Privacy/Data Security/Cyber Risk

Subscribe to Privacy/Data Security/Cyber Risk via RSS
Massachusetts already has one of the most aggressive data security regulations in the country, and robust new guidelines were just issued to implement this regulation, effective January 1, 2009. 


Read More New Massachusetts Guidelines for Mandatory Computer Security Policies

Last month the National Association of Insurance Commissioners (“NAIC”) adopted a proposal to develop a uniform system for collecting the market conduct information of insurance companies.  Market-conduct information includes, for example, how often a company cancels policies, delays claim payments or is in litigation. 


Read More Adopted Proposal Aims to Collect and Aggregate Insurance Company Market Conduct Information into a Centralized Database

An increase in data breaches affecting various  industries, including banking, insurance and other financial services, has been profiled recently.  These developments require companies to anticipate problems, develop new responsive policies and protective procedures, and react quickly to near-crisis situations resulting from data breaches. 


Read More Information Security Breaches and Appropriate Responses – New Mandatory Security Rule in Massachusetts and Privacy Policy in Connecticut

In Insurance Institute of Michigan, et al. v. Commissioner, No. 262385, 2008 WL 190394 (Mich. Ct. App., Aug. 21, 2008), the appellate court opinion of Presiding Judge Helen N. White vacated a lower court’s permanent injunction against regulations prohibiting the use of credit scores in home and auto insurance. 
Read More Michigan Court of Appeals Reinstates Regulations Prohibiting the Use of Credit Scoring in Home and Auto Insurance

On June 10, 2008, Connecticut Governor M. Jodi Rell signed into law “An Act Concerning the Confidentiality of Social Security Numbers,” Public Act No. 08-167 (the “Act”).  The Act, which becomes effective October 1, 2008, requires any person who collects Social Security numbers in the course of business to create a privacy protection policy. 


Read More Connecticut Passes Law on the Confidentiality of Social Security Numbers

Recently, the House Financial Services Oversight and Investigation Subcommittee held a hearing where speakers from various insurance industry and consumer protection groups gave testimony regarding “The Impact of Credit-Based Insurance Scoring on the Availability and Affordability of Insurance.” 


Read More Use of Credit Scores in Personal Line Insurance Rating

Massachusetts has become one of the most aggressive states in the country regarding protecting personal data. It has adopted a new data breach law, a new document destruction law and proposed regulations that may represent one of the most far-reaching information security requirements anywhere in the U.S. Taken together, these will have major compliance implications and will likely require more rigorous, written security policies for any company doing business in Massachusetts or holding Massachusetts personal data, wherever located. 
Read More Aggressive New Massachusetts Data Breach Law and Proposed Security Rules Require Company Action

With potential implications for anyone doing business with a Massachusetts resident, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) held a public hearing today concerning the proposed regulation 201 Mass. Code Regs. 17.00, the new Standards for the Protection of Personal Information of Residents of the Commonwealth. 


Read More Aggressive New Proposed Regulation for the Security of Personal Information