Theodore Augustinos

Subscribe to Theodore Augustinos's Posts
Contact:Read more about Theodore Augustinos

As previously reported, covered entities (including insurance companies and producers, and other licensees including individuals) that are subject to an exemption under the New York Department of Financial Services Cybersecurity Regulation were required to file a Notice of Exemption by September 27, 2017.  Having recently authorized “batch exemption” filings by
Read More NY DFS Cybersecurity Regulation Exemption Deadline Extended

Beginning October 1, 2017, health insurers, health care centers, pharmacy benefits managers, and third party administrators that administer health benefits, and utilization of new companies, licensed in Connecticut, will be required to file their first annual certification to the insurance department that it maintains a comprehensive information security program in

Read More Cybersecurity Compliance Requirements are Piling Up

As previously reported and explained here, the New York State Department of Financial Services (DFS) promulgated a proposed regulation mandating cybersecurity requirements for all licensees, including insurance companies and producers, banks, and others. In response to 150 comments received from the industry, a revised proposed regulation was published December
Read More New Cybersecurity Requirements coming for NYS DFS Insurers, Producers, and Other Licensees

As reported here, recent amendments to the annual privacy notice requirement under the Gramm-Leach-Bliley Act (the “GLBA”) contained in the Fixing America’s Surface Transportation (“FAST”) Act eliminated the requirement for financial institutions to provide annual privacy notices under GLBA under certain circumstances. At its spring meeting held April 4

Read More NAIC Gets the Ball Rolling to Streamline GLBA Annual Privacy Notices

Early this month, the NAIC Cybersecurity (EX) Task Force released a preliminary working and discussion draft of an Insurance Data Security Model Law. While praise worthy in its effort to provide uniformity for data security and breach notification requirements among the states, at least with respect to the insurance industry

Read More NAIC Preliminary Draft Insurance Data Security Model Law Draws Praise and Criticism

As previously reported here, the NAIC Cybersecurity Task Force proposed a “Cybersecurity Bill of Rights” (the “BOR”), which purported to state consumers’ rights related to information security. In the face of industry criticism of the draft BOR, including comment letters by the ACLI, NAMIC, the PIA, the Big I

Read More NAIC Cyber Security Bill of Rights becomes “Roadmap”

On December 4, 2015, President Obama signed the Highway Bill, dubbed Fixing America’s Surface Transportation Act (“FAST Act”), into law. Buried in the 490 page transportation law is a significant amendment to the Gramm-Leach-Bliley Act’s (“GLBA”) annual consumer privacy notice requirement. Specifically, section 75001 of the FAST Act, entitled “Eliminate

Read More GLBA Annual Privacy Notice Eliminated under Certain Circumstances: Buried in a Highway Bill!

Last week, the Department of Financial Services of the State of New York (“DFS”) issued a letter available here, indicating its intention to promulgate cybersecurity regulations that will apply to financial institutions licensed by DFS, including insurance companies, banks, and mortgage brokers. The proposed regulations will be intended to
Read More Expect New Cybersecurity Regs from New York DFS

Last week, an NAIC task force moved forward in recommending a cybersecurity “bill of rights” that insurance regulators could provide consumers, essentially creating an expectation of notice of a breach “never more than 60 days” after a breach, and the right to one year of free credit monitoring. Insurance industry

Read More NAIC Cybersecurity “Bill of Rights” Wrong to Many Insurers