To date, six states from Michigan to Alabama have adopted versions of the National Association of Insurance Commissioner’s model insurance data security law (the “NAIC model”). The NAIC model generally requires entities...more
On January 10, 2019, Massachusetts Governor Charlie Baker signed House Bill No. 4806 into law. The bill amends certain provisions of the state data breach notification law, increasing reporting requirements on a person or...more
On March 1, 2017 the cybersecurity regulation of the New York Department of Financial Services (the “DFS Regulation”) took effect, requiring subject financial institutions, including insurance companies, (“Covered Entities”)...more
As an early stage or startup InsurTech, you’re highly focused on all the right things: identifying a challenge for the insurance industry, developing an innovative technical solution, making it practical and scalable, getting...more
Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) will impose new privacy obligations on certain businesses that collect personal information of California consumers. Employers with employees...more
Effective January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) will impose new privacy obligations on certain businesses that collect personal information of residents of California and are responsible for...more
On March 20, 2019, the Joint Committee on Government Administration and Elections (the “Joint Committee”) introduced An Act Concerning Consumer Privacy, Raised Bill No. 1108. The Bill is essentially a reprinting of the...more
As we’ve been predicting, the Cybersecurity Regulation adopted by the NY DFS for insurance, banking and other financial services continues to drive the conversation in the U.S. The latest manifestation is the FTC proposal,...more
As reported in our last newsletter, California has enacted a game-changer in the U.S. privacy regime. Concepts imported from the EU General Data Protection Regulation, such as the right to be forgotten, will be introduced to...more
In prior issues, we have reported on the various requirements imposed by the New York Department of Financial Services (the DFS) Cybersecurity Regulation (23 NYCRR 500) (the Regulation) on “Covered Entities,” which are...more
On January 10, 2019, Massachusetts Governor Baker signed “An Act relative to consumer protection from security breaches” (House Bill No. 4806), which added new requirements and obligations for companies that experience a data...more
Beginning on January 1, 2020, the California Consumer Privacy Act of 2018 (“CCPA”) will impose new privacy obligations on certain businesses that collect personal information of California consumers and are (or are jointly...more
On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”). Specifically, the Guidelines address...more
Locke Lord’s Insurance & Reinsurance Newsletter provides topical snapshots of recent developments in the fast-changing world of insurance. For further information on any of the subjects covered in the newsletter, please...more
On August 31, 2018, the California State Legislature passed Senate Bill 1121, amending the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA, which contains the broadest consumer data privacy protections in the...more
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
As reported on Locke Lord’s InsureReinsure blog, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on...more
As reported, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on the NAIC model. In doing so,...more
California may have again taken the privacy protection lead among U.S. jurisdictions with the Governor’s signing on June 28, 2018 of the California Consumer Privacy Act of 2018 (AB 375) (the “Act”). Privacy and security...more
7/6/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
General Data Protection Regulation (GDPR) ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Private Right of Action ,
State and Local Government
The NAIC adopted an Insurance Data Security Model Law.
On May 3, 2018, the South Carolina Governor made South Carolina the first state in the nation to adopt a comprehensive cybersecurity statute for the insurance industry,...more
Several of the new requirements of the New York State Department of Financial Services (DFS) Cybersecurity Regulation are now operative for firms and individuals engaged in financial services (including insurance companies...more
Following New York’s lead after the Department of Financial Services (the NYDFS) promulgated its Cybersecurity Regulation, in October 2017 the NAIC adopted its Insurance Data Security Model Law (the NAIC Model) to establish...more
As we reported here, March 1, 2018 brings a new transition date, with a new set of compliance obligations for Covered Entities subject to the Cybersecurity Regulation of the New York Department of Financial Services. By...more
As previously warned, February 15, 2018 is the first annual deadline for individuals and companies licensed or otherwise authorized under the New York Insurance, Banking and Financial Services laws (defined as Covered...more
A press release issued by the New York Department of Financial Services on January 22, 2018 reminds Covered Entities (including banks, insurers and producers, and others regulated by DFS) of their obligation to file a...more