Theodore Augustinos

Subscribe to Theodore Augustinos's Posts
Contact:Read more about Theodore Augustinos

Key Point: All businesses struggle with cybersecurity risks presented by their service providers. New guidance from the NY DFS applies to all DFS regulated entities, but the guidance would assist any business in any industry in addressing these risks.

On October 21, 2025, the New York Department of Financial Services (the “DFS”) issued important guidance for covered entities (including all DFS licensees) for managing their cybersecurity risk related to third-party service providers (“TPSPs”). Industry Letter – October 21, 2025: Guidance on Managing Risks Related to Third-Party Service Providers | Department of Financial Services specifically includes the covered entity’s use of cloud, file transfer, AI and fintech providers (“Guidance”). According to the DFS, the “Guidance does not impose new requirements or obligations . . ..” Rather, “it is intended to clarify regulatory requirements, recommend industry best practices . . ., and promote compliance . . ..” The Guidance highlights that managing the cybersecurity risk presented by TPSPs “remains a crucial element of a Covered Entity’s cybersecurity program,” and notes that it applies to all covered entities, regardless of size.Read More Important Guidance on Third-Party Service Provider Cyber Risk

The Connecticut Insurance Department issued a revised Notice to All Entities and Persons Licensed by the Connecticut Insurance Department concerning the Usage of Big Data and Avoidance of Discriminatory Practices (available here).  The Notice, issued April 20, 2022, reminds “all entities and persons licensed by the Department that the Department continues to expect such entities and persons to use technology and Big Data in full compliance with anti-discrimination laws and have completed the [annual] data certification….”
Read More Big Data for Insurers: Clarity about the New Connecticut Requirements

Vermont Governor Scott signed the Vermont Insurance Data Security Law (available here) (the “VIDSL”), becoming the 21st state to adopt a cybersecurity statute based on the National Association of Insurance Commissioners Insurance Data Security Model Law (NAIC Model 668). 
Read More NAIC Insurance Data Security Model Law Update: Vermont Becomes 21st State

On December 7, 2021, the New York Department of Financial Services (“NY DFS”) released an industry letter providing guidance on Multi-Factor Authentication (“MFA”).   MFA, which requires users of information systems to provide an additional “factor,” often through a one-time code or push notification to their mobile device, in addition to their password when accessing information systems.
Read More NY DFS Releases Guidance on Multi-Factor Authentication

The New York Department of Financial Services (NYDFS) has now released a pair of alerts on the increase in cyberattacks on public facing insurance websites that provide instant quoting services to customers.  If you provide instant online quoting through your website, it is imperative that you review your system’s security and the methods you use to provide instant quotes.
Read More NYDFS Alerts Insurance Industry on Cyber Threats to Auto Quote Functions

Hartford Office Managing Partner Ted Augustinos authored an article for Best’s Review detailing privacy and cybersecurity issues that have arisen for insurers and producers as a result of employees working remotely due to the COVID-19 pandemic. For companies that likely have not previously had their entire workforce working remotely simultaneously, it is important to revisit risk assessments and evaluate technical and administrative safeguards, he explains.
Read More Home Sweet Workplace?

Reminding NY DFS regulated entities that its Cybersecurity Regulation (23 NYCRR Part 500) requires ‎assessment of cybersecurity risk, and the reporting of certain cybersecurity events within 72 hours, ‎the DFS issued guidance specific to the current COVID-19 pandemic. The DFS guidance is appropriate ‎for any business, whether or not subject to the NY Regulation.‎
Read More NY DFS Issues Guidance to Regulated Entities for Cybersecurity in the Remote Work Environment

The long-awaited amendments to the California Consumer Privacy Act of 2018 (CCPA) have finally become law. On October 11, 2019—two days before the October 13 deadline—California Governor Gavin Newsom announced that he signed all of the California Legislature’s September 2019 amendments to the CCPA: AB-25, AB-874, AB-1146, AB-1355, and AB-1564.
Read More CCPA Amendments Are In! Draft CCPA Regulations Are Out!

Locke Lord LLP and Novarica will look at new regulatory developments in analytics, use of data, and data security that have the potential to affect insurer technology strategy. This webinar covers the potential effects of regulation on the use of analytics and AI in life insurance underwriting, how privacy requirements may affect insurer data governance and MDM strategies, and how third-party data security requirements may affect distribution technology strategies.
Read More Complimentary Webinar: Insurance IT Strategy and Regulatory Compliance: AI, CCPA and NY DFS