Definition, Financial Services, Insurance and Training

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). On May 27, 2022, Vermont Governor Phil Scott signed H.515 to 500.23) and they submit a written statement to the Commissioner certifying such compliance.

Insurance

Insurance Security Information Security Cybersecurity

NYDFS issues significant guidance on insurers using AI or external data

Data Protection Report

FEBRUARY 2, 2024

On January 17, 2024 the New York Department of Financial Services (“NYDFS”) published a Proposed Insurance Circular Letter (“Proposed Circular”) regarding the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing.

Insurance

Insurance Artificial Intelligence Risk Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). See the Best Cybersecurity Awareness Training for Employees.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity

Cybersecurity Privacy Insurance Risk

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy

Privacy IT Information Security Insurance

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

The law broadens the definition of “private information” which sets forth the information elements that, if breached, could trigger a notification obligation. The Stop Hacks and Improve Electronic Data Security Act. To define “reasonable” safeguards, the statute provides examples of administrative, technical and physical safeguards.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Top 6 Best Practices for Data Governance

Collibra

MARCH 11, 2021

Here is an example of how an insurance company working with Collibra set up its operating model: The insurance company is cross-functional, frequently requiring collaboration among different lines of business, such as finance, sales, marketing and IT. Decentralized or federated (there are multiple groups of authority). Onboarding.

Government

Government Communications Insurance Customer Experience

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

Employee training. Under the proposed Rule, FIs would be required to provide personnel with security awareness training that is updated to reflect risks identified by the FI’s risk assessment.

Privacy

Privacy Risk Cybersecurity Information Security

6 best practices for a data governance strategy

Collibra

APRIL 11, 2022

Here is an example of how an insurance company working with Collibra set up its operating model: The insurance company is cross-functional, frequently requiring collaboration among different lines of business, such as finance, sales, marketing and IT. Decentralized or federated (there are multiple groups of authority). Onboarding.

Government

Government Communications Insurance Customer Experience

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy

Data Privacy Privacy Compliance Analytics

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Some states – such as Alabama, Massachusetts and New York (for financial services companies) – prescribe particular requirements of a “reasonable” cybersecurity program. At least nine states expressly extend these requirements to service providers. Proof of adequate cyber insurance coverage.

Data breaches

Data breaches Cybersecurity Financial Services Risk

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Only 1 definitely hasn’t had data breached. The first chapter covers the lawful basis for training generative AI models on web-scraped data and is open until 1 March. 96 of them are known to have had data exfiltrated, exposed or otherwise breached. Organisation(s) Sector Location Data breached? O’Hara & Sons, Inc.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. GB Rebekah Children’s Services Source (New) Non-profit USA Yes 2,805 Butte School District Source 1 ; source 2 (Update) Education USA Yes 2,658 Dignity Health Nevada St. 94 of them are known to have had data breached. Organisation(s) Sector Location Data breached?

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

That's quite a narrow definition. What can they do within the workforce, although this sort of job and sort of landscape we try and work out what they can do, which is the definition of authorization, essentially, this is Simon, what can he do today? Vamosi: And it’s not just in the work environment. I use a password manager.

Passwords

Passwords Authentication Access Data breaches

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Only 4 definitely haven’t had data breached. Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., Publicly disclosed data breaches and cyber attacks: full list This week, we found 5,255,944,117 records known to be compromised, and 128 organisations suffering a newly disclosed incident.

Data Privacy

Data Privacy Privacy Manufacturing Security

Information Management Today

Vermont Enacts Insurance Data Security Law

NYDFS issues significant guidance on insurers using AI or external data

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

New York Enacts Stricter Data Cybersecurity Laws

Top 6 Best Practices for Data Governance

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

6 best practices for a data governance strategy

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

US: Surviving the service provider data breach

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Hacker Mind Podcast: Going Passwordless

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

Stay Connected