Data Protection Report

JUNE 2, 2021

million settlement with two related insurance companies, relating to violations of two different requirements of the NYDFS cybersecurity regulation during the period 2018 to 2019. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. Affiliate #1 notified NYDFS on November 25, 2019.

Cybersecurity 71

Cybersecurity Insurance Financial Services Phishing 71

Hunton Privacy

NOVEMBER 13, 2023

On April 22, 2019, HHS began investigating DMS after receiving a breach notification indicating that DMS’ network server was infected by the Gandcrab ransomware in April 2017. DMS is a HIPAA business associate (“BA”) that provides payer credentialing and medical billing services to HIPAA Covered Entities (“CEs”).

Ransomware 72

Ransomware Risk Insurance Encryption 72

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance 40

Insurance Cybersecurity Data breaches Financial Services 40

The Last Watchdog

APRIL 30, 2019

I had the chance at RSA 2019 to visit with George Wrenn, founder and CEO of CyberSaint Security , a cybersecurity software firm that plays directly in this space. That could be for insurance purposes. “As The CSF is comprehensive and flexible; it can be tailored to fit a specific organization’s needs. Talk more soon.

Cybersecurity 173

Cybersecurity Insurance Security Privacy 173

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Part one covers January to June, and will be followed by part in the coming days.

Data breaches 55

Data breaches GDPR Passwords Personal data 55

Hunton Privacy

NOVEMBER 6, 2019

On November 5, 2019, the Berlin Commissioner for Data Protection and Freedom of Information (“the Berlin Commissioner,” Berliner Beauftragte für Datenschutz und Informationsfreiheit ) announced that it had imposed a fine of €14.5 After the inspection of 2017, Deutsche Wohnen SE improved its archiving system. GDPR Violation.

GDPR 79

GDPR Archiving Personal data Insurance 79

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. This post summarizes the highlights from this meeting. groups with non-U.S.

Insurance 66

Insurance Paper Risk Big data 66

The Last Watchdog

APRIL 3, 2019

I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this. SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. Users re-defined. Compliance matters. Public trust must be maintained.

Digital transformation 140

Digital transformation Insurance Compliance Healthcare 140

ARMA International

JANUARY 30, 2020

More than two years ago, in December 2017, the FTC also raised concerns about DTC genetic testing and encouraged consumers to be selective in choosing which DNA-testing companies to use. December 23, 2019. [2] December 20, 2019. [3] December 24, 2019. [4]. December 27, 2019. [5] December 27, 2019. [5]

Military 107

Military Privacy Risk Insurance 107

Data Protection Report

APRIL 22, 2021

On April 14, 2021, the New York Department of Financial Services (NYDFS) announced a $3 million settlement with insurance company National Securities Corp. Readers may recall that NYDFS’ cybersecurity regulation went into effect in March of 2017. The second incident occurred in March of 2019. NYDFS Cybersecurity Regulation.

Cybersecurity 94

Cybersecurity Financial Services Phishing Compliance 94

Data Protection Report

JANUARY 7, 2019

The two-year transitional period under the New York State Department of Financial Services (“DFS””) Cybersecurity Regulation , 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Third-party service provider risk management program. Additional guidance.

Cybersecurity 40

Cybersecurity Compliance Financial Services Risk 40

Data Matters

JUNE 24, 2021

On June 15, 2021, the SEC announced settled charges against First American Title Insurance Company (First American) for disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed sensitive customer information. SEC Statement and Guidance on Public Company Cybersecurity Disclosures.

Cybersecurity 66

Cybersecurity Financial Services Risk Compliance 66

Security Affairs

MAY 9, 2020

BEC attacks continue to threaten organizations worldwide, according to the last Internet Crime Complaint Center (IC3) report , the FBI recorded 23,775 BEC attacks in 2019 that resulted in an estimated US$1.77 SilverTerrier has been active since at least 2014, it is a collective of over hundreds of individual threat actors.

Government 67

Government Energy and Utilities Insurance Phishing 67

Data Matters

AUGUST 19, 2020

On July 21, 2020, the New York State Department of Financial Services (NYDFS or the Department) issued a statement of charges and notice of hearing (the Statement) against First American Title Insurance Company (First American) for violations of the Department’s Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.

Financial Services 66

Financial Services Cybersecurity Insurance Risk 66

Info Source

JANUARY 17, 2019

In the realm of enterprise automation, we saw AI emerge as an impactful technology promising significant automation gains – in 2017 AI gained traction in the IT department, and during 2018 we saw its entry into boardrooms. This requires not only transformation in IT strategy, but also in skills, recruitment and corporate attitudes.

Artificial Intelligence 40

Artificial Intelligence Digital transformation ECM Customer Experience 40

HL Chronicle of Data Protection

FEBRUARY 25, 2020

The NYDFS Regulation originally came into effect on March 1, 2017, and provided for a two-year implementation plan for companies to develop a robust cybersecurity program. The final phase of implementation ended March 1, 2019, after which Covered Entities were expected to be in full compliance with the Regulation’s various obligations.

Cybersecurity 104

Cybersecurity Financial Services Data breaches Insurance 104

The Last Watchdog

JANUARY 30, 2019

Turn the corner into 2019 and we find Citigroup, CapitalOne, Wells Fargo and HSBC Life Insurance among a host of firms hitting the crisis button after their customers’ records turned up on a database of some 24 million financial and banking documents found parked on an Internet-accessible server — without so much as password protection.

Risk 147

Risk Financial Services Insurance Cybersecurity 147

Hunton Privacy

JULY 24, 2020

On Wednesday, July 22, the New York Department of Financial Services (the “NYDFS”) announced that it had filed administrative charges against First American Title Insurance Co. under the NYDFS Cybersecurity Regulation , marking the agency’s first enforcement action since the rules went into effect in March 2017. NYCRR 500.14(b):

Cybersecurity 85

Cybersecurity Risk Financial Services Insurance 85

IT Governance

MAY 2, 2019

A third of businesses and a fifth of charities were hit by a cyber attack or data breach in the past year, the UK government’s Cyber Security Breaches Survey 2019 has found. More medium-sized (31% vs 19%) and large businesses (35% vs 24%) have invested in cyber insurance. Demonstrate your GDPR compliance with our documentation toolkit.

Data breaches 56

Data breaches GDPR IT Compliance 56

Hunton Privacy

APRIL 27, 2017

Earlier this month, the New York State Department of Financial Services (“NYDFS”) recently published FAQs and key dates for its cybersecurity regulation (the “NYDFS Regulation”) for financial institutions that became effective on March 1, 2017. September 27, 2017 – the initial 30-day period for filing Notices of Exemption ends.

Cybersecurity 53

Cybersecurity Compliance Financial Services Insurance 53

Hunton Privacy

JANUARY 16, 2021

million civil monetary penalty imposed by the Department of Health and Human Services’ Office for Civil Rights (“OCR”) in 2017 against the University of Texas M.D. The United States Court of Appeals for the Fifth Circuit recently vacated a $4.3 Anderson Cancer Center (“MD Anderson”). Read the court’s holding here.

Encryption 71

Encryption Privacy Insurance Security 71

Data Matters

AUGUST 24, 2018

The National Association of Insurance Commissioners (NAIC) held its Summer 2018 National Meeting in Boston, Massachusetts, from August 4 to 7, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data . The NAIC is also considering insurers’ use of big data in underwriting life insurance products.

Insurance 60

Insurance Big data e-Delivery Risk 60

IT Governance

APRIL 10, 2019

I 2017 of 29 June 2017) amending the Act on the Federal Office for Information Security, Atomic Energy Act, Energy Industry Act, Social Insurance Code V and the Telecommunications Act. Implementation status : Transposed, with Act 134 of 2017 and Government Decree 394/2017 (XII. Implementation status : In progress.

Compliance 52

Compliance Information Security Government Insurance 52

ARMA International

FEBRUARY 21, 2020

A company in Wisconsin had a “chipping party” in 2017 to implant microchips in some of its employees to make it easier for them to access the buildings and systems and to buy food in the company break room. [1]. Welcome to the Age of the Internet of Bodies. Benefits and Risks. Each type of IoB device brings with it benefits and risks.

Computer and Electronics 106

Computer and Electronics Privacy Artificial Intelligence IoT 106

Data Matters

MAY 9, 2019

The National Association of Insurance Commissioners (NAIC) held its Spring 2019 National Meeting (Spring Meeting) in Orlando, Florida, from April 6 to 9, 2019. The March 7, 2019, exposure drafts of the CFR Model Laws have been revised to address those comments as well as certain other comments received from interested parties.

Insurance 66

Insurance Blockchain Big data Risk 66

The Last Watchdog

APRIL 18, 2019

Related: Data breaches fuel fledgling cyber insurance market. I had the chance at RSA 2019 to meet with Syed Abdur, Brinqa’s director of products, who provided more background. Enterprises, especially, tend to be methodical and plodding. Digital transformation is all about high-velocity innovation and on-the-fly change.

Security 113

Security Digital transformation Risk Cloud 113

DLA Piper Privacy Matters

NOVEMBER 6, 2019

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR).

GDPR 98

GDPR Personal data Archiving Compliance 98

Data Matters

AUGUST 27, 2018

Looking ahead, Covered Entities will be required to meet one final compliance deadline for the NYDFS on March 1, 2019. By March 1, 2019, Covered Entities must have security policies in place that govern the security of third-party service providers and, by that deadline, must implement such written security policies.

Cybersecurity 60

Cybersecurity Compliance Encryption Risk 60

eDiscovery Daily

FEBRUARY 18, 2019

7, 2019) , Kansas Magistrate Judge James P. The plaintiff’s workers’ compensation claim was settled in January 2017. The plaintiff subsequently filed the suit in July 2017. In Stovall v. Brykan Legends, LLC, No. 17-2412-JWL (D. Judge’s Ruling.

e-Discovery 43

e-Discovery Computer and Electronics Insurance Education 43

Data Matters

OCTOBER 2, 2019

Part 2 (“Part 2”) regulations that place restrictive conditions on the disclosure of SUD patient records—limitations that go above and beyond Health Insurance Portability and Accountability Act (“HIPAA”) restrictions. HHS revised the Part 2 rules in 2017 and made further modifications in 2018.)

Privacy 66

Privacy Insurance IT 66

Info Source

MARCH 6, 2019

March 6, 2019 – ABBYY, a global leader in enterprise content IQ technologies and solutions, today announced it achieved 15% revenue growth in 2018, building upon the momentum from an exceptional 2017. MILPITAS, Calif., ABBYY’s ability to deliver content IQ skills for the new digital workforce was one of the key growth drivers.

Unstructured data 49

Unstructured data Digital transformation Marketing Financial Services 49

IT Governance

JULY 17, 2019

On 19 March 2019, the aluminium producer Norsk Hydro’s systems were infected with ransomware , but instead of acquiescing to the criminals’ demands, the organisation turned to its incident response procedure. Norsk wiped its systems and restored clean versions from backups, knowing that its cyber insurance policy would help cover the costs.

Data breaches 57

Data breaches Ransomware Insurance Security 57

ARMA International

AUGUST 2, 2019

On July 22, 2019, the Federal Trade Commission (FTC) announced that it had reached a proposed settlement. with Equifax in connection with a 2017 data breach that exposed sensitive, personal data of around 147 million people. Equifax agreed to pay between $575 million and $700 million in total. See [link].

Cloud 41

Cloud Data breaches Encryption Access 41

eSecurity Planet

FEBRUARY 16, 2021

The internet is fraught with peril these days, but nothing strikes more fear into users and IT security pros than the threat of ransomware. A ransomware attack is about as bad as a cyber attack can get. Here, then, is a comprehensive look at ransomware, what it is, how to prevent it, and what to do if you become one of its unfortunate victims.

Ransomware 97

Ransomware Encryption Insurance Cloud 97

Data Matters

JANUARY 2, 2018

In November 2017, the Supreme Court heard oral arguments in Carpenter v. The General Court of the EU is now considering the validity of the Privacy Shield in a case brought by La Quadrature du Net and others (with a second case brought by Digital Rights Ireland being dismissed for lack of standing in November 2017). persons.

Privacy 66

Privacy Cybersecurity Data breaches GDPR 66

eDiscovery Daily

APRIL 7, 2019

Janik begins his article by referencing the DLA Piper NotPetya ransomware attack in 2017, as follows: “Imagine it’s a usual Tuesday morning, and coffee in hand you stroll into your office. A recent American Bar Association report stated that 22% of law firms reported a cyberattack or data breach in 2017, up from 14% the year before.

Data breaches 57

Data breaches Cybersecurity e-Discovery Computer and Electronics 57

HL Chronicle of Data Protection

MAY 29, 2019

Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, particularly regarding the competence, tasks, and powers of data protection authorities (12.3.2019) – The EDPB confirmed that where the ePD provides for a more specific rule than the GDPR, the specific rule will prevail. More details in this blog post.

GDPR 40

GDPR Personal data Privacy Information architecture 40