Privacy/Data Security/Cyber Risk

Subscribe to Privacy/Data Security/Cyber Risk via RSS
The Virginia State Corporation Commission Bureau of Insurance (the “Bureau”) recently issued a bulletin to provide guidance on the development and implementation of privacy safeguards to all insurers, health service plans, health maintenance organizations, surplus lines brokers and other interested parties.


Read More Virginia Issues Guidance on Information Security Program Requirement

On September 22, 2009, Socheth Sor of Edwards Angell Palmer & Dodge LLP testified at a public hearing before the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) in Boston regarding 201 CMR 17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth (the “Regulations”). 


Read More Public Hearing on Massachusetts Information Security Regulations

In the last week of August, 2009, the Department of Health and Human Services (“HHS”) and the Federal Trade Commission (“FTC”) officially published their final rules concerning consumer notification of breaches of protected health information (“PHI”). Congress mandated that both rules be issued under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, part of the American Recovery and Reinvestment Act of 2009. 


Read More Final Rules Issued for Breach of Electronic Health Information

On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (the “OCABR”) issued a press release announcing important amendments to 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth (the “Regulations”), and a third extension of its effective date from January 1, 2010 to March 1, 2010. The OCABR also called a public hearing scheduled for September 22, 2009 in connection with the Regulations.


Read More BREAKING NEWS: Client Advisory – Amended Massachusetts Security Regulations and Extension of Effective Date

On Wednesday, July 29, 2009, the Federal Trade Commission (FTC) announced that it would be suspending enforcement of the Red Flags Rule, its new anti-fraud regulations, for three months, until November 1, 2009.  The three-month extension followed a request from the House of Representatives’ Appropriations Committee that the FTC defer enforcement of the regulations. 


Read More FTC Announces Three-Month Suspension of Red Flags Rule; New Guidance to Be Released Shortly

On 22 July 2009 three HSBC companies: HSBC Life UK Ltd; HSBC Actuaries and Consultants Ltd; and HSBC Insurance Brokers Ltd, were fined £1.6m, £875,000, and £700,000 respectively by the UK Financial Services Authority (FSA). The fines are in response to those companies failing to have in place adequate systems and controls to protect customers’ confidential information from being lost or stolen. 
Read More UK: Financial Services Authority Punishes Failure to Protect Confidential Customer Information with Hefty Fines

Earlier this week, the United States District Court for the District of Maine issued its ruling on a motion to dismiss a class action complaint against a supermarket chain based on a massive data breach.  The decision addressed the question of whether when a third party steals a customer’s credit and debit card information from a grocer, can the customer then recover from the grocer? 
Read More Federal Court Decides That Data Breach Case Against Supermarket Chain Can Proceed, But Only As to One Plaintiff

As we previously reported here, the Federal Trade Commission (“FTC”) extended the compliance date for the Red Flag Rules from May 1, 2009 to August 1, 2009.  According to the FTC, the Red Flag Rules are risk-based in recognition of the burden that the Red Flag Rules could impose upon an entity that has only a small risk of identity theft.  The FTC makes clear that higher risk entities should have more elaborate identity theft programs, while low risk entities may have less complex programs. 
Read More FTC Releases Red Flag Program Template for Low Risk Entities

Edwards Angell Palmer & Dodge is delighted to announce that it will again this year host a half-day seminar which will be repeated in Bermuda, New York and Boston. 
Read More Edwards Angell Palmer & Dodge Half-day CLE Insurance & Reinsurance Seminars – June 2009

The Federal Trade Commission (“FTC”) issued a press release on April 30, 2009, a day before the effective date of the federal Red Flag rules (16 CFR 681, the “Rules”), extending the enforcement date for creditors, for a second time, to August 1, 2009.  For financial institutions, compliance has been required since November 28, 2008.  The Rules require that “financial institutions” and “creditors” with “covered accounts,” as defined under the Rules,  develop and implement a written Identity Theft Prevention Program to detect, prevent, and mitigate identity theft. 


Read More FTC Delays Enforcement of Red Flag Rules