GDPR, Insurance and Privacy - Information Management Today

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

Data Breach Today

SEPTEMBER 7, 2023

Also, Google Fitbit Faces Privacy Complaints From Schrems This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware (..)

Insurance

Insurance GDPR Privacy Ransomware

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

NOVEMBER 7, 2018

Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.

Insurance

Insurance GDPR Privacy IT

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. Under applicable law, the MDK draws up reports on the capacity of individuals insured by the health insurance fund to work.

GDPR

GDPR Personal data Insurance Access

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Dark Reading

SEPTEMBER 10, 2020

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance.

Insurance

Insurance GDPR Data Privacy Cybersecurity

Data privacy examples

IBM Big Data Hub

APRIL 24, 2024

These are just some examples of how organizations support data privacy , the principle that people should have control of their personal data, including who can see it, who can collect it, and how it can be used. One cannot overstate the importance of data privacy for businesses today.

Data Privacy

Data Privacy Privacy GDPR Personal data

Why Cyber Insurance is Essential in 2022

IT Governance

MAY 24, 2022

One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. These activities aren’t typically included in standard business insurance policies, which tend to only cover costs related to technical issues, such as corrupted hard drives and lost devices. The benefits of cyber insurance.

Insurance

Insurance Data breaches GDPR Ransomware

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

AIIM

MARCH 26, 2018

This is the ninth post in a series on privacy by Andrew Pery. You might also be interested in: Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law.

GDPR

GDPR Data Privacy Privacy Compliance

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Source (New) Transport USA Yes 129,611 Tcman Source (New) Manufacturing Spain Yes 108 GB (179 files) Compass Group Italia Source (New) Hospitality Italy Yes 107 GB Pan-American Life Insurance Group, Inc. Incorporated Source (Update) Insurance USA Yes 7,361 Advantis Global, Inc. and Robert W. Baird & Co.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

Italian data protection authority notifies OpenAI of GDPR breaches Following last March’s temporary ban in the country, Italy’s data protection regulator, the Garante per la Protezione dei Dati Personali, has notified ChatGPT’s parent company, OpenAI, that it has identified several breaches of data protection law.

Data Privacy

Data Privacy Privacy Insurance Security

EUROPE: Are GDPR fines insurable in the countries where you operate?

DLA Piper Privacy Matters

MAY 17, 2018

DLA Piper and Aon have launched a guide ‘ The price of data security ‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group’s annual global turnover.

Insurance

Insurance GDPR Data breaches Personal data

Mastering healthcare data governance with data lineage

IBM Big Data Hub

MAY 9, 2024

Healthcare organizations need a strong data governance framework to help ensure compliance with regulations like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the US and the General Data Protection Regulation (GDPR) in the EU. Instead, it uses active metadata.

Government

Government GDPR Compliance Analytics

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

IT Governance

DECEMBER 5, 2023

New York Governor proposes cyber security regulations for hospitals New York Governor Kathy Hochul has proposed new cyber security regulations for all hospitals operating in the state, which are expected to complement the security requirements of HIPAA (the Health Insurance Portability and Accountability Act). We hope you found it useful.

Data Privacy

Data Privacy Privacy Manufacturing Retail

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

This is the 11th post in a series on privacy by Andrew Pery. You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. Mitigate Data Privacy and Security Risks with Machine Learning.

GDPR

GDPR Compliance Privacy Data Privacy

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019. The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. (e) Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

Related: How NIST protocols fit SMBs The essence of the NIST CSF is showing up in the privacy regulations now being enforced in Europe, as well as in a number of U.S. and the upcoming NIST Privacy Framework. That could be for insurance purposes. “As As with any insurance, cyber insurance really requires due care.”

Cybersecurity

Cybersecurity Insurance Security Privacy

Dutch Supervisory Authority Investigates GDPR Compliance in the Healthcare Sector

Data Matters

AUGUST 23, 2018

On 21 August 2018, the Dutch Supervisor Authority announced that it had conducted an investigation into the designation of a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR) by 91 hospitals and 33 healthcare insurers in the Netherlands.

GDPR

GDPR Compliance Insurance Communications

Italy: Privacy law integrating the GDPR adopted, what to do?

DLA Piper Privacy Matters

MAY 14, 2018

The Italian privacy law integrating the GDPR has been finalized by the Board of Ministers, unveiling unexpected surprises a few days before the 25th of May 2018. Below are my top 5 derogations to the GDPR provided by the Italian privacy law: 1. Criminal sanctions for privacy breaches confirmed.

GDPR

GDPR Privacy Systems administration Compliance

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Thales Cloud Protection & Licensing

DECEMBER 22, 2020

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing. Traditionally, privacy has taken the form of a policy document created, housed, and referenced by the offices of general counsel and compliance at most organizations. Data privacy is not a check-the-box compliance or security item.

Data Privacy

Data Privacy Privacy Security Encryption

Belgian DPA Publishes Post-GDPR Activity Review

Hunton Privacy

NOVEMBER 26, 2018

On November 23, 2018, the Belgian Data Protection Authority (the “Belgian DPA”) published a review of its activities since the EU General Data Protection Regulation (“GDPR”) became applicable on May 25, 2018 (the “Review”). In the Review, the Belgian DPA makes the following observations: The GDPR in Numbers.

GDPR

GDPR Data breaches Financial Services Insurance

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

million people was compromised, including names, addresses, dates of birth, Social Security numbers, taxpayer identification numbers, medical information, health insurance information, and billing and claims information. Information relating to nearly 4.5 Data breached: 4,452,782 records.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

AI ICO launches consultation on generative AI and data protection The Information Commissioner’s Office has launched a consultation series on the application of data protection law to generative AI models, particularly in relation to the UK GDPR and Part 2 of the DPA 2018. O’Hara & Sons, Inc. That’s it for this week’s round-up.

Data Privacy

Data Privacy Privacy Manufacturing Retail

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). This legislation was enacted on an extraordinarily accelerated timeframe as part of compromise with the sponsor of a comparable privacy ballot initiative, which had qualified to be placed before state voters on Election Day in November 2018.

GDPR

GDPR Privacy Sales Data breaches

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

noyb accuses Meta of unlawfully ignoring users’ right to easily withdraw consent The privacy rights group noyb has accused Meta’s “pay or okay” system, which requires users to pay a “privacy fee” to avoid being tracked, of violating the GDPR’s requirements relating to the withdrawal of consent.

Data Privacy

Data Privacy Privacy Manufacturing Retail

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Main takeaways from the EDBP guidelines are: Connected vehicles raise various privacy and data protection concerns, such as the lack of control and information asymmetry, the risk of excessive data collection; the risk of unlawful further processing of personal data; Most data associated with connected vehicles are considered as personal data (e.g.

Privacy

Privacy Personal data GDPR Insurance

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

IT Governance

APRIL 22, 2024

Cloud, FL Source (Update) Public USA Yes 719,597 Regulator Marine Inc Source (New) Manufacturing USA Yes 630 GB Risas Dental and Braces Source 1 ; source 2 (New) Healthcare USA Yes 618,189 HUB International Source (New) Insurance USA Yes 514,477 Lee University Source 1 ; source 2 (New) Education USA Yes 387.49

Data Privacy

Data Privacy Privacy Manufacturing Security

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

The Last Watchdog

AUGUST 1, 2019

That includes social security and social insurance numbers, bank account numbers, phone numbers, birth dates, email addresses and self-reported income; in short, just about everything on an identity thief’s wish list. Best security and privacy practices on everyone’s part is more imperative than ever.

Data Privacy

Data Privacy Privacy Data breaches Cloud

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

the Health Insurance Portability and Accountability Act (HIPAA)), the answer is generally that a company should implement a “reasonable data privacy and security program” under all circumstances. Companies should have written data privacy and security policies and procedures in place. Insurability. Reasonable protections.

Security

Security Data Privacy Privacy Data breaches

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

IT Governance

JANUARY 30, 2024

Source (New) Retail USA Yes 2,588,849 Keenan & Associates Source 1 ; source 2 (Update) Insurance USA Yes 1,509,616 AGC Group Source (New) Manufacturing Japan Yes 1.5 According to the resulting report, GDPR: a culture of non-compliance ?, TB Four Hands Source (New) Manufacturing USA Yes 1.5 Source (New) Non-profit USA Yes 25,908.62

Data Privacy

Data Privacy Retail Privacy Manufacturing

European Commission Releases Assessment of the EU Member States’ Rules on Health Data in Light of GDPR

Data Matters

MARCH 9, 2021

On February 12, 2021, the European Commission ( Commission ) published an “Assessment of the EU Member States’ rules on health data in the light of GDPR” (the Assessment ). In turn, this has led to a fragmented approach to the processing of health data for health and research purposes across the EU. primary use.

GDPR

GDPR e-Delivery Government Access

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

With a mammoth GDPR fine handed out to Google last week, it’s time for organisations to reassess their understanding of the Regulation. We’re through the eye of the GDPR (General Data Protection Regulation) storm. The GDPR concerns personal data that is: Collected in an enterprise context; and. Some began to lose faith.

GDPR

GDPR Compliance Personal data Data breaches

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

Data Matters

AUGUST 9, 2021

In recent weeks, Connecticut passed An Act Concerning Data Privacy Breaches (“The Act”), and the Uniform Law Commission approved and recommended the Uniform Personal Data Protection Act (“UPDPA”). Connecticut: An Act Concerning Data Privacy Breaches.

Data breaches

Data breaches Privacy Personal data Data Privacy

BELGIUM: Belgian DPA provides first status update after six months of GDPR

DLA Piper Privacy Matters

NOVEMBER 26, 2018

The Belgian DPA has released a first status update six months after the GDPR became applicable. According to the Belgian DPA, the spectacular increase in the number of notified breaches can be explained by the mandatory notification that was expanded in the GDPR. Unlike in Portugal and Austria, no GDPR fines have been issued.

GDPR

GDPR Data breaches Financial Services Insurance

FINLAND: Insurance against administrative fines announced as not permitted

DLA Piper Privacy Matters

OCTOBER 23, 2018

The Financial Supervisory Authority in Finland (FIN-FSA) has on 16 October 2018 published an interpretation that provision of insurance against administrative fines and penalty payments is contrary to good insurance practice and is therefore not permitted. Interpretation of ‘Good Insurance Practice‘. Possible implications.

Insurance

Insurance GDPR Risk Compliance

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

CIPL and AvePoint Release Global GDPR Readiness Report

Hunton Privacy

NOVEMBER 10, 2016

On November 9, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Data Privacy Compliance Privacy

California’s GDPR? Sweeping California Privacy Ballot Initiative Could Bring Sea Change to U.S. Privacy Regulation and Enforcement

Data Matters

JUNE 26, 2018

On June 25, 2018, California Secretary of State Alex Padilla announced that a potentially significant privacy initiative is eligible for the Nov. If passed, the ballot initiative — the California Consumer Privacy Act (CCPA) — would immediately make sweeping changes to California’s privacy laws. 6 general election ballot.

Privacy

Privacy GDPR Sales Data breaches

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

Information Governance Perspectives

MAY 10, 2020

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Privacy makes data governance ethical and tangible, and compliance leaders understand that.

Compliance

Compliance Information governance Privacy Data Privacy

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors.

GDPR

GDPR Personal data Data collection Marketing

The True Global Effect of the GDPR

HL Chronicle of Data Protection

MAY 3, 2018

“European data protection rules will become a trademark people recognise and trust worldwide” That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted.

GDPR

GDPR Privacy Personal data Insurance

What’s In Your Business Plan? California’s Privacy Law Goes Into Effect

Adam Levin

JANUARY 2, 2020

California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted.

Privacy

Privacy Insurance GDPR Personal data

Privacy and Cybersecurity Top 10 for 2018

Data Matters

JANUARY 2, 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: EU GDPR.

Cybersecurity

Cybersecurity Privacy Data breaches GDPR

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Reltio

AUGUST 16, 2018

On May 25, 2018 GDPR (General Data Protection Regulation) went into effect. The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR

GDPR MDM Compliance Personal data

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

How Cyber Insurance Is Changing in the GDPR Era

Trending Sources

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Data privacy examples

Why Cyber Insurance is Essential in 2022

Security Compliance & Data Privacy Regulations

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

EUROPE: Are GDPR fines insurable in the countries where you operate?

Mastering healthcare data governance with data lineage

The Week in Cyber Security and Data Privacy: 27 November – 3 December 2023

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

Over-Retention of Personal Data

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

Dutch Supervisory Authority Investigates GDPR Compliance in the Healthcare Sector

Italy: Privacy law integrating the GDPR adopted, what to do?

California Enacts Broad Privacy Laws Modeled on GDPR

Cross-Border Data Privacy and Security Concerns in the Dawn of Quantum Computing

Belgian DPA Publishes Post-GDPR Activity Review

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

California Enacts Broad Privacy Protections Modeled on GDPR

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

EUROPE: New privacy rules for connected vehicles in Europe?

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

ROUNDTABLE: Huge Capital One breach shows too little is being done to preserve data privacy

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Week in Cyber Security and Data Privacy: 22 – 28 January 2024

European Commission Releases Assessment of the EU Member States’ Rules on Health Data in Light of GDPR

Wake up to the reality of the GDPR: What you need to know about compliance

Connecticut Strengthens Data Breach Notification Requirements and the Uniform Law Commission Approves and Recommends Comprehensive and Uniform State Privacy Legislation

BELGIUM: Belgian DPA provides first status update after six months of GDPR

FINLAND: Insurance against administrative fines announced as not permitted

GDPR – The Year in Review

CIPL and AvePoint Release Global GDPR Readiness Report

California’s GDPR? Sweeping California Privacy Ballot Initiative Could Bring Sea Change to U.S. Privacy Regulation and Enforcement

Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

The True Global Effect of the GDPR

What’s In Your Business Plan? California’s Privacy Law Goes Into Effect

Privacy and Cybersecurity Top 10 for 2018

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Stay Connected