After years of development work, the National Association of Insurance Commissioners’ Privacy Protections Working Group’s efforts are again caught in a windstorm. ...more
On September 4, the California Privacy Protection Agency, the agency responsible for enforcing the California Consumer Privacy Act (CCPA), issued an enforcement advisory on “dark patterns” and their inability to constitute...more
On September 4, the California Privacy Protection Agency issued an enforcement advisory regarding “choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decision-making, or...more
Drivers, start your engines. It has been months of high speed for privacy, cybersecurity, and artificial intelligence....more
5/16/2024
/ Algorithms ,
Artificial Intelligence ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Security ,
Healthcare ,
Insurance Industry ,
Life Insurance ,
Machine Learning ,
NAIC ,
TCPA
Employers are gathering more and more data on job applicants and employees. From using artificial intelligence (”AI”) and credit scores for pre-employment screenings, biometrics for clocking-in and out, and digital...more
As the health care industry continues reeling from the recent Change Healthcare ransomware attack that crippled large portions of the U.S. health care system, health care providers are naturally reminded of the importance of...more
3/12/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
Popular
The National Association of Insurance Commissioners’ Privacy Working Group has been feverishly shuffling and re-dealing its new privacy model, but its luck may be running out....more
Generative AI has captured the public’s attention and promises to transform the way we live and work. The technology, however, implicates a number of important cybersecurity and privacy considerations for organizations. This...more
In April and May, the NAIC Privacy Protections Working Group held the first three of its biweekly calls to discuss its recipe for a new privacy model, “Insurance Consumer Privacy Protection Model Law #674.” During the...more
On June 6, 2023, Gov. Ron DeSantis signed S.B. 262 into law, adding Florida to the list of states passing new privacy laws this year. While much of S.B. 262 will only impact companies with annual revenues of more than $1...more
The first round on the Insurance Consumer Privacy Protection Model Law (#674) started on March 21 as the NAIC’s Privacy Protections Working Group (PPWG) held its first open meeting to discuss the draft privacy model. The...more
Website technologies (such as cookies, session-replay software, and other tools) are fueling a rise in privacy class actions and drawing regulators’ scrutiny. Plaintiffs’ attorneys are pursuing these claims under a variety of...more
On February 1, the NAIC’s Privacy Working Group’s new privacy model germinated. After months of development, the exposure draft, titled “Insurance Consumer Privacy Protection Model Law #674” (Proposed Model), has finally...more
Website tracking technologies have become ubiquitous as a means for companies to monitor traffic to their websites and enhance the user experience. Class actions alleging insufficient notice and consent related to those same...more
On February 9, 2022, U.S. Sens. Tammy Baldwin (D-Wis.) and Bill Cassidy (R-La.) introduced the “Health Data Use and Privacy Commission Act.” The bipartisan act, intended to modernize the Health Insurance Portability and...more
In September and October 2021 alone, the Federal Trade Commission, the New York State Department of Financial Services, and the Securities and Exchange Commission all signaled their plans for a cybersecurity squall....more
On November 18, calling frozen federal legislative efforts “an opportunity” for state insurance regulators to “update state privacy protections … and potentially forestall or mitigate the impacts of any preemptive federal...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain...more
Florida recently joined a small but growing number of states considering sweeping reforms to their data privacy and protection laws. House bill 969, titled “Consumer Data Privacy,” in many ways mirrors the California Consumer...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, and brought with it a panoply of new legal obligations for many companies doing business with California residents. ...more
6/19/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into telehealth. These adjustments have privacy implications. The following are...more
6/18/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Remote Working ,
Risk Assessment ,
Telecommuting ,
Telehealth
After a brief hiatus due to COVID-19, the NAIC’s Privacy Working Group returned to work on May 5 discussing comments received on the working group’s markup of the NAIC Insurance Information and Privacy Protection Model Act...more
As we’ve previously reported, COVID-19 has caused a surge in telehealth and has temporarily reduced the HIPAA Security Rule requirements placed on telehealth service providers. ...more
It starts inconspicuously enough with an email. You’re busy, so without thinking, you quickly open it and view the attachment. You may have just compromised the security of your entire company and the privacy of every...more
2/5/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Hackers ,
Personally Identifiable Information ,
Ransomware ,
Risk Management