Events, Insurance, Personal data and Security - Information Management Today

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Data Protection Report

MARCH 21, 2023

The French Information and Digital Security Experts Club ( CESIN ) has estimated that 54% of French companies were subject to cyberattacks in 2021, [1] while France Assureurs has put cyberattack risks on top of all other risks for the sixth year in a row. [2] 12-10-1 into the French Insurance code. However, in the end, Article L.12-10-1

Insurance

Insurance Data breaches Personal data GDPR

Top 8 Cyber Insurance Companies for 2022

eSecurity Planet

APRIL 22, 2022

That’s where cyber insurance may be able to help. According to the Ponemon Institute and IBM, the global average cost of a data breach is $4.24 If your company has not already experienced a significant cybersecurity event, it is probably only a matter of time before it does. Cyber Insurance is Booming. That’s a 29.1%

Insurance

Insurance Ransomware Cybersecurity Marketing

Is Artificial Intelligence relevant to insurance?

IBM Big Data Hub

MAY 1, 2023

That ground-shaking event divided the world with excitement and trepidation about a future with thinking machines. In this first of two posts, I investigate the anatomy of artificial intelligence and its impact on insurance. It offers customers and the insurer’s system to interact in a human-like manner.

Artificial Intelligence

Artificial Intelligence Insurance Risk Personal data

Checklist for Getting Cyber Insurance Coverage

Thales Cloud Protection & Licensing

MAY 10, 2022

Checklist for Getting Cyber Insurance Coverage. The necessity for cyber-insurance coverage. With cyber attacks amounting to a question of when and not if, cyber insurance becomes crucial for ensuring business continuity and mitigating the business impact of attacks – should they occur. Tue, 05/10/2022 - 05:43.

Insurance

Insurance Authentication Risk Ransomware

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

Hunton Privacy

JULY 1, 2022

(“Carnival”), the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation (23 NYCRR Part 500) in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. . NYDFS also found that Carnival had failed to implement basic protocols to prevent data breaches.

Cybersecurity

Cybersecurity Insurance Phishing Financial Services

The Taxman Cometh for ID Theft Victims

Krebs on Security

JANUARY 29, 2021

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. The scammers typically use stolen identity data to claim benefits, and then have the funds credited to an online account that they control.

Insurance

Insurance Personal data Authentication IT

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. The FTC considers that ‘reasonable security’ doesn’t mean ‘perfect security.’ Equifax was not special in this regard.

Security

Security Data Privacy Privacy Data breaches

EUROPE: Are GDPR fines insurable in the countries where you operate?

DLA Piper Privacy Matters

MAY 17, 2018

DLA Piper and Aon have launched a guide ‘ The price of data security ‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. It also looks at insurability of costs associated with GDPR non-compliance (e.g. Criminal penalties are almost never insurable.

Insurance

Insurance GDPR Data breaches Personal data

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Stretching the boundaries through artificial intelligence: the European proposal for a dedicated regulation. The protection of personal data.

Privacy and Cybersecurity Law

SEPTEMBER 15, 2021

To be considered a high-quality dataset, the personal data included therein must be processed in accordance with the GDPR. Artificial intelligence not only crosses over into data protection law, but also extends to other areas of law, such as intellectual property, competition, consumer protection, and insurance, to name but a few.

Artificial Intelligence

Artificial Intelligence Personal data GDPR Compliance

List of Data Breaches and Cyber Attacks – May 2023

IT Governance

JUNE 1, 2023

IT Governance found 98 publicly disclosed security incidents in May 2023, accounting for 98,226,877 breached records. You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. million) Apria Healthcare suffers security breach (1.8

Data breaches

Data breaches Ransomware Insurance Personal data

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

IT Governance

NOVEMBER 1, 2022

Welcome to our October 2022 review of data breaches and cyber attacks. We identified 102 security incidents throughout the month, which is the second largest figure so far this year – trailing only August (112). As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories.

Data breaches

Data breaches Ransomware Insurance Phishing

How to Manage Your Cyber Risks

IT Governance

OCTOBER 11, 2022

One of the most common mistakes that organisations make when addressing cyber security is that they consider it a one-off event. This process should be embedded within your overall cyber security measures in what experts refer to as cyber defence in depth. What is threat management?

Risk

Risk GDPR Information Security Personal data

Data protection strategy: Key components and best practices

IBM Big Data Hub

MAY 28, 2024

Its principles are the same as those of data protection—to protect data and support data availability. Data availability —ensuring critical data is available for business operations even during a data breach, malware or ransomware attack. Encryption is critical to data security.

Data breaches

Data breaches GDPR Compliance Encryption

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

MARCH 3, 2023

The initiatives that stand out the most — critical infrastructure security standards, a national data privacy and security law, and liability for security failures — will likely take time and the support of Congress to implement. is the creation of mandatory requirements for critical infrastructure security.

Cybersecurity

Cybersecurity Government Manufacturing Personal data

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

IT Governance

JUNE 30, 2022

Welcome to our June 2022 review of data breaches and cyber attacks. We identified 80 security incidents during the month, resulting in 34,908,053 compromised records. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

Data breaches

Data breaches Ransomware Personal data Blockchain

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. Reassuringly, the PDPL does not contain any major divergences from other well-known data protection regimes, including the GDPR. What does the PDPL cover and who does it apply to? Definitions. Territoriality. Exceptions.

Personal data

Personal data Data breaches GDPR Compliance

Swarmshop – What goes around comes around: hackers leak other hackers’ data online

Security Affairs

APRIL 8, 2021

It’s impossible to determine if the two events are connected to the breach. In total, the databased revealed the records of 4 cardshop admins, 90 sellers,and 12,250 buyers of stolen data, including their nicknames, hashed passwords, account balance, and contact details for some entries. percent of which were issued by the US banks.

Passwords

Passwords Insurance Personal data Sales

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

Thales Cloud Protection & Licensing

NOVEMBER 15, 2023

These bustling hubs require robust security systems to ensure the safety of passengers, staff, and infrastructure. Traditionally, airport security focused on physical access and the perimeter; however, in the years since 9/11, the digital footprint of the vast interconnected systems contains valuable assets that must be protected.

Cybersecurity

Cybersecurity Authentication Access Compliance

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

MARCH 1, 2023

It follows a mammoth start to the year, with more than 277 million breached records in January , and brings the running total for the year to over 300 million pieces of compromised personal data. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses.

Data breaches

Data breaches Ransomware e-Delivery Government

NYDFS settles with EyeMed for $4.5 million

Data Protection Report

OCTOBER 24, 2022

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020. The settlement requires EyeMed to pay $4.5 million, among other things. Background. million. 23 NYCRR § 500.13.

Cybersecurity

Cybersecurity Personal data Risk Financial Services

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

IT Governance

MAY 7, 2024

Data breached: 6,009,014 accounts. A further 381,000 New York City public school students affected by 2022 data breach In January 2022 , personal data from around 820,000 New York City public school students, both current and former, was breached. Source 1 ; source 2 (Update) Insurance USA Yes 75,101 Airsoftc3.com

Data breaches

Data breaches Education Manufacturing Retail

Think Ransomware Can’t Put You Out of Business?

Adam Levin

JUNE 30, 2020

In the same survey, 35 percent thought CEOs should be fined for a cyber failure, and 30 percent wanted to see a CEO lose his or her right to run any company following a serious cyber event. While corporate security fails are complex, a good leader needs only to be prepared for the day the inevitable happens. What can CEOs do?

Ransomware

Ransomware Insurance Cybersecurity Manufacturing

When Do You Need to Report a Data Breach?

Security Affairs

NOVEMBER 26, 2018

The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. The way in which you respond to a data breach has a significant impact on how severe its consequences are.

Data breaches

Data breaches Personal data GDPR Cybersecurity

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Data Privacy and Open Data: Secondary Uses under GDPR. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. Three Critical Steps for GDPR Compliance.

GDPR

GDPR Compliance Privacy Data Privacy

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s ( KSA ) newly published Personal Data Protection Law ( PDPL ). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR.

Personal data

Personal data Compliance Computer and Electronics IoT

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Cyberattack Statistics. Other methods.

Ransomware

Ransomware Cybersecurity Phishing Encryption

China Releases National Standard on Personal Information Security

Hunton Privacy

JANUARY 26, 2018

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification divides personal information into two categories: personal information and sensitive personal information.

Information Security

Information Security Security Privacy Personal data

ICYMI –December in privacy and cybersecurity

Data Protection Report

JANUARY 4, 2024

For those making this quiz a competitive event, we have included a tie-breaker/bonus question.) a. Which one does NOT require a minimum number of residents’ personal data for the “controller” to be in-scope for the law? Answers are below. 1. As of December 18, 2023, unless the U.S. b (within 2 hours).

Privacy

Privacy Cybersecurity Artificial Intelligence e-Discovery

Global Ransomware Attacks Raise Key Legal Considerations

Hunton Privacy

MAY 16, 2017

In a November 2016 blog entry , the FTC noted that “a business’ failure to secure its networks from ransomware can cause significant harm to the consumers (and employees) whose personal data is hacked. In the event that ransomware results in a breach of covered information, litigation is another potential risk.

Ransomware

Ransomware Insurance Access Information Security

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

This year, the major regulation that will be implemented, is the European Union’s General Data Protection Regulation (GDPR) , which takes effect on May 25, 2018. GDPR enables consumers to view, limit and control how companies collect and process their personal data. Encryption is key when it comes to protecting data.

Compliance

Compliance GDPR Encryption Data Privacy

New Jersey Moves Forward With Shopper Privacy Bill

Hunton Privacy

SEPTEMBER 19, 2016

On September 15, 2016, the New Jersey Senate unanimously approved a bill that seeks to limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act , must now be approved by the New Jersey Assembly.

Privacy

Privacy Retail Personal data Insurance

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

On Tuesday, 3 March 2020, we welcomed our financial services clients in London to a lively panel event, which covered the multitude of issues which arise in a cybersecurity incident. Peter Marta. Arwen Handley. Philip Parish. Nicola Fulford.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

UK: How real is the threat of data protection group litigation in the UK?

DLA Piper Privacy Matters

NOVEMBER 6, 2018

Mr Skelton had taken personal data (including name, address, gender, date of birth, phone number, national insurance number, bank details and salary information) relating to nearly 100,000 employees and posted it on the internet. The solution is to insure against ruinous group claims….

Insurance

Insurance Data breaches Personal data GDPR

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Instead the PIPL is a robust data privacy framework designed to safeguard individuals’ personal data against abuse, but at the same time to reflect cultural and business attitudes to data in China, as well as new technologies (including advances in AI, biometrics and data analytics), and to enable flows of personal data.

Data Privacy

Data Privacy Privacy Compliance Analytics

Trusting your supply chain with personal information

CGI

MARCH 3, 2019

Where sensitive information is exchanged, it is important that responsibility for cyber security is also shared. Without agreements and a clear understanding of each company’s security role, your supplier could become the weakest security link in your ecosystem. This is especially important when it comes to personal information.

GDPR

GDPR Insurance Data breaches Personal data

EUROPE: Latest WP29 Guidelines on Data Breach Notifications and Profiling

DLA Piper Privacy Matters

OCTOBER 20, 2017

On 18 October 2017, WP29 published proposed Guidelines on two key aspects of the GDPR – namely: Personal Data Breach Notification (Articles 33/34); and. Data Breach Notification. In particular: Non-availability of a system which contains personal data (e.g.

Data breaches

Data breaches Personal data Encryption GDPR

Centre for Information Policy Leadership Discusses Privacy Risk Management at the OECD Working Party on Security and Privacy in the Digital Economy

Hunton Privacy

DECEMBER 16, 2014

The event focused on several new references to “risk” in the 2013 revised OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in time for the main 2016 Ministerial meeting.

Privacy

Privacy Risk Security Insurance

UK: The rise of privacy group action risk

DLA Piper Privacy Matters

DECEMBER 7, 2017

The Vidal-Hall decision has since been relied upon in successful claims for damages for distress including TLT & others v Secretary of State for the Home Department and the Home Office [2016] EWHC 2217 (erroneous publication of personal data by the Home Office) and Gulati v MGN Ltd [2015] EWCA Civ 1291 (phone hacking).

Risk

Risk Privacy GDPR Data breaches

eDiscovery and the GDPR: Ready or Not, Here it Comes: eDiscovery Best Practices

eDiscovery Daily

DECEMBER 3, 2017

In 1980, in an effort to create a comprehensive data protection system throughout Europe, the Organization for Economic Cooperation and Development (OECD) issued its “Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data.”. PREPARATION TRAJECTORY.

GDPR

GDPR IT Personal data Privacy

UK: Supreme Court judgment in Morrisons – employer not vicariously liable for data breach

DLA Piper Privacy Matters

APRIL 1, 2020

A few months later, he uploaded the data onto a file-sharing website and later sent it to newspapers. this applies whether the data controller is the employer or the employee (in this case it was the employee). this applies whether the data controller is the employer or the employee (in this case it was the employee).

Data breaches

Data breaches GDPR Personal data Information governance

You’ve Never Heard of the C-Suite Targeting Scam, but It’s a Killer

Adam Levin

MARCH 16, 2020

That is exponentially more expensive than other cyber events. But don’t let the 79% recovery rate lull you into a false sense of security. Department of Homeland Security, the U.S. Taking into account unknowables, we’re talking about a ballpark cost of roughly $75,000 per BEC-related complaint. Department of State.

Phishing

Phishing Insurance Data breaches Personal data

FRANCE: CNIL adopts new single authorization on fraud prevention systems

DLA Piper Privacy Matters

SEPTEMBER 29, 2017

The French data protection authority (CNIL) has just adopted Single Authorization No. AU-054 (the “AU-054”) on July 13, 2017 in order to cover the processing of personal data implemented in relation to these fraud prevention/detection systems. The broad range of personal data that can be processed under the AU-054.

Personal data

Personal data Financial Services Insurance Risk

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

ARMA International

AUGUST 2, 2019

with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. According to the FTC’s press release, the data breach included “names and dates of birth, Social Security numbers, physical addresses, and other personal information that could lead to identity theft and fraud.”

Cloud

Cloud Data breaches Encryption Access

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Top 8 Cyber Insurance Companies for 2022

Trending Sources

Is Artificial Intelligence relevant to insurance?

Checklist for Getting Cyber Insurance Coverage

NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

The Taxman Cometh for ID Theft Victims

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

EUROPE: Are GDPR fines insurable in the countries where you operate?

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Stretching the boundaries through artificial intelligence: the European proposal for a dedicated regulation. The protection of personal data.

List of Data Breaches and Cyber Attacks – May 2023

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

How to Manage Your Cyber Risks

Data protection strategy: Key components and best practices

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

List of Data Breaches and Cyber Attacks in June 2022 – 34.9 Million Records Breached

UAE: Federal level data protection law enacted

Swarmshop – What goes around comes around: hackers leak other hackers’ data online

Ready for Take-off: Rising Above Airport Cybersecurity Challenges

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

NYDFS settles with EyeMed for $4.5 million

6,009,014 MovieBoxPro Accounts Breached in Another Data Scraping Incident

Think Ransomware Can’t Put You Out of Business?

When Do You Need to Report a Data Breach?

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Saudi Arabia’s New Data Protection Law – What you need to know

What is a Cyberattack? Types and Defenses

China Releases National Standard on Personal Information Security

ICYMI –December in privacy and cybersecurity

Global Ransomware Attacks Raise Key Legal Considerations

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

New Jersey Moves Forward With Shopper Privacy Bill

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

UK: How real is the threat of data protection group litigation in the UK?

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

Trusting your supply chain with personal information

EUROPE: Latest WP29 Guidelines on Data Breach Notifications and Profiling

Centre for Information Policy Leadership Discusses Privacy Risk Management at the OECD Working Party on Security and Privacy in the Digital Economy

UK: The rise of privacy group action risk

eDiscovery and the GDPR: Ready or Not, Here it Comes: eDiscovery Best Practices

UK: Supreme Court judgment in Morrisons – employer not vicariously liable for data breach

You’ve Never Heard of the C-Suite Targeting Scam, but It’s a Killer

FRANCE: CNIL adopts new single authorization on fraud prevention systems

Sorting Through the Whirlwind of News on the Proposed Equifax Settlement and Capital One Breach

Stay Connected