Examples, Information Security, Insurance and Privacy

What Is Information Security Management?

IT Governance

FEBRUARY 22, 2022

Information security management is a way of protecting an organisation’s sensitive data from threats and vulnerabilities. The process is typically embedded via an ISMS (information security management system) , which provides the framework for managing information security. Improve company culture.

Information Security

Information Security Security Data breaches Risk

Why Cyber Insurance is Essential in 2022

IT Governance

MAY 24, 2022

One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. These activities aren’t typically included in standard business insurance policies, which tend to only cover costs related to technical issues, such as corrupted hard drives and lost devices. The benefits of cyber insurance.

Insurance

Insurance Data breaches GDPR Ransomware

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy

Data Privacy Compliance Privacy Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Data Matters

FEBRUARY 2, 2021

The National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law has been adopted in at least 11 states, with several others (including New York) having implemented either older or similar laws or administrative guidance. appeared first on Data Matters Privacy Blog. See MCL § 500.555(9).).

Insurance

Insurance Security Compliance Cybersecurity

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

The Australian legislature increased maximum penalties for ‘serious’ contraventions of the Privacy Act with effect from December 2022 to at least A$50 million. If made out, this would be a breach of Australian Privacy Principle 11.1. However, the maximum penalty available in this case will be A$2.2 Class actions.

Data breaches

Data breaches Privacy Risk Information Security

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Krebs on Security

JULY 21, 2023

But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. For example, 88 percent listed a Director of Human Resources (or “Chief People Officer”), and 37 out of 100 included a Chief Marketing Officer.

Security

Security Risk Insurance Cybersecurity

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Thousands of Humana customers have their medical data leaked online by threat actors

Security Affairs

JULY 21, 2021

Experts found a DB containing sensitive health insurance data belonging to customers of US insurance giant Humana. An SQL database containing what appears to be highly sensitive health insurance data of more than 6,000 patients has been leaked on a popular hacker forum.

Insurance

Insurance Passwords Libraries Access

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

Hunton Privacy

OCTOBER 14, 2014

The Department of Homeland Security concluded that these mergers introduced latent weaknesses into the company’s network, allowing hackers to go largely undetected for a significant period of time. The incident raises some issues for cyber insurance.

Insurance

Insurance Cybersecurity Manufacturing Information Security

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

Information Governance Perspectives

MAY 10, 2020

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Privacy makes data governance ethical and tangible, and compliance leaders understand that.

Compliance

Compliance Information governance Privacy Data Privacy

Contracting for Cybersecurity Risks: Mitigating Weak Links

Data Protection Report

NOVEMBER 9, 2022

Defining Information Security Practices. As a first line of defence, the best way to mitigate against vendor breaches is to make sure the vendor is contractually required to maintain strong information security practices and policies that are in line with legal and industry-specific standards. Concluding Remarks.

Risk

Risk Cybersecurity Insurance Data breaches

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

As indicated in the paragraph quoted above, the company collected some very sensitive personal information. Its privacy policy stated that the company would treat the data confidentially, and the company would not share data without user consent. pushing back on indefinite retention of information.

Personal data

Personal data Privacy Information governance Compliance

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

Another example is the inclusion of remediation details for old vulnerabilities (including some dating back to 2018) and CISA stating that the Russian state-sponsored advanced persistent threat (“APT”) actors have used these “common but effective” vulnerabilities for attacks. The post U.S.

Cybersecurity

Cybersecurity Financial Services Authentication Government

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Hunton Privacy

JUNE 13, 2023

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”).

Risk

Risk Insurance Compliance Information Security

Belden discloses data breach as a result of a cyber attack

Security Affairs

NOVEMBER 25, 2020

Safety is always paramount at Belden and we take threats to the privacy of personal and company information very seriously,” stated Roel Vestjens, president and CEO of Belden. “We We sincerely regret any inconvenience this situation may cause all impacted individuals.”

Data breaches

Data breaches Manufacturing Insurance Access

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

This is the 11th post in a series on privacy by Andrew Pery. Data Privacy and Open Data: Secondary Uses under GDPR. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. Privacy by Design: The Intersection of Law and Technology.

GDPR

GDPR Compliance Privacy Data Privacy

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

For example, we might nominate: The IT security manager to handle a ransomware incident; Our external accountant to investigate financial fraud; or. The building manager to handle threats to physical security at a specific office. Be in-line with insurance policies. Be in-line with insurance policies.

Insurance

Insurance Ransomware Data breaches Cloud

Data security: Why a proactive stance is best

IBM Big Data Hub

JULY 7, 2023

Data protection and data privacy Data protection , defined as protecting important information from corruption, damage or loss, is critical because data breaches resulting from cyberattacks can include personally identifiable information (PII), health information, financial information, intellectual property and other personal data.

Security

Security Data breaches Data Privacy Compliance

A Chief Security Concern for Executive Teams

Krebs on Security

DECEMBER 18, 2018

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Source: Accenture.

Security

Security Marketing Cybersecurity Data breaches

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Data Matters

MAY 17, 2018

SB 315 faced opposition from both private companies and information security researchers. Senate subcommittee on consumer protection, product safety, insurance, and data security to question Uber’s chief information security officer about its bug bounty program and its reported $100,000 payment to the intruders.

Systems administration

Systems administration Cybersecurity Information Security Insurance

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

DECEMBER 10, 2019

Data privacy issues: Cyberattacks often involve identity theft. Insurance: The firm should communicate with its insurance company and review policy coverage. Insurance should be specifically evaluated with potential cyberattacks and data breach in mind.

Data breaches

Data breaches Insurance Authentication Risk

Fund Managers Targeted in Sophisticated Cyberattacks

Data Matters

DECEMBER 10, 2019

Data privacy issues: Cyberattacks often involve identity theft. Insurance: The firm should communicate with its insurance company and review policy coverage. Insurance should be specifically evaluated with potential cyberattacks and data breach in mind.

Data breaches

Data breaches Insurance Authentication Risk

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

The GDPR considers personal data to be anything that identifies, or can be used to identify, a living person, such as your name, National Insurance number or email address (personal or work). Things get a little more complicated when you factor in that each piece of information doesn’t have to be taken on its own.

GDPR

GDPR Compliance Personal data Data breaches

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

The Security Ledger

SEPTEMBER 11, 2019

Episode 158: How NotPetya has Insurers grappling with Systemic Cyber Risk Episode 159: Deep Fakes and Election (in)Security with ZeroFOX. That means that, for companies holding onto personally identifiable information, the cost of ignoring third party risk is growing. . Read the whole entry. »

Risk

Risk GDPR Data Privacy Personal data

Ukraine Crisis – Heightened Cyber Threat – Be Prepared

DLA Piper Privacy Matters

FEBRUARY 28, 2022

An attack may come at any time of the day or night – so ensure that it is clear in the plan who has authority to make emergency out of hours decisions, for example as necessary to protect the wider global network. Check your cyber insurance policy. Also ensure you have contacts with cyber security intelligence services.

Passwords

Passwords Phishing Risk Access

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Nevada and New Hampshire Data Security and Privacy Laws Take Effect

Hunton Privacy

JANUARY 6, 2010

On January 1, 2010, two important state data security and privacy laws took effect in Nevada and New Hampshire. The laws create new obligations for most companies that do business in Nevada and for health care providers and business associates in New Hampshire.

Privacy

Privacy Security Encryption Communications

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

Data Matters

FEBRUARY 10, 2022

For example, SEC guidance from 2018 emphasizes that there is a range of factors that may affect whether an incident should be disclosed to investors beyond the bottom-line financial costs to respond to the incident. 1 Chair Gary Gensler, Cybersecurity and Securities Laws , SEC (Jan. Public Companies and Service Providers.

Cybersecurity

Cybersecurity Marketing Risk Compliance

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

OCTOBER 21, 2019

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and Accountability (HIPAA) regulatory framework. NIST Privacy Framework.

Risk

Risk Compliance Privacy Phishing

Global Ransomware Attacks Raise Key Legal Considerations

Hunton Privacy

MAY 16, 2017

Virgin Islands have laws that require notification to affected individuals (and in some states, regulators) in the event of unauthorized acquisition of or access to personal information. Businesses must also be cognizant of cyber-related shareholder derivative lawsuits, which increasingly follow from catastrophic security breaches.

Ransomware

Ransomware Insurance Access Information Security

NIST Releases Final Cybersecurity Framework

Hunton Privacy

FEBRUARY 12, 2014

However, in one notable change, the Framework no longer includes Appendix B, the “Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program.” Examples of subcategories include “[a]sset vulnerabilities are identified and documented” and “[o]rganizational information security policy is established.”

Cybersecurity

Cybersecurity Risk Insurance Privacy

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR

GDPR Personal data Compliance Data breaches

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

Data Matters

FEBRUARY 25, 2021

The FCA has provided new guidance for PIs and EMIs using the “insurance or comparable guarantee” method of safeguarding. This includes a requirement that the insurance policy or comparable guarantee must pay out for the full amount of any claim regardless of how the relevant insolvency event occurs (including if the firm is at fault).

Authentication

Authentication Paper Risk Insurance

CVS Pays $2.25 Million in Record HIPAA Settlement

Hunton Privacy

FEBRUARY 20, 2009

In the Consent Order, the FTC specifically highlighted CVS’s failure to render PHI unreadable before disposal as well as its claim in its privacy notice that maintaining the privacy of its customers’ PHI was central to its operations as examples of unfair or deceptive trade practices.

CMS

CMS Privacy Compliance Retail

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Privacy governance and management. Riskonnect. Back to top.

Compliance

Compliance Risk Government Retail

M&A Due Diligence: The Devil in Their Data

Data Matters

NOVEMBER 16, 2017

Cybersecurity insurance was a relatively new—and far from prevalent—concept. For example, an FTC complaint recently filed in federal court (Federal Trade Commission v. The post M&A Due Diligence: The Devil in Their Data appeared first on Data Matters Privacy Blog.

Data breaches

Data breaches Cybersecurity Risk Compliance

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Privacy governance and management. Riskonnect. Back to top.

Compliance

Compliance Risk Government Retail

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023.

Data breaches

Data breaches Insurance Personal data Ransomware

Indiana Sues WellPoint for $300,000 for Delay in Data Breach Notification

Hunton Privacy

NOVEMBER 1, 2010

Indiana Attorney General Greg Zoeller announced on October 29, 2010, that he has sued health insurer WellPoint, Inc. For example, Puerto Rico’s breach notification statute requires notification of certain breaches within 10 days of discovery. for alleged failure to provide timely notification of a data breach.

Data breaches

Data breaches Insurance Security IT

Malaysian Data Protection Law Takes Effect

Hunton Privacy

NOVEMBER 19, 2013

At present, these include data users in the communications, banking and finance, insurance, health care, tourism and hospitality, transportation, education, direct sales, services, real estate and utilities sectors. Data users in these categories will have three months from November 15 to register.

Personal data

Personal data Marketing Communications Insurance

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. For example, customers might want to change passwords for other sites or check their bank account for signs of fraud. Part one covers January to June, and will be followed by part in the coming days.

Data breaches

Data breaches GDPR Passwords Personal data

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Data Matters

AUGUST 17, 2021

On August 11, 2021, the Federal Financial Institutions Examination Council (FFIEC)1 issued guidance establishing risk management principles and practices to support the authentication of users accessing a financial institution’s information systems and customers accessing a financial institution’s digital banking services (the Guidance).

Authentication

Authentication Access Risk Financial Services

Obama Administration Releases Highly Anticipated Cybersecurity Executive Order

Hunton Privacy

FEBRUARY 12, 2013

The Cybersecurity Framework also may be used by secondary actors (such as insurance companies and auditors) to evaluate these risks. One example included in the Executive Order is the call for a review of the federal procurement process to create a preference for vendors who meet the Cybersecurity Framework standards.

Cybersecurity

Cybersecurity Risk Compliance Government

What Is Information Security Management?

Why Cyber Insurance is Essential in 2022

Webinars

Trending Sources

Security Compliance & Data Privacy Regulations

Webinars

NAIC Insurance Data Security Law Annual Certifications: Is Yours Due By February 15?

Australian Privacy Regulator Sues in Data Breach Case

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Thousands of Humana customers have their medical data leaked online by threat actors

Cybersecurity Incident Highlights Questions about Cyber Insurance Coverage

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

Contracting for Cybersecurity Risks: Mitigating Weak Links

$10,000,000 civil penalty for disclosing personal data without consent

Privacy and Cybersecurity Top 10 for 2018

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Belden discloses data breach as a result of a cyber attack

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

How to Develop an Incident Response Plan

Data security: Why a proactive stance is best

A Chief Security Concern for Executive Teams

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

Fund Managers Targeted in Sophisticated Cyberattacks

Fund Managers Targeted in Sophisticated Cyberattacks

Wake up to the reality of the GDPR: What you need to know about compliance

Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy

Ukraine Crisis – Heightened Cyber Threat – Be Prepared

New York Enacts Stricter Data Cybersecurity Laws

Nevada and New Hampshire Data Security and Privacy Laws Take Effect

SEC Chair: Sweeping New Cybersecurity Rules Are Coming Soon

OCR Provides Insight into Enforcement Priorities and Breach Trends

Global Ransomware Attacks Raise Key Legal Considerations

NIST Releases Final Cybersecurity Framework

GDPR is upon us: are you ready for what comes next?

UK FCA Consults on Changes to Strong Consumer Authentication, Dedicated Interfaces, and Guidance on Payment Services

CVS Pays $2.25 Million in Record HIPAA Settlement

Top GRC Tools & Software for 2021

M&A Due Diligence: The Devil in Their Data

Top 10 Governance, Risk and Compliance (GRC) Vendors

List of Data Breaches and Cyber Attacks in 2023

Indiana Sues WellPoint for $300,000 for Delay in Data Breach Notification

Malaysian Data Protection Law Takes Effect

2019 end-of-year review part 1: January to June

FFIEC Guidance on Authentication and Access to Financial Institution Services and Systems

Obama Administration Releases Highly Anticipated Cybersecurity Executive Order

Stay Connected