IG Guru

APRIL 16, 2020

Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU.

Insurance 53

Insurance Ransomware Privacy Information governance 53

Hunton Privacy

SEPTEMBER 21, 2023

The publication offers general guidance on issues including what entities the specific laws and regulations cover, the measures covered entities can adopt to maintain the privacy and security of consumers’ health information, and the steps entities must take in the event of a data breach.

Privacy 74

Privacy Data Privacy Security Insurance 74

Hunton Privacy

AUGUST 6, 2019

On August 2, 2019, New Hampshire Governor Chris Sununu signed into law SB 194 (the “Bill”), which requires insurers licensed in the state (“licensees”) to put in place data security programs and report cybersecurity events. Key provisions of the Bill include: Information Security Program. Incident Response Plan.

Insurance 81

Insurance Security Cybersecurity Information Security 81

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance 68

Insurance Security Cybersecurity Data breaches 68

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. The Act defines licensees as persons authorized, registered, or licensed under Michigan insurance laws or required to be so. 6491 (Act). MCL § 500.550.

Insurance 68

Insurance Security Cybersecurity FOIA 68

Data Matters

JULY 30, 2018

In October 2017, the National Association of Insurance Commissioners (NAIC) adopted an Insurance Data Security Model Law. On May 3, 2018, South Carolina became the first state to enact this Model Law, in the form of the South Carolina Insurance Data Security Act (H.B.

Insurance 60

Insurance Security Cybersecurity Data breaches 60

Data Matters

JUNE 23, 2022

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law. The post Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law.

Insurance 103

Insurance Security Cybersecurity Information Security 103

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance 79

Insurance Financial Services Cybersecurity Risk 79

IG Guru

MAY 21, 2021

The post Insurer AXA to Stop Paying for Ransomware Crime Payments in France via Insurance Journal appeared first on IG GURU. Only the U.S.

Insurance 53

Insurance Ransomware Government Cybersecurity 53

IT Governance

OCTOBER 24, 2023

Incident details: Network disruption likely caused by a cyber attack, as “third-party information security experts” are involved. Casio Issues Apology and Notice Concerning Personal Information Leak Date of breach: 11 October 2023. Breached organisation: American Family Insurance, headquartered in Wisconsin, US.

Data Privacy 107

Data Privacy Privacy Security Data breaches 107

Hunton Privacy

MARCH 20, 2020

Companies suddenly find themselves dealing with a host of privacy issues and questions about sharing information with employees, customers and others. In addition, transitioning to a remote workforce can create privacy and data security concerns.

Privacy 67

Privacy Security Insurance Communications 67

Hunton Privacy

MARCH 17, 2023

state to enact comprehensive privacy legislation. The bill is most similar to Utah’s comprehensive privacy law. Unlike some of the other comprehensive state privacy laws, Senate File 262 would not require controllers to undertake data protection assessments.

Privacy 72

Privacy Personal data Sales Insurance 72

IT Governance

NOVEMBER 6, 2023

On 2 September, it confirmed that an unauthorised party had accessed or removed some of its files, some of which contained confidential patient information. Compromised information included patients’ names, dates of birth, postal addresses, Social Security numbers, diagnosis and treatment information, and health insurance information.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

The Last Watchdog

OCTOBER 29, 2018

The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. The FTC considers that ‘reasonable security’ doesn’t mean ‘perfect security.’ Equifax was not special in this regard.

Security 164

Security Data Privacy Privacy Data breaches 164

Security Affairs

JANUARY 18, 2023

Researchers found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services. The post Myrocket HR platform’s data leak turns into privacy nightmare for employees appeared first on Security Affairs. Pierluigi Paganini.

Privacy 87

Privacy Insurance Personal data Phishing 87

Krebs on Security

JUNE 18, 2021

The SEC says First American derives nearly 92 percent of its revenue from its title insurance segment, earning $7.1 Title insurance protects homebuyers from the prospect of someone contesting their legitimacy as the new homeowner. Title insurance is not mandated by law, but most lenders require it as part of any mortgage transaction.

Insurance 277

Insurance Risk Financial Services Mining 277

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy 68

Privacy IT Information Security Insurance 68

Hunton Privacy

SEPTEMBER 1, 2020

Not disclosing, subject to specified exceptions, a consumer’s genetic data to certain entities ( e.g. , those responsible for making decisions regarding health insurance, life insurance or employment). Violations of the Act are subject to civil penalties. Department of Health and Human Services pursuant to HIPAA and the HITECH Act.

Privacy 85

Privacy Insurance Marketing Information governance 85

Hunton Privacy

OCTOBER 15, 2021

Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC, over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents.

Data breaches 103

Data breaches Privacy Insurance Information Security 103

Hunton Privacy

JANUARY 26, 2018

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification divides personal information into two categories: personal information and sensitive personal information.

Information Security 48

Information Security Security Privacy Personal data 48

IT Governance

DECEMBER 14, 2021

This approach, also known as managed cyber security, works by outsourcing cyber security to a third party. Organisations such as IT Governance that offer cyber security as a service assign dedicated experts to oversee the organisation’s data protection and data privacy needs. You’ll receive cyber insurance cover ?.

Security 131

Security Insurance Data breaches Information Security 131

Hunton Privacy

FEBRUARY 29, 2024

Finally, the investigation indicated that GRBH violated the HIPAA Privacy Rule by failing to meet the requirement not to use or disclose PHI except as permitted by the Rule.

Ransomware 111

Ransomware Personal data Risk Privacy 111

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

Hunton Privacy

FEBRUARY 22, 2017

million as part of a settlement with the New Jersey Division of Consumer Affairs (the “Division”) regarding allegations that Horizon did not adequately protect the privacy of nearly 690,000 policyholders. On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey (“Horizon”) agreed to pay $1.1

Insurance 45

Insurance Privacy Encryption Passwords 45

Hunton Privacy

FEBRUARY 21, 2024

Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) and the National Institute of Standards and Technology (“NIST”) published a final version of Special Publication 800-66 Revision 2, “Implementing the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule: A Cybersecurity Resource Guide.”

Cybersecurity 52

Cybersecurity Insurance Risk Information Security 52

Hunton Privacy

DECEMBER 16, 2022

The FTC emphasized that the tool is meant to provide general guidance about potential compliance obligations and cannot substitute for personalized legal advice.

Compliance 108

Compliance Insurance Privacy Access 108

Hunton Privacy

SEPTEMBER 21, 2023

The Act aims to close a loophole in the California Consumer Privacy Act (“CCPA”) that allows consumers to request that data brokers delete personal information obtained directly from the consumer, but does not require data brokers to delete personal information obtained from other sources.

Insurance 69

Insurance Personal data Sales Compliance 69

Krebs on Security

JULY 21, 2023

But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. Schreider said while Datos Insights focuses mostly on the financial and insurance industries, a recent Datos survey echoes the IANS findings from last year.

Security 207

Security Risk Insurance Cybersecurity 207

IT Governance

OCTOBER 31, 2023

Incident details: A security vulnerability in a third party left personal data exposed of thousands of motorists who had their vehicle towed on behalf of the An Garda Síochána. Records breached: 512,000 documents, with details of insurance investigations, vehicle registration certificates, notices of car seizures and payment card details.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

IT Governance

NOVEMBER 20, 2023

Rackspace ransomware recovery has cost $11 million so far Rackspace has told the SEC that recovering from a ransomware attack last December has cost it $11 million in remediation so far – although half of that amount has been covered by insurance. That’s it for this week’s round-up. We hope you found it useful.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Data Matters

MARCH 26, 2020

cybersecurity and cyber risk insurance issues. Key topics to include: Key cybersecurity risks arising from remote and home working, weakening of information governance controls, and phishing/scams focused on COVID-19 anxieties. Vishnu Shankar – Senior Associate, Privacy and Cybersecurity, Sidley Austin LLP, London.

Cybersecurity 74

Cybersecurity Insurance Risk Privacy 74

Security Affairs

JUNE 2, 2023

In April, the non-profit health insurer Point32Health took systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to determine the extent of the incident. between June 2020 and present.

Ransomware 87

Ransomware Insurance Data breaches Cybersecurity 87

Information Governance Perspectives

MAY 10, 2020

In May of 2020 I was honored to speak at the MERv conference with John Frost of Box on the topic of Using Information Governance with a Privacy Compliance Plan as the Fulcrum for Data Privacy and Continuous Compliance. Privacy makes data governance ethical and tangible, and compliance leaders understand that.

Compliance 52

Compliance Information governance Privacy Data Privacy 52

IG Guru

AUGUST 12, 2021

Rafael is a well-respected Information Governance Professional (IGP), Certified Records Manager (CRM), and Certified Information Privacy Manager (CIPM). Abby is a California trial attorney for State Farm Mutual Automobile Insurance Company. Both of their bios are available in the book. The book […].

Records Management 94

Records Management Information governance Insurance Privacy 94

The Last Watchdog

APRIL 3, 2019

Its customer base is comprised of eight of the top 15 banks, four of the top six healthcare insurance and managed care providers, nine of the top 15 property and casualty insurance providers, five of the top 13 pharmaceutical companies, and 11 of the largest 15 federal agencies.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

Hunton Privacy

AUGUST 2, 2021

The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks. New Breach Notification Requirements (HB 5310).

Cybersecurity 87

Cybersecurity Insurance Military Data Privacy 87

DLA Piper Privacy Matters

AUGUST 23, 2021

In good news for organisations handling personal information, China’s Personal Information Protection Law (“ PIPL ”) was finalised on 20 August 2021, and will come into force on 1 November 2021. In this regard, notified consent remains the primary (if not sole) basis for processing of personal information.

Data Privacy 111

Data Privacy Privacy Compliance Analytics 111