a board level agenda item.

Data Privacy 118

Data Privacy Privacy Security Encryption 118

Information Governance Perspectives

MAY 10, 2020

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Privacy makes data governance ethical and tangible, and compliance leaders understand that.

Compliance 52

Compliance Information governance Privacy Data Privacy 52

Collibra

DECEMBER 16, 2020

The data that healthcare organizations hold is incredibly valuable – it’s perhaps the most valuable asset they have. At an individual level, patient data often contains the key to understanding illness and potential recovery. As a result, data governance in healthcare is non-negotiable. Large volumes of sensitive data.

Government 59

Government Data Privacy Privacy Communications 59

Collibra

JANUARY 14, 2022

Today, businesses collect and process large volumes of data. The concern of protecting this data, especially personal data , has been around for quite some time. The sheer volume of data and the increased proliferation of cloud technology has brought this concern to the fore again. Data quality is its fitness for use.

Compliance 52

Compliance Government GDPR Personal data 52

IT Governance

FEBRUARY 14, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Financial information, medical data, health reimbursements, postal addresses, telephone numbers and emails are not thought to have been compromised.

Data Privacy 52

Data Privacy Manufacturing Privacy Security 52

IT Governance

FEBRUARY 21, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. TB of ASA Electronics data to its leak site The ALPHV/BlackCat ransomware gang is attempting to extort a ransom from ASA Electronics for 2.7 Data breached: 2.7

Data Privacy 52

Data Privacy Manufacturing Privacy Energy and Utilities 52

IT Governance

NOVEMBER 20, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. have notified 330,000 people that their personal data might have been compromised as part of the MOVEit Transfer data breach.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. This week, we’re taking a slightly different approach with the ‘publicly disclosed data breaches and cyber attacks’ category, presenting the most interesting data points in a table format.

Data Privacy 52

Data Privacy Privacy Energy and Utilities Data breaches 52

IT Governance

OCTOBER 31, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks France says Russian state hackers breached numerous critical networks Date of breach: From second half of 2021 (reported 26 October 2023).

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance 79

Insurance Financial Services Cybersecurity Risk 79

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance 70

Insurance Cybersecurity Risk Education 70

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza Start preparing now to comply with India’s new data protection law. The DPDP Act is India’s first comprehensive law on the protection of personal data and comes six years after the Supreme Court of India first declared a fundamental right to privacy in the Puttaswarmy case in 2017.

Personal data 111

Personal data GDPR Data breaches Compliance 111

IT Governance

JUNE 1, 2023

IT Governance found 98 publicly disclosed security incidents in May 2023, accounting for 98,226,877 breached records. You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. million) Apria Healthcare suffers security breach (1.8

Data breaches 98

Data breaches Ransomware Insurance Personal data 98

Collibra

DECEMBER 1, 2020

Establishing data as a strategic asset is not easy and it depends on a lot of collaboration across an organization. However, once you have a system of record in place for your data, your organization can implement many valuable data governance use cases more easily. . Data lake management: Prevent a data swamp.

Government 59

Government Analytics Marketing Unstructured data 59

Collibra

APRIL 1, 2021

Data governance is the essential foundation for organizations looking to create business value from data. It creates the structure that enables collaboration on and analysis of trusted data. Setting up effective data governance, however, can be quite challenging. Operating model example.

Government 63

Government Digital transformation Communications Retail 63

Hunton Privacy

JUNE 22, 2020

On July 1, 2020, amendments to Vermont’s data breach notification law, signed into law earlier this year, will take effect along with Vermont’s new student privacy law. Student Data Privacy. Security Breach Notice Act. The number of affected consumers exceeding 5,000 is no longer a basis for providing substitute notice.

Data breaches 107

Data breaches Privacy Education Data Privacy 107

IT Governance

AUGUST 3, 2020

After mammoth amounts of personal data were leaked in May and June, we’ve seen a reversion to the mean this month. You can find our full list of publicly disclosed data breaches from July in this blog. Bitcoin scam leaks personal data of users from across the globe (248,926). Cyber attacks.

Data breaches 141

Data breaches Insurance Ransomware Personal data 141

IT Governance

NOVEMBER 1, 2022

Welcome to our October 2022 review of data breaches and cyber attacks. By contrast, comparatively little personal data was breached, with our figures confirming that at least 9,990,855 records were compromised. For now, it’s unclear what damage the data could cause if exposed, so we’ve omitted the figure from our tally.

Data breaches 111

Data breaches Ransomware Insurance Phishing 111

DLA Piper Privacy Matters

AUGUST 23, 2021

Rather than bringing substantial changes to the existing China data privacy framework, the PIPL helpfully consolidates and clarifies obligations on processing of personal information at a national law level. To be clear, this is not China’s own GDPR.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111

Data Protection Report

OCTOBER 3, 2021

Effective October 1, 2021, an amendment [1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. Required Identity Theft Prevention Services.

Data breaches 142

Data breaches IT Insurance Passwords 142

eDiscovery Daily

AUGUST 4, 2023

By Catherine Ostheimer Being responsive to the growing number of Access Requests and DSARS as a local government organization can be daunting. First, there’s the data management challenge. State and local groups generate and store vast amounts of data across numerous departments, committees, and systems. Develop policies.

Government 58

Government Access Insurance GDPR 58