On February 26, 2024, the Connecticut Insurance Department (the CID) adopted Bulletin No. MC-25 on the “Use of Artificial Intelligence Systems in Insurance” (Connecticut Bulletin). This Connecticut Bulletin is similar to the...more
3/15/2024
/ Artificial Intelligence ,
Compliance ,
Corporate Governance ,
Insurance Industry ,
Model Rules ,
NAIC ,
NIST ,
Popular ,
Regulatory Oversight ,
Risk Management ,
State Insurance Administrations
On November 1, 2023, the New York Department of Financial Services (NY DFS) published its highly anticipated final amendments to its influential cybersecurity requirements for financial services companies (Part 500)....more
11/15/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Final Rules ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
NYDFS ,
Policies and Procedures ,
Risk Assessment ,
Risk Management ,
State Data Breach Notification Statutes
The Colorado Division of Insurance (CDI) adopted a new regulation on September 21, 2023 (Final Regulation) establishing requirements governing the use of external consumer data and information sources (ECDIS), as well as...more
10/2/2023
/ Algorithms ,
Anti-Discrimination Policies ,
Artificial Intelligence ,
Big Data ,
Casualty Insurance ,
Department of Insurance ,
Final Rules ,
Insurance Industry ,
Life Insurance ,
Predictive Analytics ,
Property Insurance ,
Proposed Legislation ,
Proposed Regulation ,
Risk Management
On July 17, 2023, the Innovation, Cybersecurity and Technology (H) Committee of the National Association of Insurance Commissioners (NAIC) released for comment a highly anticipated model bulletin (Model Bulletin) on...more
7/27/2023
/ Artificial Intelligence ,
Casualty Insurance ,
Comment Period ,
Corporate Governance ,
Insurance Industry ,
Model Forms ,
NAIC ,
Property Insurance ,
Regulatory Oversight ,
Request For Information ,
Risk Management ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
On May 26, 2023, the Colorado Division of Insurance (CDI) exposed, for public review and comment, a significantly revised draft of its proposed regulation (the Revised Draft Reg.) addressing the governance and risk management...more
On February 1, 2023, the Colorado Division of Insurance (CDI) released a draft of the first of several regulations to implement S.B. 21-169, Colorado’s 2021 law prohibiting insurers from using external consumer data and...more
On January 26, 2023, the National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (AI RMF or Framework.) The AI RMF is a resource for organizations designing, developing, deploying, or...more
The Securities and Exchange Commission (SEC) has joined a host of other regulators in doubling down on efforts to protect against the rapidly intensifying cyber threats - with important implications for all SEC-registered...more
While many breathed a sigh of relief when the California legislature provided only a limited private right of action for data breaches under its sweeping new privacy law - the California Consumer Privacy Act (CCPA) -...more
9/5/2019
/ Arbitration ,
California Consumer Privacy Act (CCPA) ,
Civil Code ,
Consumer Privacy Rights ,
Data Breach ,
Enforcement Authority ,
Federal Arbitration Act ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Risk Management ,
Statutory Damages ,
Unfair Competition Law (UCL)
On May 17, 2017, the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) published a Risk Alert regarding the “WannaCry” ransomware worm that infected hundreds of thousands...more
On October 19, 2016, the three major federal banking regulators announced a joint advance notice of proposed rulemaking (ANPR) for enhanced cyber risk management standards (Enhanced Standards) for large and interconnected...more