As we’ve been predicting, the Cybersecurity Regulation adopted by the NY DFS for insurance, banking and other financial services continues to drive the conversation in the U.S. The latest manifestation is the FTC proposal,...more
On January 10, 2019, Massachusetts Governor Baker signed “An Act relative to consumer protection from security breaches” (House Bill No. 4806), which added new requirements and obligations for companies that experience a data...more
Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) will impose new privacy obligations on certain businesses that collect personal information of California consumers and are (or are jointly...more
On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”). Specifically, the Guidelines address...more
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
As reported on Locke Lord’s InsureReinsure blog, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on...more
California may have again taken the privacy protection lead among U.S. jurisdictions with the Governor’s signing on June 28, 2018 of the California Consumer Privacy Act of 2018 (AB 375) (the “Act”). Privacy and security...more
7/6/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
The NAIC adopted an Insurance Data Security Model Law.
On May 3, 2018, the South Carolina Governor made South Carolina the first state in the nation to adopt a comprehensive cybersecurity statute for the insurance industry,...more
Several of the new requirements of the New York State Department of Financial Services (DFS) Cybersecurity Regulation are now operative for firms and individuals engaged in financial services (including insurance companies...more
Following New York’s lead after the Department of Financial Services (the NYDFS) promulgated its Cybersecurity Regulation, in October 2017 the NAIC adopted its Insurance Data Security Model Law (the NAIC Model) to establish...more
As we reported here, March 1, 2018 brings a new transition date, with a new set of compliance obligations for Covered Entities subject to the Cybersecurity Regulation of the New York Department of Financial Services. By...more
As previously warned, February 15, 2018 is the first annual deadline for individuals and companies licensed or otherwise authorized under the New York Insurance, Banking and Financial Services laws (defined as Covered...more
A press release issued by the New York Department of Financial Services on January 22, 2018 reminds Covered Entities (including banks, insurers and producers, and others regulated by DFS) of their obligation to file a...more
Insurers and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation, but for...more
The financial services industry has been dealing with requirements for cybersecurity since 1999, but 2017 brought new, significant, and proliferating obligations. The bar for the whole industry was clearly raised by the...more
New York’s cybersecurity regulation that went into effect in March has far reaching implications. The first transition date for implementation of several requirements of the state’s Department of Financial Services regulation...more
Based largely on the NY DFS Cybersecurity Regulation that became effective March 1, 2017, the NAIC has adopted a Model Cybersecurity Law that would, once adopted by the various states, establish significant requirements for...more
10/26/2017
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Risk Management
With the compliance date only a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action immediately to comply with the coming cybersecurity requirements, which will be more...more
What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more
Rhode Island recently amended its 10-year-old Identity Theft Protection Act effective June 26, 2016, further defining and refining existing data security and breach notification requirements, and adding a requirement to...more
Retail Tracking Update: Privacy Guidance Following Nomi Technologies
- There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity. Fifteen years ago, TV host Jeremy...more
7/31/2015
/ Breach Notification Rule ,
Canada ,
Confidential Information ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
FOIA ,
Hong Kong ,
Identity Theft ,
Notification Requirements ,
Online Safety for Children ,
PCPD ,
Personal Data ,
PIPEDA ,
Power Grid ,
Retail Tracking ,
Risk Assessment ,
Standing ,
Telecommunications ,
Turkey ,
UNCITRAL
In this issue:
- THE THREE C’S — CONFIDENCE, CREDIBILITY AND COST
- WHO CONDUCTS THE INVESTIGATION?
- SCOPE OF THE INVESTIGATION
- MINDSET AT THE OUTSET OF AN INVESTIGATION
- THE NEED FOR...more
6/13/2015
/ Attorney-Client Privilege ,
Audits ,
Corporate Culture ,
Data Privacy ,
Data Protection ,
Document Review ,
Dodd-Frank ,
Foreign Affiliates ,
Foreign Language ,
Foreign Subsidiaries ,
Internal Investigations ,
Interviews ,
Multinationals ,
Privacy Concerns ,
Privilege Waivers ,
Reputation Management ,
Risk Assessment ,
Self-Reporting ,
Translations ,
Upjohn Warnings ,
Whistleblowers
Setting a new standard for encryption, New Jersey has enacted a new law (P.L. 2014, c. 88, codified at N.J. Stat. Ann. §§ 56:8-196 - 56:8-198) effective August 1, 2015, requiring health insurance carriers authorized to issue...more