Privacy & Cybersecurity Newsletter
Read about the latest in CCPA, GDPR, NY DFS, NAIC and State Updates in Privacy Law, and more in the current Locke Lord Privacy & Cybersecurity Newsletter.
Read MoreTopic: Privacy/Data Security/Cyber Risk
Complimentary Webinar: Insurance IT Strategy and Regulatory Compliance: AI, CCPA and NY DFS
Locke Lord LLP and Novarica will look at new regulatory developments in analytics, use of data, and data security that have the potential to affect insurer technology strategy. This webinar covers the potential effects of regulation on the use of analytics and AI in life insurance underwriting, how privacy requirements may affect insurer data governance and MDM strategies, and how third-party data security requirements may affect distribution technology strategies.
Read MoreNew Hampshire Takes the NAIC Plunge
On August 2, 2019, New Hampshire became the most recent of many states that adopted an Insurance Data Security Law (Senate Bill 194-FN) modeled after the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. New Hampshire Governor Chris Sununu signed Senate Bill 194-FN (SB194) into law requiring insurance companies licensed in NH (“Licensees”) to implement information security programs, and to report cybersecurity events.
Read MoreInsurance Technology Strategy and Regulatory Compliance, Vol. 1
Locke Lord’s Regulatory and Transactional Insurance Practice Group has teamed with Novarica, a leading insurance industry technology research, advisory services and consulting firm, to address the impact of evolving insurance regulation on information technology systems of insurance and reinsurance companies. Atlanta Partner Brian Casey, Co-Leader of Locke Lord’s Regulatory and Transactional Insurance Practice Group, Hartford Office Managing Partner Ted Augustinos, member of the steering committee of the Firm’s Privacy and Cybersecurity Group, and Chicago Partner Ben Sykes co-authored the first installment of a quarterly report with Novarica on insurance technology strategy and regulatory compliance.
Read MoreConnecticut Adopts Insurance Data Security Law
To date, six states from Michigan to Alabama have adopted versions of the National Association of Insurance Commissioner’s model insurance data security law (the “NAIC model”). The NAIC model generally requires entities licensed or authorized to operate under a state’s insurance laws to develop a cybersecurity program, investigate and report data breaches, and certify compliance with the law to the state’s insurance commissioner. Connecticut joined the growing list of states that have adopted a version of the NAIC model, buried in a budget bill, when Governor Ned Lamont signed Public Act 19-117 (the “Act”), on June 26, 2019, effective in relevant part on October 1, 2020.
Read MoreNew York Jumps on the Data Security Bandwagon
On June 17, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security Act, commonly referred to as the SHIELD Act which will be enforced by the New York Attorney General. This SHIELD Act should not be confused with Marvel’s Strategic Homeland Intervention Enforcement and Logistics Division also called S.H.I.E.L.D. The SHIELD Act is awaiting the governor’s signature to become law.
Read MoreCybersecurity Update: NYDFS, NAIC, and What’s Going on in SC, OH, MI, and MS?
On March 1, 2017 the cybersecurity regulation of the New York Department of Financial Services (the “DFS Regulation”) took effect, requiring subject financial institutions, including insurance companies, (“Covered Entities”) to among other things adopt written information security programs to address the protection of nonpublic information and information systems.
Read MoreWhat Every InsurTech Should Know About Privacy and Cybersecurity
As an early stage or startup InsurTech, you’re highly focused on all the right things: identifying a challenge for the insurance industry, developing an innovative technical solution, making it practical and scalable, getting it funded, and implementing it. The industry for which InsurTech seeks to develop and deliver solutions is awash, however, in requirements and restrictions related to the collection, use, sharing, and protection of data.
Read MoreLocke Lord Privacy Lawyer Authors Article in Best’s Review on Regulations Impacting InsurTechs
Ted Augustinos, a member of the steering committee of Locke Lord’s Privacy and Cybersecurity Practice Group, authored an article detailing the stifling effect of privacy and cybersecurity regulations on innovative data usage at insurance companies.
Read MoreFTC Proposes Amendments to Safeguards Rule to Track NY DFS Cybersecurity Regulation (and amendments to its Privacy Rule)
As we’ve been predicting, including here, the Cybersecurity Regulation adopted by the NY DFS for insurance, banking and other financial services continues to drive the conversation in the U.S. The latest manifestation is the FTC proposal, announced March 5, 2019, to amend it Safeguards Rule adopted pursuant to the Gramm-Leach-Bliley Act of 1999 (GLBA) to require financial institutions to adopt certain safeguards to protect the nonpublic personal information of consumers.
Read MoreInsurTech
