On February 15, many insurance companies, producers and others with New York DFS licenses and other authorizations (except for certain entities and employees who have filed for an exemption) will need to file a compliance...more
Insurers and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation, but for...more
The financial services industry has been dealing with requirements for cybersecurity since 1999, but 2017 brought new, significant, and proliferating obligations. The bar for the whole industry was clearly raised by the...more
New York’s cybersecurity regulation that went into effect in March has far reaching implications. The first transition date for implementation of several requirements of the state’s Department of Financial Services regulation...more
Based largely on the NY DFS Cybersecurity Regulation that became effective March 1, 2017, the NAIC has adopted a Model Cybersecurity Law that would, once adopted by the various states, establish significant requirements for...more
10/26/2017
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Risk Management
October 30, 2017 is the extended deadline for most Covered Entities claiming an exemption to file the Notice of Exemption required by the NY DFS Cybersecurity Regulation (23 NYCRR 500.19(e)). The filing deadline is 30 days...more
Insurance companies and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation,...more
With the compliance date only a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action immediately to comply with the coming cybersecurity requirements, which will be more...more
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action in response to coming cybersecurity requirements, which will be more onerous and difficult...more
New Corporate Governance Annual Disclosure Requirements for Connecticut Insurers to Take Effect in 2017 -
A recently enacted Connecticut statute intended to compel insurance companies to improve their corporate...more
A recently enacted Connecticut statute intended to compel insurance companies to improve their corporate governance will impose significant new obligations on Connecticut domestic insurers, and their holding companies....more
New York’s Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To Do List -
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start...more
1/30/2017
/ Banks ,
Cybersecurity ,
Department of Energy (DOE) ,
Department of Financial Services ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Medical Devices ,
NIST ,
Personally Identifiable Information ,
Popular ,
Ransomware
The New York State Department of Financial Services promulgated proposed cyber security requirements to respond to “the ever-growing threat posed to information and financial systems by nation-states, terrorist organizations...more
What seems like a long time ago now, in 2011 PricewaterhouseCoopers (PwC) warned that “there is no question that law firms are among the companies being targeted by cyber criminals.” Despite this, many law firms believed (or...more
Early this month, the NAIC Cybersecurity (EX) Task Force released a preliminary working and discussion draft of an Insurance Data Security Model Law. While praise worthy in its effort to provide uniformity for data security...more
Rhode Island recently amended its 10-year-old Identity Theft Protection Act effective June 26, 2016, further defining and refining existing data security and breach notification requirements, and adding a requirement to...more
The European Parliament, the Council and the Commission have agreed on the first EU-wide legislation on cybersecurity. Under the new measure, internet companies such as Google, Amazon, eBay and Cisco, but not social...more
On December 4, 2015, President Obama signed the Highway Bill, dubbed Fixing America’s Surface Transportation Act (“FAST Act”), into law. Buried in the 490 page transportation law is a significant amendment to the...more
DFS identified several areas that would be the subject of specific requirements in the potential regulations. These include requirements for (i) cyber security policies and procedures, (ii) third-party service provider...more
On October 14, 2015, the NAIC’s Cybersecurity (EX) Task Force adopted a Cybersecurity Bill of Rights, an aspirational, well-intended document outlining the rights insurance consumers should (or could? or might? this point...more
Following the landmark judgment of the CJEU on 6 October 2015, which declared the U.S.-EU Safe Harbor scheme invalid and allowed national supervisory authorities to evaluate whether an adequate level of protection is provided...more
Last week, an NAIC task force moved forward in recommending a cybersecurity “bill of rights” that insurance regulators could provide consumers, essentially creating an expectation of notice of a breach “never more than 60...more
As anticipated by our earlier article (published on October 2, 2015) “EU U.S. Data Protection: The Safe Harbor Framework Under Attack”, Europe’s highest court, the Court of Justice of the European Union (CJEU), has followed...more
10/8/2015
/ Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Commission ,
European Court of Justice (ECJ) ,
European Economic Area (EEA) ,
Facebook ,
International Data Transfers ,
Ireland ,
Schrems I & Schrems II ,
US-EU Safe Harbor Framework
Retail Tracking Update: Privacy Guidance Following Nomi Technologies
- There is currently a widespread effort to quantify everything, from steps, to sleep, to batted ball exit velocity. Fifteen years ago, TV host Jeremy...more
7/31/2015
/ Breach Notification Rule ,
Canada ,
Confidential Information ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
EU ,
Facebook ,
FOIA ,
Hong Kong ,
Identity Theft ,
Notification Requirements ,
Online Safety for Children ,
PCPD ,
Personal Data ,
PIPEDA ,
Power Grid ,
Retail Tracking ,
Risk Assessment ,
Standing ,
Telecommunications ,
Turkey ,
UNCITRAL
Nevada and Connecticut recently enacted amendments to breach notification and data security requirements that are relatively unique among existing state laws, thus imposing new compliance obligations upon companies doing...more