Locke Lord’s Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.
Read MoreOn September 24, 2019, the U.S. Department of the Treasury (“Treasury”) proposed regulations to expand considerably the scope of transactions subject to review by the Committee on Foreign Investment in the United States (“CFIUS”), to now include certain transactions in the insurance industry, where “sensitive personal data” could become accessible to a foreign person.
Read MoreThe long-awaited amendments to the California Consumer Privacy Act of 2018 (CCPA) have finally become law. On October 11, 2019—two days before the October 13 deadline—California Governor Gavin Newsom announced that he signed all of the California Legislature’s September 2019 amendments to the CCPA: AB-25, AB-874, AB-1146, AB-1355, and AB-1564.
Read MoreRead about the latest in CCPA, GDPR, NY DFS, NAIC and State Updates in Privacy Law, and more in the current Locke Lord Privacy & Cybersecurity Newsletter.
Read MoreLocke Lord LLP and Novarica will look at new regulatory developments in analytics, use of data, and data security that have the potential to affect insurer technology strategy. This webinar covers the potential effects of regulation on the use of analytics and AI in life insurance underwriting, how privacy requirements may affect insurer data governance and MDM strategies, and how third-party data security requirements may affect distribution technology strategies.
Read MoreOn August 2, 2019, New Hampshire became the most recent of many states that adopted an Insurance Data Security Law (Senate Bill 194-FN) modeled after the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. New Hampshire Governor Chris Sununu signed Senate Bill 194-FN (SB194) into law requiring insurance companies licensed in NH (“Licensees”) to implement information security programs, and to report cybersecurity events.
Read MoreLocke Lord’s Regulatory and Transactional Insurance Practice Group has teamed with Novarica, a leading insurance industry technology research, advisory services and consulting firm, to address the impact of evolving insurance regulation on information technology systems of insurance and reinsurance companies. Atlanta Partner Brian Casey, Co-Leader of Locke Lord’s Regulatory and Transactional Insurance Practice Group, Hartford Office Managing Partner Ted Augustinos, member of the steering committee of the Firm’s Privacy and Cybersecurity Group, and Chicago Partner Ben Sykes co-authored the first installment of a quarterly report with Novarica on insurance technology strategy and regulatory compliance.
Read MoreTo date, six states from Michigan to Alabama have adopted versions of the National Association of Insurance Commissioner’s model insurance data security law (the “NAIC model”). The NAIC model generally requires entities licensed or authorized to operate under a state’s insurance laws to develop a cybersecurity program, investigate and report data breaches, and certify compliance with the law to the state’s insurance commissioner. Connecticut joined the growing list of states that have adopted a version of the NAIC model, buried in a budget bill, when Governor Ned Lamont signed Public Act 19-117 (the “Act”), on June 26, 2019, effective in relevant part on October 1, 2020.
Read MoreOn June 17, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security Act, commonly referred to as the SHIELD Act which will be enforced by the New York Attorney General. This SHIELD Act should not be confused with Marvel’s Strategic Homeland Intervention Enforcement and Logistics Division also called S.H.I.E.L.D. The SHIELD Act is awaiting the governor’s signature to become law.
Read MoreOn March 1, 2017 the cybersecurity regulation of the New York Department of Financial Services (the “DFS Regulation”) took effect, requiring subject financial institutions, including insurance companies, (“Covered Entities”) to among other things adopt written information security programs to address the protection of nonpublic information and information systems.
Read More
