On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”). Specifically, the Guidelines address...more
On August 31, 2018, the California State Legislature passed Senate Bill 1121, amending the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA, which contains the broadest consumer data privacy protections in the...more
The New York Department of Financial Services (NYDFS) blazed a cybersecurity trail with its 2017 regulation for the protection of information collected and processed in, and systems used in the operation of, the financial...more
As reported on Locke Lord’s InsureReinsure blog, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on...more
As reported, the NAIC adopted a model law for the protection of the data and systems used by the insurance industry, and South Carolina became the first state to enact legislation based on the NAIC model. In doing so,...more
The NAIC adopted an Insurance Data Security Model Law.
On May 3, 2018, the South Carolina Governor made South Carolina the first state in the nation to adopt a comprehensive cybersecurity statute for the insurance industry,...more
Several of the new requirements of the New York State Department of Financial Services (DFS) Cybersecurity Regulation are now operative for firms and individuals engaged in financial services (including insurance companies...more
Following New York’s lead after the Department of Financial Services (the NYDFS) promulgated its Cybersecurity Regulation, in October 2017 the NAIC adopted its Insurance Data Security Model Law (the NAIC Model) to establish...more
As previously warned, February 15, 2018 is the first annual deadline for individuals and companies licensed or otherwise authorized under the New York Insurance, Banking and Financial Services laws (defined as Covered...more
A press release issued by the New York Department of Financial Services on January 22, 2018 reminds Covered Entities (including banks, insurers and producers, and others regulated by DFS) of their obligation to file a...more
Insurers and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation, but for...more
The financial services industry has been dealing with requirements for cybersecurity since 1999, but 2017 brought new, significant, and proliferating obligations. The bar for the whole industry was clearly raised by the...more
New York’s cybersecurity regulation that went into effect in March has far reaching implications. The first transition date for implementation of several requirements of the state’s Department of Financial Services regulation...more
Based largely on the NY DFS Cybersecurity Regulation that became effective March 1, 2017, the NAIC has adopted a Model Cybersecurity Law that would, once adopted by the various states, establish significant requirements for...more
10/26/2017
/ Banking Sector ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Financial Institutions ,
Financial Services Industry ,
Insurance Industry ,
NAIC ,
NYDFS ,
Popular ,
Risk Management
October 30, 2017 is the extended deadline for most Covered Entities claiming an exemption to file the Notice of Exemption required by the NY DFS Cybersecurity Regulation (23 NYCRR 500.19(e)). The filing deadline is 30 days...more
Insurance companies and producers, banks, lenders and others licensed by the New York Department of Financial Services (DFS) have already had to comply with several of the requirements of the new DFS Cybersecurity Regulation,...more
With the compliance date only a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action immediately to comply with the coming cybersecurity requirements, which will be more...more
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start taking action in response to coming cybersecurity requirements, which will be more onerous and difficult...more
New York’s Cybersecurity Requirements for DFS Licensees: A New Item at the Top of the To Do List -
With a compliance date a few months away, licensees of the New York Department of Financial Services (DFS) must start...more
1/30/2017
/ Banks ,
Cybersecurity ,
Department of Energy (DOE) ,
Department of Financial Services ,
Department of Homeland Security (DHS) ,
Food and Drug Administration (FDA) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Internet of Things ,
Medical Devices ,
NIST ,
Personally Identifiable Information ,
Popular ,
Ransomware
The European Parliament, the Council and the Commission have agreed on the first EU-wide legislation on cybersecurity. Under the new measure, internet companies such as Google, Amazon, eBay and Cisco, but not social...more
DFS identified several areas that would be the subject of specific requirements in the potential regulations. These include requirements for (i) cyber security policies and procedures, (ii) third-party service provider...more
On October 14, 2015, the NAIC’s Cybersecurity (EX) Task Force adopted a Cybersecurity Bill of Rights, an aspirational, well-intended document outlining the rights insurance consumers should (or could? or might? this point...more
The National Association of Insurance Commissioners (“NAIC”) is all over cybersecurity. On April 16, 2015, as a part of its aggressive work plan to help the insurance sector come up with an effective cybersecurity framework...more