Events, Financial Services, Information Security and Insurance

Events

Financial Services

Information Security

Insurance

Vermont Enacts Insurance Data Security Law

Hunton Privacy

JUNE 9, 2022

515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements. Cybersecurity Event Investigation and Notification Requirements.

Insurance

Insurance Security Information Security Cybersecurity

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

On February 4, 2021, the New York Department of Financial Services (NYDFS) issued Circular Letter No. 2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Insurers should: Establish a Formal Cyber Insurance Risk Strategy.

Insurance

Insurance Financial Services Cybersecurity Risk

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services

Financial Services Cybersecurity Insurance Risk

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

NYDFS settles cybersecurity regulation matter for $3 million

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. The regulation requires that a licensee report a cybersecurity event to NYDFS within 72 hours of its determination of the event.

Cybersecurity

Cybersecurity Financial Services Phishing Compliance

New York State Expected to Increase Enforcement of Cybersecurity Practices

HL Chronicle of Data Protection

FEBRUARY 25, 2020

Companies should take note of two imminent developments in New York in the area of cybersecurity regulation: enforcement of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (Regulation) and the effective date of the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act or Act).

Cybersecurity

Cybersecurity Financial Services Data breaches Insurance

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

The Safeguards Rule specifies that financial institutions subject to the FTC’s jurisdiction must develop, implement, and maintain a comprehensive information security program for handling customer data. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. Settlement, ¶ 27. We had previously written about the increasing regulatory fines for over-retention of data.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

Transition period under New York Cybersecurity Regulation ends March 1, 2019

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Upcoming certifications.

Cybersecurity

Cybersecurity Compliance Financial Services Risk

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The plan must enable FIs to promptly respond to and recover from security events affecting customer information. It must also address the goals of the plan, internal processes for responding to a security event, and documentation and reporting regarding security events and related incident response activities.

Privacy

Privacy Risk Cybersecurity Information Security

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication

Authentication Paper Risk Insurance

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identify theft and fraud.” To that end, the settlement also requires Equifax to “implement a comprehensive information security program.”

Cloud

Cloud Data breaches Encryption Access

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

This aligns with the new Data Security Law. Immediate remedial action must be taken in the event of any suspected or actual data disclosure, loss or tampering. Incident management and notification Organisations must implement and test a data incident contingency plan.

Data Privacy

Data Privacy Privacy Compliance Analytics

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This is according to a recent survey conducted by Soha Systems, and according to one of the speeches delivered by the Superintendent of the New York State Department of Financial Services, Mr. Benjamin Lawsky, “ A company’s cybersecurity is only as strong as the cybersecurity of its third-party vendors ”.

Risk

Risk Cybersecurity Compliance Data breaches

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

In any event, betting against federal data breach legislation has been the right call every year since California adopted the first state notification law in 2003. State legislatures, insurance commissions, attorneys general and regulatory agencies are moving to develop detailed cybersecurity requirements.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

Survey Says…Cybersecurity Remains A Critical Challenge For Business

Privacy and Cybersecurity Law

MARCH 23, 2018

Organizations must be better prepared for cybersecurity incidents, which can result from unintentional events or deliberate attacks by insiders or third parties, such as cyber criminals, competitors, nation-states, and “hacktivists.” Is this confidence misplaced?

Cybersecurity

Cybersecurity Artificial Intelligence Data breaches IoT

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

That's right – the financial services industry, at least according to cybersecurity vendor Armorblox's 2023 Email Security Threat Report. link] Cyber Insurance: Is Paying a Ransom Counter-Productive? Yup – shoe store. The most money you can scam from a single attack? By Jacqueline Jayne.

Phishing

Phishing File names Security awareness Risk

Top Cybersecurity Startups to Watch in 2022

eSecurity Planet

JANUARY 11, 2022

Information security products , services, and professionals have never been in higher demand, making for a world of opportunities for cybersecurity startups. Deduce offers actionable identity intelligence through event-level telemetry to act against abnormal user activity. Cowbell Cyber.

Cybersecurity

Cybersecurity Cloud Compliance Analytics

Information Management Today

Vermont Enacts Insurance Data Security Law

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Webinars

Trending Sources

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Webinars

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

NYDFS settles cybersecurity regulation matter for $3 million

New York State Expected to Increase Enforcement of Cybersecurity Practices

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

NYDFS settles with EyeMed for $4.5 million

Transition period under New York Cybersecurity Regulation ends March 1, 2019

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Cybersecurity: Managing Risks With Third Party Companies

Privacy and Cybersecurity Top 10 for 2018

Survey Says…Cybersecurity Remains A Critical Challenge For Business

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Top Cybersecurity Startups to Watch in 2022

Stay Connected