Cyber fraud costs the financial services industry billions in losses each year and has been on the rise. Regulation has followed, creating risks of a different kind.
This timely webinar will walk through some of the latest...more
9/22/2022
/ Amended Rules ,
Best Practices ,
Consumer Financial Protection Bureau (CFPB) ,
Continuing Legal Education ,
Cyber Crimes ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Fraud ,
New Rules ,
NYDFS ,
Popular ,
Regulation S-ID ,
Regulation S-P ,
Risk Management ,
Rulemaking Process ,
Safeguards Rule ,
Webinars
The NAIC’s Privacy Protections Working Group has updated its work plan, planting two crops for its fall 2023 harvest: Time will tell what other seedlings catch the NAIC’s eye. The above dates, however, are subject to growing...more
More than 200 regulators and interested parties attended the NAIC’s Cybersecurity (H) Working Group’s first meeting of the year on March 23. The working group, made up of 23 states, co-chaired by Missouri and New York, is...more
It’s rainy season for proposed SEC cybersecurity rules. The first watershed was proposed regulations targeting investment companies’ and advisers’ cybersecurity preparedness. See “SEC Plants New Cybersecurity Regulations;...more
On March 9, the Securities and Exchange Commission (SEC) published a proposed rule, File No. S7-09-22, that would significantly impact public companies' cybersecurity reporting obligations. Among other things, the rule would...more
It’s planting season for the SEC, and among the seedlings is File Number S7-04-22, a proposed cybersecurity rule intended to increase regulation of advisers’ and investment companies’ cybersecurity preparedness. As currently...more
On February 9, 2022, U.S. Sens. Tammy Baldwin (D-Wis.) and Bill Cassidy (R-La.) introduced the “Health Data Use and Privacy Commission Act.” The bipartisan act, intended to modernize the Health Insurance Portability and...more
In September and October 2021 alone, the Federal Trade Commission, the New York State Department of Financial Services, and the Securities and Exchange Commission all signaled their plans for a cybersecurity squall....more
On November 18, calling frozen federal legislative efforts “an opportunity” for state insurance regulators to “update state privacy protections … and potentially forestall or mitigate the impacts of any preemptive federal...more
Many insurers contemplate using data from internet- connected devices, including wearables, for a deep dive into wearers’ lifestyles and invaluable insights for automated underwriting. Before diving into the deep end, there...more
On July 7, Colorado joined California and Virginia as the third state to pass comprehensive consumer privacy legislation. All three states have new privacy laws with effective dates in 2023 (though California’s Privacy Rights...more
The New York State Department of Financial Services (DFS) is continuing its focus on financial institutions’ cybersecurity, issuing new guidance, probing cybersecurity as part of routine examinations, and signaling increased...more
On June 2, 2021, President Biden issued a memorandum providing "recommended best practices" for protecting against ransomware. The memorandum urged corporate executives and business leaders to...more
As insurers consider new data from new sources and new means for consumer outreach, working through the privacy requirements is like navigating choppy waters. The various privacy regimes include...more
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain...more
Florida recently joined a small but growing number of states considering sweeping reforms to their data privacy and protection laws. House bill 969, titled “Consumer Data Privacy,” in many ways mirrors the California Consumer...more
2020 can rightfully be called the year for remote health care. Fueled by necessity and accompanying loosened regulations, telehealth and the demand for remote patient monitoring boomed. Signs that this progress is here to...more
The holidays came early for class action defendants in the Eleventh Circuit. Within just over a month, that court issued two decisions with potentially large consequences for data breach litigation in the Eleventh Circuit:...more
The California Consumer Privacy Act (CCPA) took effect on January 1, 2020, and brought with it a panoply of new legal obligations for many companies doing business with California residents. ...more
6/19/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Information Governance ,
Office of Administrative Law ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into telehealth. These adjustments have privacy implications. The following are...more
6/18/2020
/ California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
PHI ,
Remote Working ,
Risk Assessment ,
Telecommuting ,
Telehealth
There has been no lack of new guidance regarding health care cybersecurity in recent weeks. But the American Medical Association’s (AMA) newly released “Privacy Principles” is unique in its aim at entities involved in health...more
After a brief hiatus due to COVID-19, the NAIC’s Privacy Working Group returned to work on May 5 discussing comments received on the working group’s markup of the NAIC Insurance Information and Privacy Protection Model Act...more
As we’ve previously reported, COVID-19 has caused a surge in telehealth and has temporarily reduced the HIPAA Security Rule requirements placed on telehealth service providers. ...more
Thus far, telehealth breaches have been exceedingly rare, but as telehealth is increasingly used, telehealth data breaches and similar incidents may become more commonplace. Here are 10 steps for responding to a telehealth...more
5/4/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Data Breach ,
Hackers ,
Health Care Providers ,
HIPAA Breach ,
Incident Response Plans ,
Patient Access ,
Risk Assessment ,
State Data Breach Notification Statutes ,
Telehealth ,
Telemedicine
Last week, the American Medical Association (AMA) and the American Hospital Association (AHA), recognizing the increased cybersecurity threats facing health care providers, issued joint guidance for physicians working from...more
4/23/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Health Care Providers ,
Information Governance ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Vulnerability Assessments