Course, Data and Insurance - Information Management Today

France: Changes to insurability of cyber losses

DLA Piper Privacy Matters

MARCH 27, 2023

LOPMI introduces amendments to the insurability of losses and damages paid in response to cyber-attacks, including in relation to ransom payments – requiring that the payment of insurance compensation be conditional on the filing of a complaint, within a 72 hour time frame, to competent authorities.

Insurance

Insurance Risk Ransomware Cybersecurity

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance

Insurance Security Cybersecurity Data breaches

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. The Act defines licensees as persons authorized, registered, or licensed under Michigan insurance laws or required to be so. 6491 (Act). MCL § 500.550.

Insurance

Insurance Security Cybersecurity FOIA

Webinars

Launching LLM-Based Products: From Concept to Cash in 90 Days

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

FEBRUARY 25, 2021

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. sought coverage for expenses under its property insurance policy.

Insurance

Insurance Cybersecurity Risk Education

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

Effective October 1, 2021, an amendment [1] to the Connecticut General Statute concerning data privacy breaches, Section 36a-701b, will impact notification obligations in several significant ways. Required Identity Theft Prevention Services. HIPAA and HITECH Deemed Compliance. Additional Considerations for Businesses.

Data breaches

Data breaches IT Insurance Passwords

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Troy Hunt

NOVEMBER 14, 2023

Allegedly, Acuity had a data breach. That's the context that accompanied a massive trove of data that was sent to me 2 years ago now. It was only this week as I desperately tried to make some space to process yet more data that I realised why I was short on space in the first place: Ah, yeah - Acuity - that big blue 437GB blob.

Insurance

Insurance Data breaches Mining IT

Where data meets IP – Derivative data in M&A transactions

Data Protection Report

JANUARY 19, 2022

With the growth of the high-tech industry worldwide, it is no surprise that more and more transactions involve the transfer of rights to access or control data and derivative data. In our previous update we discussed protecting business data in a commercial context. Due diligence concerns.

Compliance

Compliance Access Personal data Risk

Data analytics – how should insurers look to the future?

CGI

SEPTEMBER 12, 2017

Data analytics – how should insurers look to the future? With a plethora of new data sources across the property and casualty (P&C) general insurance lifecycle now becoming available, how do insurers create an all-encompassing data analytics policy for the future? Tue, 09/12/2017 - 03:00.

Insurance

Insurance Analytics Risk IoT

PayPal notifies 34942 users of data breach over credential stuffing attack

Security Affairs

JANUARY 20, 2023

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. Then, they enter those accounts for the purpose of abusing permissions, siphoning out data, or both. ” said Gal. ” said Gal.

Data breaches

Data breaches Passwords Insurance Access

Experian South Africa discloses data breach, 24 million customers impacted

Security Affairs

AUGUST 20, 2020

The South African branch of consumer credit reporting agency Experian disclosed a data breach that impacted 24 million customers. The South African branch of consumer credit reporting agency Experian disclosed this week a data breach that impacted 24 million customers. ” reads the report. ” reads the report.

Data breaches

Data breaches Insurance Marketing Risk

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

At the start of this week, word got out that hackers claimed to have seized personal data for as many as 100 million T-Mobile patrons. Once more, a heavily protected enterprise network has been pillaged by data thieves. it’s notable that T-Mobile only learned about the breach when the data went up for sale.

Data breaches

Data breaches Authentication Access Personal data

$10,000,000 civil penalty for disclosing personal data without consent

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also requires that the company destroy personal data for which it had not received consent and to create a document retention and destruction policy.

Personal data

Personal data Privacy Information governance Compliance

India: New Digital Personal Data Protection Act, Start Planning Now.

DLA Piper Privacy Matters

SEPTEMBER 6, 2023

Authors: Carolyn Bigg, Gwyneth To and Rachel De Souza Start preparing now to comply with India’s new data protection law. The DPDP Act is India’s first comprehensive law on the protection of personal data and comes six years after the Supreme Court of India first declared a fundamental right to privacy in the Puttaswarmy case in 2017.

Personal data

Personal data GDPR Data breaches Compliance

Cyber Insurance: Not Just for Data Protection

Hunton Privacy

MARCH 21, 2014

President Obama’s Executive Order 13636 on Improving Critical Infrastructure Cybersecurity identified “insurance liability considerations” as an incentive that might improve security. Over the course of the year since the Executive Order was issued, there has been an increase in the marketing of cyber insurance products.

Insurance

Insurance Cybersecurity Marketing Risk

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. NYDFS: Setting a new bar for state cybersecurity regulation.

Insurance

Insurance Cybersecurity Data breaches Financial Services

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

MARCH 1, 2023

Welcome to our February 2023 list of data breaches and cyber attacks. It follows a mammoth start to the year, with more than 277 million breached records in January , and brings the running total for the year to over 300 million pieces of compromised personal data. You can find the full list of data breaches and cyber attacks below.

Data breaches

Data breaches Ransomware e-Delivery Government

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight Hathaway breached, 41.5 The compromised data allegedly includes names, email addresses and phone numbers.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

How to Decrypt Ransomware Files – And What to Do When That Fails

eSecurity Planet

OCTOBER 18, 2022

For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The best defense and the best option for recovery will always be the availability of sufficient, isolated data backups and a practiced restoration process. Free decryption tools don’t always work.

Ransomware

Ransomware Encryption Insurance Access

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Financial information, medical data, health reimbursements, postal addresses, telephone numbers and emails are not thought to have been compromised.

Data Privacy

Data Privacy Manufacturing Privacy Security

Insurers’ role will be critical in improving cybersecurity standards

CGI

AUGUST 31, 2016

Insurers’ role will be critical in improving cybersecurity standards. And, of course, our world is becoming increasingly digital in nature, with all kinds of services—from finance to health, energy and tax affairs—becoming digitally delivered. Wed, 08/31/2016 - 08:00.

Insurance

Insurance Cybersecurity Risk Marketing

Morrisons heads to the Supreme Court over data breach

IT Governance

APRIL 23, 2019

The Supreme Court has given Morrisons permission to appeal a ruling that found the supermarket liable for a data breach caused by a malicious insider. The information comprised names, addresses, gender, dates of birth, phone numbers, National Insurance numbers, bank details and salaries. Why have the courts found Morrisons liable?

Data breaches

Data breaches Insurance GDPR Compliance

Insurers’ digital focus is looking through the wrong ‘lens’

CGI

FEBRUARY 28, 2017

Insurers’ digital focus is looking through the wrong ‘lens’. Read any article on digital insurance and it seems to me that it is all about the insurers! Big data, fraud reduction, improved risk ratios, cross product customer engagement are common themes in the trade and advisor “blogsphere”. harini.kottees….

Insurance

Insurance Big data IoT Manufacturing

Regulatory Update: NAIC Summer 2021 National Meeting

Data Matters

SEPTEMBER 20, 2021

The National Association of Insurance Commissioners (NAIC) held its Summer 2021 National Meeting (Summer Meeting) August 14-17, 2021. Highlights include, among others, adoption of revised risk-based capital bond factors for life insurers, amendments to SSAP No. NAIC Adopts Revised Risk-Based Capital Bond Factors for Life Insurers.

Insurance

Insurance e-Delivery Paper Sales

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

IT Governance

DECEMBER 5, 2023

Data Breach Dashboard For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboard: Note: From this month, zero-day vulnerabilities are excluded from the ‘unpatched or misconfigured’ category. You’ll also be able to download this in the near future, along with the month’s data (and our sources).

Data breaches

Data breaches Ransomware Access Security

Inrupt’s Solid Announcement

Schneier on Security

NOVEMBER 13, 2020

Your data lives in a pod that is controlled by you. Data generated by your things — your computer, your phone, your IoT whatever — is written to your pod. Your data is no longer in a bazillion places on the Internet, controlled by you-have-no-idea-who. It’s yours. A few news articles.

IoT

IoT Insurance Access Government

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. This week, we’re taking a slightly different approach with the ‘publicly disclosed data breaches and cyber attacks’ category, presenting the most interesting data points in a table format.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

What Is Integrated Risk Management? Definition & Implementation

eSecurity Planet

APRIL 29, 2024

In our examples, the clothing brand secures a segregated design team with physical locks on the doors, extra computer security to prevent digital theft, and a backup solution for their marketing data. The design company will install surveillance cameras and data loss prevention (DLP) technology to monitor physical and digital theft attempts.

Risk

Risk Compliance Communications Insurance

Regulatory Update: NAIC Summer 2022 National Meeting

Data Matters

SEPTEMBER 7, 2022

The National Association of Insurance Commissioners (NAIC) held its Summer 2022 National Meeting (Summer Meeting) August 9–13, 2022. The Privacy Working Group has been reviewing state insurance privacy protections regarding the collection, ownership, use, and disclosure of information gathered in connection with insurance transactions.

Insurance

Insurance Paper Privacy Risk

China: Navigating China episode 18: Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation

DLA Piper Privacy Matters

JUNE 4, 2021

Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation. China is a leading marketing for connected and autonomous vehicles, and use and analytics of connected vehicle data has been encouraged by Chinese Government support of big data and AI technology.

Big data

Big data Compliance Personal data Insurance

Digital Customer Experience is becoming the deciding battlefield on the insurance landscape

CGI

FEBRUARY 28, 2018

Digital Customer Experience is becoming the deciding battlefield on the insurance landscape. Although the CDO today is more commonly used for your Chief Data Officer, with CX typically being owned by the Chief Customer Officer (CCO). p.butler@cgi.com. Wed, 02/28/2018 - 10:36.

Customer Experience

Customer Experience Insurance Artificial Intelligence Retail

Information Management in the Not-So-Distant Future of Health Care

AIIM

APRIL 12, 2022

If I’m not Zooming with my primary care provider, I’m swapping data with a specialist via a phone app or transmitting my blood pressure readings from my remote monitor to the disembodied nurse in my voicemail who chides me with messages if I miss a reading. Your symptoms will often be diagnosable from that data. Or so it seems.

Computer and Electronics

Computer and Electronics Insurance Marketing Paper

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

The Last Watchdog

JUNE 2, 2022

Big banks and insurance companies instilled the practice of requesting their third-party vendors to fill out increasingly bloated questionnaires, called bespoke assessments, which they then used as their sole basis for assessing third-party risk. It does this by ingesting and correlating data from a wide array of security-related datasets.

Security

Security Risk Digital transformation Insurance

A Cyber Insurance Backstop

Schneier on Security

FEBRUARY 28, 2024

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The 9/11 attacks cost insurers and reinsurers $47 billion. 11, 2001, terrorist attacks.

Insurance

Insurance Government Cybersecurity Risk

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. 45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. This article examines some of its key features. What does the PDPL cover and who does it apply to? Definitions.

Personal data

Personal data Data breaches GDPR Compliance

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

JANUARY 25, 2019

Sovrn , a company I still chair, has a similar mission, but with a serious data and tech focus. My current work is split between two projects: One has to do with data governance, the other political media. First, Data. Big data, data breaches, data mining, data science…Today, we’re all about the data.

Government

Government IT Marketing ROT

Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)

Data Protection Report

APRIL 2, 2020

In a judgment which will be warmly welcomed by employers (and their insurers) in the UK, the UK Supreme Court today overruled the Court of Appeal in holding that that Morrisons supermarkets is not vicariously liable for a data breach maliciously caused by a former employee.

Data breaches

Data breaches Insurance Risk Marketing

Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)

Data Protection Report

APRIL 1, 2020

In a judgment which will be warmly welcomed by employers (and their insurers) in the UK, the UK Supreme Court today overruled the Court of Appeal in holding that that Morrisons supermarkets is not vicariously liable for a data breach maliciously caused by a former employee.

Data breaches

Data breaches Insurance Risk Marketing

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Data Protection Report

FEBRUARY 23, 2023

AVs currently under development make sense of their surroundings and control vehicle operation through data gathered about the outside world. AVs and Personal Information AVs need to collect a significant amount of data to provide driver assistance and other features offered by the vehicle’s infotainment system.

Privacy

Privacy Manufacturing Artificial Intelligence Data collection

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

JANUARY 14, 2019

Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The overall damages that insurance firms would probably have to cover reach over $80bn. SecurityAffairs – Mondelez, cyber insurance). Pierluigi Paganini.

Insurance

Insurance Ransomware Sales Government

US banking regulators propose a rule for 36-hour notice of breach

Data Protection Report

JANUARY 5, 2021

The proposed rule would also affect companies that provide certain services to those banks, including data processing. The proposed regulation specifically includes as an example of a notification incident a “ransom malware attack that encrypts a core banking system or backup data.” Comments on the proposal.

Insurance

Insurance Paper Encryption Security

When Do You Need to Report a Data Breach?

Security Affairs

NOVEMBER 26, 2018

The way in which you respond to a data breach has a significant impact on how severe its consequences are. The number of data breaches that were tracked in the U.S. Most data breach laws deal with personal data, which is essentially any information that can be associated with a particular person.

Data breaches

Data breaches Personal data GDPR Cybersecurity

Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

Hunton Privacy

JUNE 6, 2019

Previously, OCITPA required any entity, public or private, that “owns, licenses, maintains, manages, collects, processes, acquires or otherwise possesses personal information” in the course of business to notify affected Oregon consumers as well as the Oregon Attorney General following a data breach.

Data breaches

Data breaches Insurance Authentication Compliance

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

Hunton Privacy

MARCH 25, 2020

The Spanish Data Protection Authority (the “AEPD”) recently published a report on data processing activities carried out by data controllers in the private and public sectors as a result of the spread of the COVID-19 virus (the “Report”). The Report then turns to legal bases for processing personal data in the COVID-19 context.

Personal data

Personal data GDPR Risk Insurance

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

KnowBe4

MARCH 28, 2023

You can upload your own SCORM training modules into your account for home workers Active Directory or SCIM integration to easily upload user data, eliminating the need to manually manage user changes Find out how 50,000+ organizations have mobilized their end-users as their human firewall. in exponential terms. back in 2020.

Phishing

Phishing Security awareness Insurance Cybersecurity

France: Changes to insurability of cyber losses

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Webinars

Trending Sources

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Webinars

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Connecticut Tightens its Data Breach Notification Laws

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Where data meets IP – Derivative data in M&A transactions

Data analytics – how should insurers look to the future?

PayPal notifies 34942 users of data breach over credential stuffing attack

Experian South Africa discloses data breach, 24 million customers impacted

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

$10,000,000 civil penalty for disclosing personal data without consent

India: New Digital Personal Data Protection Act, Start Planning Now.

Cyber Insurance: Not Just for Data Protection

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

How to Decrypt Ransomware Files – And What to Do When That Fails

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

Insurers’ role will be critical in improving cybersecurity standards

Morrisons heads to the Supreme Court over data breach

Insurers’ digital focus is looking through the wrong ‘lens’

Regulatory Update: NAIC Summer 2021 National Meeting

Data Breaches and Cyber Attacks in November 2023 – 519,111,354 Records Breached

Inrupt’s Solid Announcement

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

What Is Integrated Risk Management? Definition & Implementation

Regulatory Update: NAIC Summer 2022 National Meeting

China: Navigating China episode 18: Increased scrutiny over connected car and automobile industry data from Chinese regulators, including push towards data localisation

Digital Customer Experience is becoming the deciding battlefield on the insurance landscape

Information Management in the Not-So-Distant Future of Health Care

RSAC insights: How ‘TPRM’ can help shrink security skills gap — while protecting supply chains

A Cyber Insurance Backstop

UAE: Federal level data protection law enacted

Our Data Governance Is Broken. Let’s Reinvent It.

Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)

Good news for employers, finally – the UK Supreme Court hands down judgment in WM Morrison Supermarkets plc (Appellant) v Various Claimants (Respondents)

Autonomous Vehicles – Canada’s Current Legal Framework: Privacy (Part 4)

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

US banking regulators propose a rule for 36-hour notice of breach

When Do You Need to Report a Data Breach?

Oregon Extends Data Breach Notification Requirements to Include Third-Party Vendors

Spanish DPA Publishes Report on Data Processing Activities in Relation to COVID-19

CyberheistNews Vol 13 #13 [Eye Opener] How to Outsmart Sneaky AI-Based Phishing Attacks

Stay Connected