Trying to plot the course for a data security plan in 2025 requires piecing together the maps of various cartographers and decoding each map’s legends and keys....more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) appears to have made cybersecurity its New Year’s resolution. The first few weeks of 2025 have already brought with them proposed amendments to...more
1/21/2025
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
OCR ,
Patient Privacy Rights ,
Risk Assessment
The California Privacy Protection Agency (CPPA), at its board meeting on November 8, 2024, voted 4–1 to advance proposed regulations to a formal rulemaking. As currently drafted, these regulations would, among other things...more
11/11/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Information ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Gone With the Wind?
Closed-End Funds Risk Extinction -
Shares of SEC-registered closed-end funds (CEFs) have long held significant potential advantages for some investors. For example, unlike shares of mutual funds...more
10/16/2024
/ Cybersecurity ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Federal Trade Commission (FTC) ,
Financial Industry Regulatory Authority (FINRA) ,
Insurance Regulations ,
Investment ,
Investment Adviser ,
Investment Management ,
Life Insurance ,
NAIC ,
Retirement Plan ,
Securities and Exchange Commission (SEC) ,
Securities Regulation ,
Social Media
On May 16, 2024, the SEC breathed new life into its decades-old Regulation S-P, which requires firms to adopt policies and procedures for the protection of customer information and records. The amended rule balloons the...more
10/10/2024
/ Broker-Dealer ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Collection ,
Disclosure Requirements ,
Incident Response Plans ,
Investment Adviser ,
Investment Companies ,
Proposed Rules ,
Regulation S-P ,
Reporting Requirements ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
Last Lap in SEC RILA Rulemaking Critical Unresolved Issues -
Congress directed the SEC to adopt a new registration statement for registered indexed annuities (RILAs) by the end of June. Several months ago, the SEC...more
5/29/2024
/ Artificial Intelligence ,
Broker-Dealer ,
CFTC ,
Climate Change ,
Cybersecurity ,
Disability Discrimination ,
Disclosure Requirements ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Investment Adviser ,
Investment Management ,
Life Insurance ,
NAIC ,
NLRB ,
Private Equity ,
Private Funds ,
Private Placements ,
Proposed Legislation ,
Retirement Plan ,
Securities and Exchange Commission (SEC) ,
Settlement Agreements ,
Whistleblower Protection Policies ,
Whistleblowers
Drivers, start your engines. It has been months of high speed for privacy, cybersecurity, and artificial intelligence....more
5/16/2024
/ Algorithms ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Security ,
Healthcare ,
Insurance Industry ,
Life Insurance ,
Machine Learning ,
NAIC ,
TCPA
Employers are gathering more and more data on job applicants and employees. From using artificial intelligence (”AI”) and credit scores for pre-employment screenings, biometrics for clocking-in and out, and digital...more
As the health care industry continues reeling from the recent Change Healthcare ransomware attack that crippled large portions of the U.S. health care system, health care providers are naturally reminded of the importance of...more
3/12/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
Popular
Step right up as we discuss some of 2023’s most notable cybersecurity and privacy regulatory and litigation developments and tips for keeping your program flying high. Regulatory Activity New regulatory requirements now in...more
1/18/2024
/ Class Action ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Employee Benefits ,
Insurance Brokers ,
Investment Adviser ,
NAIC ,
Popular ,
Retirement Plan ,
Securities and Exchange Commission (SEC)
With generative AI becoming increasingly prevalent, businesses face a spectrum of opportunities, challenges, and risks. While some organizations have been quick to bring generative AI into the fold, the majority are still...more
As technologies like ChatGPT and other artificial intelligence tools have entered the mainstream, billions of individuals have used such tools for assistance with everyday tasks, both personal and professional. These tools,...more
Generative AI has captured the public’s attention and promises to transform the way we live and work. The technology, however, implicates a number of important cybersecurity and privacy considerations for organizations. This...more
On June 6, 2023, Gov. Ron DeSantis signed S.B. 262 into law, adding Florida to the list of states passing new privacy laws this year. While much of S.B. 262 will only impact companies with annual revenues of more than $1...more
Class action privacy litigation’s icy grip tightened around financial services providers in late 2022, and the forecast shows no signs of melting. The plaintiffs’ creeping application of old law to new technologies is...more
On February 1, the NAIC’s Privacy Working Group’s new privacy model germinated. After months of development, the exposure draft, titled “Insurance Consumer Privacy Protection Model Law #674” (Proposed Model), has finally...more
Website tracking technologies have become ubiquitous as a means for companies to monitor traffic to their websites and enhance the user experience. Class actions alleging insufficient notice and consent related to those same...more
More than 200 regulators and interested parties attended the NAIC’s Cybersecurity (H) Working Group’s first meeting of the year on March 23. The working group, made up of 23 states, co-chaired by Missouri and New York, is...more
It’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations;...more
On March 9, the Securities and Exchange Commission (SEC) published a proposed rule, File No. S7-09-22, that would significantly impact public companies' cybersecurity reporting obligations. Among other things, the rule would...more
It’s planting season for the SEC, and among the seedlings is File Number S7-04-22, a proposed cybersecurity rule intended to increase regulation of advisers’ and investment companies’ cybersecurity preparedness. As currently...more
In September and October 2021 alone, the Federal Trade Commission, the New York State Department of Financial Services, and the Securities and Exchange Commission all signaled their plans for a cybersecurity squall....more
On November 18, calling frozen federal legislative efforts “an opportunity” for state insurance regulators to “update state privacy protections … and potentially forestall or mitigate the impacts of any preemptive federal...more
Many insurers contemplate using data from internet- connected devices, including wearables, for a deep dive into wearers’ lifestyles and invaluable insights for automated underwriting. Before diving into the deep end, there...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more