Data Matters

JANUARY 14, 2019

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The Act is designed to “establish standards for data security and for the investigation and notification to the Superintendent of Insurance of a cybersecurity event.”.

Insurance 67

Insurance Security Cybersecurity Data breaches 67

Data Matters

FEBRUARY 11, 2019

On December 28, 2018, Michigan adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law in the form of Michigan H.B. The Act defines licensees as persons authorized, registered, or licensed under Michigan insurance laws or required to be so. 6491 (Act). MCL § 500.550.

Insurance 67

Insurance Security Cybersecurity FOIA 67

Data Matters

SEPTEMBER 7, 2022

The National Association of Insurance Commissioners (NAIC) held its Summer 2022 National Meeting (Summer Meeting) August 9–13, 2022. The Privacy Working Group has been reviewing state insurance privacy protections regarding the collection, ownership, use, and disclosure of information gathered in connection with insurance transactions.

Insurance 78

Insurance Paper Privacy Risk 78

Data Protection Report

OCTOBER 3, 2021

The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement as part of a risk assessment; Deems compliant any person subject to and in compliance with HIPAA and HITECH; and.

Data breaches 142

Data breaches IT Insurance Passwords 142

Data Matters

SEPTEMBER 20, 2021

The National Association of Insurance Commissioners (NAIC) held its Summer 2021 National Meeting (Summer Meeting) August 14-17, 2021. Highlights include, among others, adoption of revised risk-based capital bond factors for life insurers, amendments to SSAP No. The changes are effective December 31, 2021.

Insurance 87

Insurance e-Delivery Paper Sales 87

IT Governance

APRIL 3, 2019

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. In that regard, it was a job well done, with one report estimating that insurers could expect to pay out more than $80 billion (£61 billion) as a result of the attack.

Insurance 42

Insurance Ransomware Government Paper 42

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Such outsourcing of ICT services also requires a clear definition of responsibilities, risks and mitigation between financial entities and ICT third-party service providers. That includes banks, insurances, payment institutions, stock market, and many financial management firms (trading, crypt-assets, etc).

Financial Services 83

Financial Services Cloud Cybersecurity Encryption 83

Schneier on Security

MARCH 26, 2020

Interesting article discussing cyber-warranties, and whether they are an effective way to transfer risk (as envisioned by Ackerlof's "market for lemons") or a marketing trick. Consumers should question whether warranties can function as a costly signal when narrow coverage means vendors accept little risk.

Marketing 92

Marketing Insurance Risk IT 92

Data Matters

APRIL 15, 2022

Definitions. ” For its definition of personal data, the UCPA excludes deidentified data, aggregated data, and publicly available information. ” For its definition of personal data, the UCPA excludes deidentified data, aggregated data, and publicly available information. The law also does not apply to non-profits.

Privacy 107

Privacy Personal data Sales Insurance 107

Schneier on Security

FEBRUARY 28, 2024

In the first week of January, the pharmaceutical giant Merck quietly settled its years-long lawsuit over whether or not its property and casualty insurers would cover a $700 million claim filed after the devastating NotPetya cyberattack in 2017. The 9/11 attacks cost insurers and reinsurers $47 billion. 11, 2001, terrorist attacks.

Insurance 98

Insurance Government Cybersecurity Risk 98

Hunton Privacy

MARCH 24, 2022

Similar to the CPA and VCDPA, the UCPA contains exemptions for covered entities, business associates and protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and financial institutions or personal data subject to the Gramm-Leach-Bliley Act (“GLB”). In line with existing U.S.

Privacy 113

Privacy Personal data Sales B2B 113

Data Matters

MARCH 28, 2022

Department of Health and Human Service’s Office for Civil Rights (“OCR”) issued industry guidance for Health Insurance Portability and Accountability Act (“HIPAA”) regulated entities to take preventative steps to protect against some of the more common, and often successful, cyber-attack techniques. On March 17, 2022, the U.S.

Cybersecurity 87

Cybersecurity Privacy Insurance Risk 87

Data Protection Report

JULY 28, 2021

The defendant was a life insurance company and the claimant their insured. With regards to the scope of the data subject access right, the FCJ refers to the legal definition of personal data in Article 4(1) GDPR. In particular, the court held the following: No requirement of “essential biographical information”.

Access 128

Access GDPR Personal data Insurance 128

Data Matters

DECEMBER 11, 2018

The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data. GCC using a risk-based capital aggregation methodology. sector; and.

Insurance 67

Insurance Paper Risk Big data 67

Data Matters

AUGUST 24, 2018

The National Association of Insurance Commissioners (NAIC) held its Summer 2018 National Meeting in Boston, Massachusetts, from August 4 to 7, 2018. NAIC Continues its Evaluation of Insurers’ Use of Big Data . The NAIC is also considering insurers’ use of big data in underwriting life insurance products.

Insurance 60

Insurance Big data e-Delivery Risk 60

Data Matters

SEPTEMBER 4, 2019

The National Association of Insurance Commissioners (NAIC) held its Summer 2019 National Meeting (Summer Meeting) in New York City from August 3 to 6, 2019. NAIC Evaluating Definition of “Best Interest” to Determine Whether to Impose Such a Standard in the Suitability in Annuity Transactions Model Regulation.

Insurance 67

Insurance Paper Risk Analytics 67

Data Matters

SEPTEMBER 3, 2020

The National Association of Insurance Commissioners (NAIC) held its Summer 2020 National Meeting (Summer Meeting) from July 27 to August 14, 2020. NAIC Considers Comments to the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act . GCC Template and Instructions.

Insurance 67

Insurance Paper Artificial Intelligence Big data 67

Data Protection Report

FEBRUARY 23, 2023

In this post, we will describe some of the risks introduced by personal information collection, and some of the legal obligations of vehicle manufacturers in protecting their customers’ privacy. The meaning of “high-impact” is still not clear and it is anticipated that the definition of “high-impact” will be provided in further regulation.

Privacy 85

Privacy Manufacturing Artificial Intelligence Data collection 85

eSecurity Planet

AUGUST 9, 2022

See the Top Governance, Risk and Compliance (GRC) Tools. are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA).

Data Privacy 145

Data Privacy Compliance Privacy Security 145

eSecurity Planet

DECEMBER 7, 2023

For example, The Health Insurance Portability and Accountability Act (HIPAA) requires security features such as encryption to protect patients’ health information. In each of these cases, the cracked encryption can lead to leaked data, but the nature of the risk remains distinct.

Encryption 110

Encryption IT Passwords IoT 110

Data Matters

AUGUST 9, 2021

In addition, the Act expands the definition of personally identifying information, compromise of which would constitute a data breach, to include patient data and medical data—a general category of health-related information that is not limited to protected health information under HIPAA.

Data breaches 87

Data breaches Privacy Personal data Data Privacy 87

eSecurity Planet

OCTOBER 14, 2022

The risks are high as it’s a new, loosely regulated industry with many new technologies that may not be fully vetted or secured.”. The definition of Web3 is a bit fuzzy. But if the industry wants to thrive, there definitely needs to be much more focus on security. So yes, Web3 has become a fierce battleground for cybersecurity.

Cybersecurity 119

Cybersecurity Blockchain Security Insurance 119

Hunton Privacy

MAY 10, 2022

The CTDPA exempts certain entities, including, for example, state and local government entities, nonprofits, higher education institutions, financial institutions subject to the Gramm-Leach-Bliley Act (“GLB”), and qualifying covered entities and business associates subject to the Health Insurance Portability and Accountability Act (“HIPAA”).

Privacy 118

Privacy Personal data Sales B2B 118

eSecurity Planet

MAY 4, 2023

The goal of ITAM is to ensure that an organization’s IT assets are being used effectively, efficiently and securely while minimizing costs and reducing the risk of data breaches and other security incidents. Asset insurance: Insuring critical assets against loss or damage can give you added protection against financial risks.

IT 101

IT Compliance Cloud Cybersecurity 101

Krebs on Security

JULY 27, 2020

. “The ferocity of cyber criminals to take advantage of COVID-19 uncertainties by preying on small businesses is disturbing,” said Andrew LaMarca , who leads the global high-risk and fraud team at Dun & Bradstreet. For the past several months, Milwaukee, Wisc. ” PHANTOM OFFICES. . ” RECYCLING VICTIMS. .

Energy and Utilities 356

Energy and Utilities Computer and Electronics Insurance Risk 356

Data Matters

MARCH 12, 2019

Of particular note, the Safeguards Rule NPRM proposes to align the FTC’s requirements with those of the New York Department of Financial Services (“NYDFS”), as found in its cybersecurity regulations, and the National Association of Insurance Commissioners (“NAIC”), as found in its insurance data security model law.

Privacy 67

Privacy IT Information Security Insurance 67

erwin

MAY 2, 2022

While talking to the business people about the business requirements, entities tend to be the plural nouns that they mention: insureds, beneficiaries, policies, terms, etc. Look again at Figure 7, what is the difference between an insured and a beneficiary? What is an entity? Just write them down, fill in details later.

Cloud 98

Cloud Insurance Metadata IT 98

AIIM

NOVEMBER 23, 2021

As we engaged in a bit of Socratic dialogue, it became clear to us all that the perceived role of information governance had to shift from a singular focus on risk and cost reduction. The last seven words in that definition are so important that I underlined them. Create a risk/value framework.

Information governance 118

Information governance Government Customer Experience Archiving 118

ARMA International

APRIL 18, 2022

Definition and Purpose of a Records Retention Schedule. Certain sectors, such as banking, financial services, health, and insurance have their own data protection and privacy requirements. 8 This is the GDPR definition and other countries have similar broad definitions of personal data.

Personal data 100

Personal data GDPR Privacy Records Management 100

eSecurity Planet

FEBRUARY 14, 2023

Growth has definitely been robust. The growing number of data privacy regulations has raised the potential consequences of cybersecurity breaches, spurring demand for GRC (governance, risk, and compliance) software. In the case of Lemonade – an online insurance company – it spent over 200 hours on the process.

Compliance 111

Compliance Security Cybersecurity Marketing 111

Data Protection Report

JULY 9, 2018

These new and amended state data breach laws expand the definition of personal information and specifically mandate that certain information security requirements are implemented. Virgin Islands, have enacted breach notification laws that require businesses to notify consumers if their personal information is compromised.

GDPR 40

GDPR Data breaches Personal data Insurance 40

IT Governance

APRIL 23, 2019

The information comprised names, addresses, gender, dates of birth, phone numbers, National Insurance numbers, bank details and salaries. That obviously won’t come into play here as the leak occurred before the GDPR took effect, but a definitive ruling one way or the other will determine whether we will see more class actions in the future.

Data breaches 64

Data breaches Insurance GDPR Compliance 64

Data Protection Report

APRIL 24, 2019

If Article 13 of the Healthcare Data Law takes effect as written, healthcare providers, consultants and insurers doing business in or with the UAE who continue to process and store outside the UAE health data and information generated in the UAE, must cease operating in such manner, and will be subject to penalties if they do not.

Insurance 40

Insurance Communications Access Government 40

IT Governance

JULY 30, 2024

Mitigating supply chain risk After widespread coverage, the CrowdStrike outage from 19 July 2024 hardly needs an introduction. According to Parametrix , an insurance company specialising in Cloud outages, cyber insurance policies likely cover up to 10–20% of losses only. of its share price.

Insurance 97

Insurance Risk Encryption Manufacturing 97

Hunton Privacy

APRIL 3, 2018

“Third-party agent” is defined as “an entity that has been contracted to maintain, store, process, or is otherwise permitted to access sensitive personally identifying information in connection with providing services to a covered entity.”.

Data breaches 72

Data breaches Encryption Insurance Risk 72

IBM Big Data Hub

JANUARY 22, 2024

The photo will expedite the recovery process and help when filing a police report or a possible claim with your insurance company. Download the Definitive Guide to Ransomware Recovery If you’ve been lucky enough to remove the ransomware infection, it’s time to start the recovery process.

Ransomware 105

Ransomware Encryption Analytics Data breaches 105

Data Protection Report

JUNE 6, 2019

Although the concept of providing consumers certain privacy rights is similar, the law has some significant differences from the CCPA, including the definition of “sale”. Excludes “employees” from definition of “consumer”. Expands definition of “de-identified” data, narrows definition of “personal information”.

Sales 40

Sales Privacy Insurance Manufacturing 40