In April and May, the NAIC Privacy Protections Working Group held the first three of its biweekly calls to discuss its recipe for a new privacy model, “Insurance Consumer Privacy Protection Model Law #674.” During the...more
On June 6, 2023, Gov. Ron DeSantis signed S.B. 262 into law, adding Florida to the list of states passing new privacy laws this year. While much of S.B. 262 will only impact companies with annual revenues of more than $1...more
For broker-dealers distributing and selling variable annuities, examinations will test for compliance with Reg BI and FINRA Rule 2330 because both standards apply to variable annuity sales. Firms distributing and selling...more
Website technologies run the gamut from session replay to pixels and other digital advertising technologies. These technologies are ubiquitous and deployed by organizations around the world to enhance the experience of...more
The first round on the Insurance Consumer Privacy Protection Model Law (#674) started on March 21 as the NAIC’s Privacy Protections Working Group (PPWG) held its first open meeting to discuss the draft privacy model. The...more
Website technologies (such as cookies, session-replay software, and other tools) are fueling a rise in privacy class actions and drawing regulators’ scrutiny. Plaintiffs’ attorneys are pursuing these claims under a variety of...more
Class action privacy litigation’s icy grip tightened around financial services providers in late 2022, and the forecast shows no signs of melting. The plaintiffs’ creeping application of old law to new technologies is...more
More than 25 years have elapsed since the SEC adopted Exchange Act Rule 17a-4(f) governing electronic recordkeeping by broker-dealers. In an effort to update the rule to reflect “technology neutral” concepts, the SEC adopted...more
On February 1, the NAIC’s Privacy Working Group’s new privacy model germinated. After months of development, the exposure draft, titled “Insurance Consumer Privacy Protection Model Law #674” (Proposed Model), has finally...more
Website tracking technologies have become ubiquitous as a means for companies to monitor traffic to their websites and enhance the user experience. Class actions alleging insufficient notice and consent related to those same...more
Lemonade Inc.’s recently proposed settlement of class action claims alleging that it failed to sufficiently disclose, and secure necessary consent for, its collection and use of biometric information is a prime example of the...more
Cyber fraud costs the financial services industry billions in losses each year and has been on the rise. Regulation has followed, creating risks of a different kind.
This timely webinar will walk through some of the latest...more
9/22/2022
/ Amended Rules ,
Best Practices ,
Consumer Financial Protection Bureau (CFPB) ,
Continuing Legal Education ,
Cyber Crimes ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Fraud ,
New Rules ,
NYDFS ,
Popular ,
Regulation S-ID ,
Regulation S-P ,
Risk Management ,
Rulemaking Process ,
Safeguards Rule ,
Webinars
The NAIC’s Privacy Protections Working Group has updated its work plan, planting two crops for its fall 2023 harvest: Time will tell what other seedlings catch the NAIC’s eye. The above dates, however, are subject to growing...more
More than 200 regulators and interested parties attended the NAIC’s Cybersecurity (H) Working Group’s first meeting of the year on March 23. The working group, made up of 23 states, co-chaired by Missouri and New York, is...more
It’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations;...more
On March 9, the Securities and Exchange Commission (SEC) published a proposed rule, File No. S7-09-22, that would significantly impact public companies' cybersecurity reporting obligations. Among other things, the rule would...more
It’s planting season for the SEC, and among the seedlings is File Number S7-04-22, a proposed cybersecurity rule intended to increase regulation of advisers’ and investment companies’ cybersecurity preparedness. As currently...more
On February 9, 2022, U.S. Sens. Tammy Baldwin (D-Wis.) and Bill Cassidy (R-La.) introduced the “Health Data Use and Privacy Commission Act.” The bipartisan act, intended to modernize the Health Insurance Portability and...more
In September and October 2021 alone, the Federal Trade Commission, the New York State Department of Financial Services, and the Securities and Exchange Commission all signaled their plans for a cybersecurity squall....more
On November 18, calling frozen federal legislative efforts “an opportunity” for state insurance regulators to “update state privacy protections … and potentially forestall or mitigate the impacts of any preemptive federal...more
Many insurers contemplate using data from internet- connected devices, including wearables, for a deep dive into wearers’ lifestyles and invaluable insights for automated underwriting. Before diving into the deep end, there...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
The New York State Department of Financial Services (DFS) is continuing its focus on financial institutions’ cybersecurity, issuing new guidance, probing cybersecurity as part of routine examinations, and signaling increased...more
On June 2, 2021, President Biden issued a memorandum providing "recommended best practices" for protecting against ransomware. The memorandum urged corporate executives and business leaders to...more
As insurers consider new data from new sources and new means for consumer outreach, working through the privacy requirements is like navigating choppy waters. The various privacy regimes include...more