Exercises, Insurance and Risk - Information Management Today

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

The Last Watchdog

MAY 10, 2021

With RSA Conference 2021 technical sessions getting underway today, I sat down with Fred Kneip, CEO of CyberGRX , to hash over the notion that a lot of good could come from more systematic sharing of the risk profiles that large enterprises routinely compile with respect to their third-party contractors. Crowdsourcing risk profiles.

Risk

Risk Insurance Access Security

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

JANUARY 2, 2019

New cybersecurity rules for insurance companies licensed in South Carolina are set to take effect in part on January 1, 2019. The new law is the first in the United States to be enacted based on the data security model law drafted by the National Association of Insurance Commissioners.

Insurance

Insurance Cybersecurity Data breaches Encryption

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Data Matters

FEBRUARY 20, 2019

On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. Unlawful Discrimination.

Insurance

Insurance Financial Services Compliance Retail

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

Time and tide waits for no man – IoT in Insurance

CGI

MAY 27, 2016

Time and tide waits for no man – IoT in Insurance. This old saying could also be applied for what is happening in the insurance market with IoT and that given the drive behind IoT in both the consumer and business markets. For example, car insurance could be varied between theft and fully comprehensive when the Car is not being used.

Insurance

Insurance IoT Marketing Manufacturing

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019. The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Hunton Privacy

MARCH 24, 2022

Similar to the CPA and VCDPA, the UCPA contains exemptions for covered entities, business associates and protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and financial institutions or personal data subject to the Gramm-Leach-Bliley Act (“GLB”). In line with existing U.S.

Privacy

Privacy Personal data Sales B2B

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

APRIL 18, 2023

The bill also contains a number of exemptions, including exceptions for financial institutions, affiliates, and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996, nonprofit organizations and institutions of higher education.

Privacy

Privacy Personal data Sales Insurance

Understanding HIPAA: A Guide to Avoiding Common Violations

Armstrong Archives

AUGUST 25, 2023

The Health Insurance Portability and Accountability Act (HIPAA) ensures individuals’ health data protection and privacy. This includes insurance companies, nurses, and doctors. To prevent something like this from happening, it always helps to check the access logs and exercise control over who can view sensitive information like this.

Computer and Electronics

Computer and Electronics Insurance Compliance Risk

Regulatory Update: NAIC Fall 2018 National Meeting

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. GCC using a risk-based capital aggregation methodology. sector; and.

Insurance

Insurance Paper Risk Big data

Cybersecurity: Managing Risks With Third Party Companies

Cyber Info Veritas

JULY 19, 2018

This article will focus on some strategies that organizations should consider implementing in order to mitigate their cybersecurity risk as far as third-party service providers are concerned. Failure to assess your risks means that you will not be able to properly manage them and your company will be susceptible to cyber threats.

Risk

Risk Cybersecurity Compliance Data breaches

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

eSecurity Planet

OCTOBER 18, 2022

Those findings echo comments made earlier this year at the RSA Conference by Joe Hubback, managing director EMEA at cyber risk management startup ISTARI. “Many vendors present AI as a black box solution, so how do you qualify risks and benefits? What Should Security Buyers Do?

IT

IT Security Cybersecurity Marketing

Regulatory Update: NAIC Summer 2020 National Meeting

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance

Insurance Paper Artificial Intelligence Big data

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

“The current pandemic is pushing the entire medical industry to minimize risk,” he added.

Communications

Communications Insurance Compliance Cybersecurity

Oregon Consumer Privacy Act

Hunton Privacy

JULY 12, 2023

The OCPA provides an exemption to personal data subject to the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and a number of other federal laws. Thus, like most other comprehensive state privacy laws, employee data and business-to-business data are excluded from the scope of the OCPA.

Privacy

Privacy Personal data Insurance Sales

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

Data Matters

FEBRUARY 6, 2019

The stolen information allegedly included names and identifying information, hashed passwords, security questions and answers, family information, Social Security numbers, lab results, health insurance information, doctor’s names, and medical conditions, among other things.

Data breaches

Data breaches Computer and Electronics Security Insurance

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

MFA was also expressly named by both Microsoft and Mandiant as one of the most important recommendations to mitigate risk. Create, Maintain, and Exercise a Cyber Incident Response, Resilience, and Continuity of Operations Plan. Implement centralized log collection and monitoring.

Cybersecurity

Cybersecurity Financial Services Authentication Government

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

Data Matters

DECEMBER 1, 2021

Concurrently, the OCC , the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation (the Agencies) released a joint statement alerting the industry of their intent to provide additional guidance in the coming months concerning certain activities related to cryptoassets conducted by banking organizations.

Compliance

Compliance Risk Insurance Sales

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

We make IT, security, or any business decision by weighing the risks and the rewards. Be in-line with insurance policies. Be in-line with insurance policies. Insurance policies can also heavily influence how we respond to an incident—particularly cybersecurity. Document contingencies. Incorporate stakeholder feedback.

Insurance

Insurance Ransomware Data breaches Cloud

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

HL Chronicle of Data Protection

MARCH 16, 2020

Although a lot of attention is paid – as it must be – to the technological aspects of cybersecurity breaches, we believe that the litigation and regulatory risks cannot be overstated. The incident response plan should be tested in tabletop exercises involving the individuals and teams who would be involved in a real-world incident.

Cybersecurity

Cybersecurity Financial Services Risk Insurance

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

To this end, the Report underlines that employers are subject to Spanish regulations related to preventing occupational risks. Employers thus may rely on Article 6(1)(c) when processing their employees’ personal data to comply with such obligations.

Personal data

Personal data GDPR Risk Insurance

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JULY 20, 2023

The DPDPA also contains a number of exemptions, including exceptions for financial institutions, affiliates and data subject to Title V of the Gramm-Leach-Bliley Act, covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 and nonprofit organizations.

Privacy

Privacy Personal data Sales Risk

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

These draft guidelines highlight the data protection risks related to such applications, with general recommendations regarding the processing of personal data in relation to the non-professional use of connected vehicles and present some use cases. Risks identified by the European Data Protection Board.

Privacy

Privacy Personal data GDPR Insurance

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

The classic example is the insurer that won’t pay for care that a doctor determines a patient needs. Insurers are about profit; doctors are about delivering the best care. With collaborative videoconferencing: Low-income patients without insurance can use the Emergency Room less often. Telemedicine.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

processing personal data which is necessary for the purposes of carrying out the obligations and exercising rights of the data controller or of the data subject in the field of employment and social security and social protection law. Conduct a data mapping exercise. The form and use of consents should be considered carefully.

Personal data

Personal data Data breaches GDPR Compliance

How to improve your cyber resilience

IT Governance

FEBRUARY 15, 2019

It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function. Identifying risks. You should be familiar with risk assessments , which are used in many business functions to identify and prioritise organisational threats.

Risk

Risk GDPR Communications Insurance

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Security Affairs

SEPTEMBER 15, 2022

Advise all employees to exercise caution while revealing sensitive information such as login credentials through phone or web communications. Update or draft an incident response plan, in accordance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules.

Passwords

Passwords Phishing Authentication Communications

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

DECEMBER 2, 2020

financial information, life/health insurance information, specified medical information, information leading to identification of a vulnerable adult, child, or young person who is the subject of an investigation or relating to court proceedings involving a child and young person, or. NEW consent exceptions.

Data Privacy

Data Privacy Privacy Data breaches Personal data

Data Modeling 101: OLTP data modeling, design, and normalization for the cloud

erwin

MAY 2, 2022

While talking to the business people about the business requirements, entities tend to be the plural nouns that they mention: insureds, beneficiaries, policies, terms, etc. Look again at Figure 7, what is the difference between an insured and a beneficiary? What is an entity? Just write them down, fill in details later.

Cloud

Cloud Insurance Metadata IT

Getting ready for artificial general intelligence with examples

IBM Big Data Hub

APRIL 18, 2024

Image (55%): Gen AI can simulate how a product might look in a customer’s home or reconstruct an accident scene to assess insurance claims and liability. By analyzing historical data and medical trends, AGI might predict a patient’s specific potential risk of developing certain diseases. Mastering a topic?

Artificial Intelligence

Artificial Intelligence Marketing e-Delivery Manufacturing

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

Mitigate Data Privacy and Security Risks with Machine Learning. They also assist in mitigating risks, particularly identification of appropriate cyber insurance protection and indemnification clauses in the event of a breach. You might also be interested in: The Re-Permissioning Dilemma Under GDPR.

GDPR

GDPR Compliance Privacy Data Privacy

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Thales Cloud Protection & Licensing

MARCH 6, 2018

Some impact specific countries while others focus on individual industries, but each regulation being enforced is an indication that companies must be more accountable when it comes to how they manage data privacy and people’s data or they risk having to pay large fines.

Compliance

Compliance GDPR Encryption Data Privacy

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

Some of these steps include: Conduct a data mapping exercise. The data mapping exercise will provide an organisation with a snapshot of how its data is collected and managed. After conducting the data mapping exercise, the information will need to be systematised into a format that can be readily accessed by the organisation.

Personal data

Personal data Compliance Computer and Electronics IoT

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. A data subject request is an action by an individual to exercise that right, and the organization has an obligation to respond to that request 10 11. resumes, personnel files, video/call recordings).

Personal data

Personal data GDPR Privacy Records Management

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

The Last Watchdog

AUGUST 1, 2023

1, 2023 – Guardz , the cybersecurity company securing and insuring SMEs, today disclosed the existence of a Hidden Virtual Network Computing (hVNC) malware targeting macOS devices. SMEs, who once considered macOS as the safer option, should exercise caution and prepare themselves for the impacts of this changing threat landscape.

Insurance

Insurance Cybersecurity Risk Education

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

DLA Piper Privacy Matters

NOVEMBER 19, 2018

In the continuity of this accompaniment, the CNIL published on November 6th 2018 its DPIA guidelines supplementing the G29 Working Party’s opinion on DPIA along with its DPIA list which gives concrete examples of data processing operations likely to result in a high risk. in the automotive insurance sector); Monitoring.

Data Privacy

Data Privacy IT GDPR Privacy

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

Exempts from deletion personal information needed to complete insurance transactions. 5/29 – referred to Senate Committee on Judiciary and Senate committee on Insurance. Article 8: GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019. 5/22 – referred to Senate Committee on Judiciary.

Sales

Sales Privacy Insurance Manufacturing

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

A structured approach to identifying operations that are “high risk” is needed, as well as implementing risk mitigation measures. Even if a comprehensive data mapping exercise has not yet completed, every organization should conduct a baseline test to ensure that marketing opt out requests will be honored.

GDPR

GDPR Personal data Compliance Data breaches

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. ceding insurer could be eligible for the same reduced collateral requirements that would apply to qualifying EU reinsurers under the revised CFR Model Laws.

Insurance

Insurance Blockchain Big data Risk

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

KnowBe4

APRIL 25, 2023

link] [Head Scratcher] More Companies With Cyber Insurance Are Hit by Ransomware Than Those Without? In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed. Date/Time: Wednesday, May 3, @ 2:00 PM (ET) Save My Spot!

Insurance

Insurance Security awareness Phishing Ransomware

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

Data Matters

OCTOBER 24, 2019

For deletion requests, businesses are to use a different verification standard (“high” or “reasonable” certainty) depending on the sensitivity of the personal information and the risk of harm to the consumer posed by any unauthorized deletion. available technology for verification.

Privacy

Privacy Sales Authentication Passwords

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

DLA Piper Privacy Matters

APRIL 23, 2020

These are defined as “decisions that result in the provision or denial of financial and lending services, housing, insurance, education enrollment, criminal justice, employment opportunities, health care services, or access to basic necessities such as food and water, or that impact civil rights of individuals.”

Privacy

Privacy Government Insurance IT

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

IGI

NOVEMBER 10, 2017

Preservica is witnessing an awakening by board directors and a number of C-suite roles to the business and risk mitigation benefits of proactively addressing long-term information access. So as the benchmark study reported, the need for long-term digital preservation and access capabilities is pervasive.

Digital preservation

Digital preservation Government Digital transformation Access

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. Anti-Discrimination Provisions. 1] The CCPA defines “personal information” to include IP addresses.

Privacy

Privacy Sales Compliance Cybersecurity

RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Webinars

Trending Sources

New York Department of Financial Services Issues Guidance Regarding Life Insurers’ Use of External Consumer Data in Underwriting

Webinars

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

Time and tide waits for no man – IoT in Insurance

Over-Retention of Personal Data

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Understanding HIPAA: A Guide to Avoiding Common Violations

Regulatory Update: NAIC Fall 2018 National Meeting

Cybersecurity: Managing Risks With Third Party Companies

More Than 90% of IT Decision Makers Struggle to Evaluate Security Products

Regulatory Update: NAIC Summer 2020 National Meeting

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Oregon Consumer Privacy Act

First Multistate HIPAA Data Breach Lawsuit May Signal Increased State Interest in Data Security Enforcement

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

U.S. Banking Agencies Signal Closer Review of Cryptocurrency Activities

How to Develop an Incident Response Plan

(Discussion Recap) A Perfect Storm? Panel Discussion on Handling a Cybersecurity Incident

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

EUROPE: New privacy rules for connected vehicles in Europe?

Information Management in the Not-So-Distant Future of Health Care

UAE: Federal level data protection law enacted

How to improve your cyber resilience

FBI: Millions in Losses resulted from attacks against Healthcare payment processors

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Modeling 101: OLTP data modeling, design, and normalization for the cloud

Getting ready for artificial general intelligence with examples

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

2018 Global Data Regulations & Compliance Heat Up – Are you Ready?

Saudi Arabia’s New Data Protection Law – What you need to know

The Impact of Data Protection Laws on Your Records Retention Schedule

News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)

FRANCE: THE CNIL PUBLISHES ITS DATA PRIVACY IMPACT ASSESSMENT (DPIA) GUIDELINES AND A LIST OF PROCESSING OPERATIONS SUBJECT TO A DPIA

Nevada, New York and other states follow California’s CCPA

GDPR is upon us: are you ready for what comes next?

Regulatory Update: NAIC Spring 2019 National Meeting

CyberheistNews Vol 13 #17 [Head Start] Effective Methods How To Teach Social Engineering to an AI

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

US: In Washington State’s landmark facial recognition law, public sector practices come under scrutiny and regulation

Join Our Webinar on November 16th: IGI & Preservica Address the Governance of Long-Term Digital Information

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Stay Connected