Theodore Augustinos

Subscribe to Theodore Augustinos's Posts
Contact:Read more about Theodore Augustinos

Locke Lord’s Regulatory and Transactional Insurance Practice Group has teamed with Novarica, a leading insurance industry technology research, advisory services and consulting firm, to address the impact of evolving insurance regulation on information technology systems of insurance and reinsurance companies. Atlanta Partner Brian Casey, Co-Leader of Locke Lord’s Regulatory and Transactional Insurance Practice Group, Hartford Office Managing Partner Ted Augustinos, member of the steering committee of the Firm’s Privacy and Cybersecurity Group, and Chicago Partner Ben Sykes co-authored the first installment of a quarterly report with Novarica on insurance technology strategy and regulatory compliance.

Read More Insurance Technology Strategy and Regulatory Compliance, Vol. 1

To date, six states from Michigan to Alabama have adopted versions of the National Association of Insurance Commissioner’s model insurance data security law (the “NAIC model”).  The NAIC model generally requires entities licensed or authorized to operate under a state’s insurance laws to develop a cybersecurity program, investigate and report data breaches, and certify compliance with the law to the state’s insurance commissioner.  Connecticut joined the growing list of states that have adopted a version of the NAIC model, buried in a budget bill, when Governor Ned Lamont signed Public Act 19-117 (the “Act”), on June 26, 2019, effective in relevant part on October 1, 2020.
Read More Connecticut Adopts Insurance Data Security Law

On January 10, 2019, Massachusetts Governor Charlie Baker signed House Bill No. 4806 into law.  The bill amends certain provisions of the state data breach notification law, increasing reporting requirements on a person or agency collecting personal information of Massachusetts residents.
Read More Updates to Massachusetts Data Breach Laws: House Bill No. 4806

On March 1, 2017 the cybersecurity regulation of the New York Department of Financial ‎Services (the “DFS Regulation”) took effect, requiring subject financial institutions, including ‎insurance companies, (“Covered Entities”) to among other things adopt written information ‎security programs to address the protection of nonpublic information and information systems.
Read More Cybersecurity Update: NYDFS, NAIC, and What’s Going on in SC, OH, MI, and MS?

As an early stage or startup InsurTech, you’re highly focused on all the right things: identifying a ‎challenge for the insurance industry, developing an innovative technical solution, making it ‎practical and scalable, getting it funded, and implementing it. The industry for which InsurTech ‎seeks to develop and deliver solutions is awash, however, in requirements and restrictions related ‎to the collection, use, sharing, and protection of data.‎
Read More What Every InsurTech Should Know About Privacy and Cybersecurity

On March 20, 2019, the Joint Committee on Government Administration and Elections (the “Joint Committee”) introduced An Act Concerning Consumer Privacy, Raised Bill No. 1108.  The Bill is essentially a reprinting of the original version of the California Consumer Privacy Act (the “CCPA”), and does not capture amendments that
Read More CCPA Proliferation: Connecticut and other states propose to follow California’s lead on ‎Consumer Privacy

As we’ve been predicting, including here, the Cybersecurity Regulation adopted by the NY DFS for insurance, banking and other financial services continues to drive the conversation in the U.S.  The latest manifestation is the FTC proposal, announced March 5, 2019, to amend it Safeguards Rule adopted pursuant to the Gramm-Leach-Bliley Act of 1999 (GLBA) to require financial institutions to adopt certain safeguards to protect the nonpublic personal information of consumers.
Read More FTC Proposes Amendments to Safeguards Rule to Track NY DFS Cybersecurity Regulation (and amendments to its Privacy Rule)

On January 10, 2019, Massachusetts Governor Baker signed “An Act relative to consumer protection from security breaches” (House Bill No. 4806), which added new requirements and obligations for companies that experience a data breach.
Read More Massachusetts Amendments Impose Additional Data Security Breach Requirements

On November 23, the European Data Protection Board released guidelines for public comment (the “Guidelines”) on the territorial scope of the General Data Protection Regulation (“GDPR”).  Specifically, the Guidelines address the applicability of GDPR Articles 3 and 27.

Article 3(1) – Establishment Criteria

GDPR Article 3(1) states that the GDPR
Read More European Data Protection Board Releases Guidelines on the Territorial Scope of the GDPR

Update: the Governor of California, signed Senate Bill 1121 on September 23, 2018, ratifying the amendments described below.

On August 31, 2018, the California State Legislature passed Senate Bill 1121, amending the California Consumer Privacy Act of 2018 (“CCPA”).  The CCPA, which contains the broadest consumer data privacy protections
Read More California Amends Consumer Data Privacy Act, but Leaves Material Provisions Unchanged and Questions Unanswered