2023 New Data Privacy Requirements
Hinshaw Insurance Law TV – Cybersecurity Part One: Data Breach Notification
Law Brief: The Requirements of the SHIELD Act and Other Recommendations for Virtual Business Operations
CF on Cyber: Leveraging the Incident Response Guide to Prepare for the CCPA
II-31- The Changing 9 to 5 From 1980 to Today
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
In April, Kentucky (HB 474) and Maryland (SB 207) adopted insurance data security legislation based on the National Association of Insurance Commissioners (NAIC) model law. A total of 15 states have adopted the NAIC Model...more
On July 15, 2021, Wisconsin Governor Tony Evers signed Act 73 (Act) into law, making Wisconsin the latest state to adopt the National Association of Insurance Commissioner's (NAIC) model cybersecurity law. Most recently, Iowa...more
Covered entities received two cybersecurity wake up calls from insurance regulators this month. As we have reported, the New York State Department of Financial Services (DFS) issued its long-awaited first cyber enforcement...more
Virginia has a new law, the Insurance Data Security Act (New Law), going into effect on July 1, 2020, which will expand the data security and incident notification requirements on insurers licensed in the Commonwealth. The...more
Whether in connection with their marketing programs or other data-driven initiatives, nonprofit organizations are becoming more reliant on the data of their customers. Those that are collecting consumer data need to be aware...more
Effective October 1, 2019, organizations providing health insurance and related services must notify the Maryland Insurance Administration as part of its breach notification requirements. In August 2019, the Maryland...more
Since July 1, 2019, Delaware, New Hampshire and Connecticut have enacted laws imposing new cybersecurity requirements on insurers. These laws follow similar statutes already operating in at least six other states: Alabama,...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Parliament's report on whether and how the use of blockchain technology can comply with the General Data Protection Regulation, as well as...more
On Aug. 29, 2019, the Maryland Insurance Administration (MIA) issued Bulletin 19-14. The purpose of the bulletin is to inform insurers, nonprofit health service plans, health maintenance organizations, managed care...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
South Carolina now has specific breach and security requirements for insurance companies. The law applies to those licensed under the state’s insurance laws and went into effect January 1. Under the law, companies must tell...more
In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance...more
The ramp-up of cybersecurity regulation, albeit in a patchwork fashion through state-level legislation, has begun. On May 18, 2018, South Carolina enacted the Insurance Data Security Act (Act), becoming the first state to...more
As of August 28, 2017, insurance companies, banks, and other financial services companies regulated by the New York Department of Financial Services (“DFS”) must comply with an initial wave of new cybersecurity requirements...more
The New York Department of Financial Services has proposed new cybersecurity regulations “designed to promote the protection of customer information as well as the information technology systems of regulated entities...more