eSecurity Planet

FEBRUARY 14, 2023

I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The vision was to automate security and compliance across 14 frameworks, including SOC 2, ISO 27001, HIPAA and GDPR. Growth has definitely been robust.

Compliance 113

Compliance Security Cybersecurity Marketing 113

Data Protection Report

OCTOBER 3, 2021

The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement as part of a risk assessment; Deems compliant any person subject to and in compliance with HIPAA and HITECH; and.

Data breaches 142

Data breaches IT Insurance Passwords 142

IT Governance

JANUARY 9, 2024

LockBit claims responsibility for Capital Health security incident The LockBit ransomware group has claimed responsibility for an attack on Capital Health , a healthcare provider in Pennington, New Jersey, last November. Only 1 definitely hasn’t had data breached. They accessed 41.5 Data breached: 41,500,000 records.

Data Privacy 75

Data Privacy Privacy Manufacturing Data breaches 75

IT Governance

APRIL 3, 2019

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. The UK government and the CIA blame the attack on Russian state-sponsored hackers, claiming it was the latest act in an ongoing feud between Russia and Ukraine. Was NotPetya an act of war?

Insurance 53

Insurance Ransomware Government Paper 53

The Last Watchdog

APRIL 3, 2019

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. Not only is the notion of what comprises a perimeter shifting, the definition of what constitutes a “user” is metamorphizing, as well.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Collibra

DECEMBER 1, 2020

However, once you have a system of record in place for your data, your organization can implement many valuable data governance use cases more easily. . In this post, we’ll highlight the top three most valuable data governance use cases. Each one depends on a data governance and stewardship function already being in place.

Government 59

Government Analytics Marketing Unstructured data 59

Schneier on Security

FEBRUARY 28, 2024

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The 9/11 attacks cost insurers and reinsurers $47 billion. 11, 2001, terrorist attacks.

Insurance 91

Insurance Government Cybersecurity Risk 91

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy 52

Data Privacy Manufacturing Privacy Security 52

IT Governance

NOVEMBER 3, 2023

IT Governance’s research has discovered the following for October 2023: 114 publicly disclosed security incidents. It usually also involved temporarily taking down systems to limit the impact of the security breach. Note: This includes security incidents where we know no records were breached.

Data breaches 87

Data breaches Insurance Ransomware Education 87

Hunton Privacy

AUGUST 2, 2021

The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks. New Breach Notification Requirements (HB 5310).

Cybersecurity 87

Cybersecurity Insurance Military Data Privacy 87

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). The Act also excludes from the definition of genetic data, “deidentified data,” as defined in the Act.

Privacy 85

Privacy Insurance Marketing Information governance 85

IT Governance

NOVEMBER 28, 2023

Only 3 definitely haven’t had data breached. The post The Week in Cyber Security and Data Privacy: 20 – 26 November 2023 appeared first on IT Governance UK Blog. 19 of them are known to have had data exfiltrated or exposed. We’ve also found 5 organisations providing a significant update on a previously disclosed incident.

Data Privacy 52

Data Privacy Privacy Energy and Utilities Data breaches 52

Hunton Privacy

JUNE 22, 2020

Security Breach Notice Act. The amendments to Vermont’s Security Breach Notice Act include expanding the definition of Personally Identifiable Information (“PII”), expanding the definition of a breach to include login credentials and narrowing the permissible circumstances under which substitute notice may be used.

Data breaches 107

Data breaches Privacy Education Data Privacy 107

eSecurity Planet

DECEMBER 7, 2023

This guide will provide a high level overview of encryption and how it fits into IT through the following topics: How Encryption Works To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security.

Encryption 111

Encryption IT Passwords IoT 111

Hunton Privacy

JUNE 14, 2018

Notice to the Attorney General is required even if the covered entity maintains its own procedures for security breaches as part of an information security policy or pursuant to state or federal law.

Data breaches 65

Data breaches Security Passwords Military 65

Krebs on Security

AUGUST 27, 2020

Ngo’s cooperation with the government ultimately led to 20 arrests, with a dozen of those defendants lured into the open by O’Neill and other Secret Service agents posing as Ngo. But based on the records they did have, the government estimated that Ngo’s service enabled approximately $1.1

Retail 318

Retail Government Access Insurance 318

Hunton Privacy

MAY 10, 2022

The CTDPA exempts certain entities, including, for example, state and local government entities, nonprofits, higher education institutions, financial institutions subject to the Gramm-Leach-Bliley Act (“GLB”), and qualifying covered entities and business associates subject to the Health Insurance Portability and Accountability Act (“HIPAA”).

Privacy 118

Privacy Personal data Sales B2B 118

erwin

MARCH 30, 2020

Managing and Governing Data From Lots of Disparate Sources. This data will be collected from organizations such as, the World Health Organization (WHO), the Centers for Disease Control (CDC), and state and local governments across the globe. These numerous data types and data sources most definitely weren’t designed to work together.

Metadata 122

Metadata IT Healthcare Government 122

Data Matters

SEPTEMBER 4, 2019

The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019. NAIC Evaluating Definition of “Best Interest” to Determine Whether to Impose Such a Standard in the Suitability in Annuity Transactions Model Regulation.

Insurance 68

Insurance Paper Risk Analytics 68

Krebs on Security

JULY 27, 2020

based cyber intelligence firm Hold Security has been monitoring the communications between and among a businesses ID theft gang apparently operating in Georgia and Florida but targeting businesses throughout the United States. For the past several months, Milwaukee, Wisc. For the past several months, Milwaukee, Wisc. ” PHANTOM OFFICES.

Energy and Utilities 353

Energy and Utilities Computer and Electronics Insurance Risk 353

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance 68

Insurance Paper Artificial Intelligence Big data 68

IT Governance

APRIL 23, 2019

The information comprised names, addresses, gender, dates of birth, phone numbers, National Insurance numbers, bank details and salaries. Morrisons argued that it wasn’t responsible for Skelton’s actions and that it had taken all the necessary precautions to secure employees’ data.

Data breaches 82

Data breaches Insurance GDPR Compliance 82

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. systemic risk of insurers with other parts of the financial system, notably the banking.

Insurance 68

Insurance Paper Risk Big data 68

Hunton Privacy

MAY 24, 2018

The amended law will require persons, companies and government agencies doing business in the state to notify affected individuals within 45 days of determining that a breach has resulted in or is reasonably likely to result in substantial economic loss to affected individuals. Harm Threshold.

Data breaches 53

Data breaches Authentication Passwords Insurance 53

Hunton Privacy

APRIL 3, 2018

Covered entity” is defined as “a person, sole proprietorship, partnership, government entity, corporation, nonprofit, trust, estate, cooperative association or other business entity that acquires or uses sensitive personally identifying information.”

Data breaches 72

Data breaches Encryption Insurance Risk 72

Krebs on Security

JUNE 30, 2021

Ronnie Tokazowski is a threat researcher at Agari , a security firm that has closely tracked many of the groups behind these advanced fee schemes [KrebsOnSecurity interviewed Tokazowski in 2018 after he received a security industry award for his work in this area]. ” ANY METHOD THAT WORKS. Image: Agari.

Insurance 235

Insurance Education IT Government 235

Hunton Privacy

MAY 7, 2019

This bill also would revise the definition of “deidentified.”. AB 874 : would create a clear and full public record exemption from the definition of “personal information.” AB 1355 : would amend the CCPA to exclude consumer information that is deidentified or aggregate consumer information from the definition of “personal information.”

Privacy 53

Privacy Insurance Sales Government 53

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy 45

Privacy Healthcare Sales Insurance 45

Data Matters

APRIL 10, 2020

Here are some of the highlights from the AG’s March 2020 revisions to the proposed regulations: Removal of guidance about the interpretation of CCPA definitions (§ 999.302 in the February 2020 proposed regulations). through their websites) to a particular consumer or household.

Privacy 68

Privacy Sales Insurance Compliance 68

Hunton Privacy

FEBRUARY 27, 2015

36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) The Wyoming Senate also agreed with amendments proposed by the Wyoming House of Representatives to another bill (S.F.35)

Insurance 40

Insurance Authentication Passwords Data breaches 40

Data Protection Report

MAY 17, 2019

The bill would have made three significant changes to the CCPA: It would have expanded the consumer’s private right of action from only certain security breaches to any violation of the CCPA. Excludes “employees” from definition of “consumer”. Expands definition of “de-identified” data, removes “household” from “personal information”.

Retail 40

Retail Privacy Insurance Manufacturing 40

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy 40

Privacy Healthcare Sales Insurance 40

HL Chronicle of Data Protection

OCTOBER 8, 2018

Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come.

Privacy 40

Privacy Healthcare Sales Insurance 40

DLA Piper Privacy Matters

DECEMBER 3, 2021

There are also new requirements around transfers of data outside of the UAE and requirements to keep data secure, and to notify the new data protection regulator, and in some circumstances data subjects, of data breaches. Definitions. Data security. The PDPL imposes strict requirements around data security. Exceptions.

Personal data 105

Personal data Data breaches GDPR Compliance 105

Hunton Privacy

JUNE 1, 2017

1493’s definition of “biometric identifier” does not reference a record or scan of face geometry ( i.e. , facial recognition data). 1493 contains detailed requirements governing the enrollment of biometric identifiers for a commercial purpose, as well as the subsequent disclosure of such data. As with the Texas biometric law, H.B.

Privacy 87

Privacy Insurance Compliance Security 87

ForAllSecure

MAY 17, 2023

Chris Gray of Deep Watch talks about the view from the inside of a virtual SOC, the ability to see threats against a large number of SMB organizations, and the changes to cyber insurance we’re seeing as a result. A lot of SMBs do not have security operations centers or SOCs. They can provide that additional security, remotely.

Insurance 40

Insurance Privacy Ransomware GDPR 40

DLA Piper Privacy Matters

APRIL 23, 2020

The law also includes a first-in-the-nation definition of “decisions that produce legal effects concerning individuals or other similarly significant effects concerning individuals.” Effective date, scope of application, key definitions. It applies to all state and local government agencies except for the department of licensing.

Privacy 52

Privacy Government Insurance IT 52