Privacy/Data Security/Cyber Risk

Subscribe to Privacy/Data Security/Cyber Risk via RSS

As reported here, recent amendments to the annual privacy notice requirement under the Gramm-Leach-Bliley Act (the “GLBA”) contained in the Fixing America’s Surface Transportation (“FAST”) Act eliminated the requirement for financial institutions to provide annual privacy notices under GLBA under certain circumstances. At its spring meeting held April 4

Read More NAIC Gets the Ball Rolling to Streamline GLBA Annual Privacy Notices

The Fourth Circuit Court of Appeals has affirmed a Virginia federal district court’s summary judgment ruling for the insured under a CGL policy, finding that the insurer had a duty to defend a third-party lawsuit alleging failure to properly secure electronic storage of medical records. Travelers Indemnity Co. v. Portal
Read More Fourth Circuit Affirms CGL Duty to Defend for Medical Records Breach

Early this month, the NAIC Cybersecurity (EX) Task Force released a preliminary working and discussion draft of an Insurance Data Security Model Law. While praise worthy in its effort to provide uniformity for data security and breach notification requirements among the states, at least with respect to the insurance industry

Read More NAIC Preliminary Draft Insurance Data Security Model Law Draws Praise and Criticism

The growing percentage of businesses that purchase cyber security and data privacy insurance portends a growing number of claims and, inevitably, litigation over some of those claims. Wells Fargo’s 2015 Cyber Security and Data Privacy Survey: How Protected Are You? indicates that nearly half (44%) of companies with $100 to

Read More Testing the Limits – Cyber Coverage Litigation Update

Insurers have struggled to find a common baseline to measure cyber risks. Changes in technology, hacking and other data security risks and the shifting legal landscape concerning liability for data breaches have made the terrain particularly uncertain. Because of the unique and changing nature of cyber risks, current risk models

Read More A Common Standard for Evaluating Cyber Risk – Insurers Walk the Walk

As previously reported here, the NAIC Cybersecurity Task Force proposed a “Cybersecurity Bill of Rights” (the “BOR”), which purported to state consumers’ rights related to information security. In the face of industry criticism of the draft BOR, including comment letters by the ACLI, NAMIC, the PIA, the Big I

Read More NAIC Cyber Security Bill of Rights becomes “Roadmap”

On December 4, 2015, President Obama signed the Highway Bill, dubbed Fixing America’s Surface Transportation Act (“FAST Act”), into law. Buried in the 490 page transportation law is a significant amendment to the Gramm-Leach-Bliley Act’s (“GLBA”) annual consumer privacy notice requirement. Specifically, section 75001 of the FAST Act, entitled “Eliminate

Read More GLBA Annual Privacy Notice Eliminated under Certain Circumstances: Buried in a Highway Bill!

The Illinois Department of Insurance (“ IL DOI”) has proposed an amendment to Illinois’ insurer record retention requirements, which would significantly reduce reporting, book-keeping and retention obligations. The current regulation, 50 Ill. Adm. Code 901.20, requires that, prior to destruction, Illinois domestic insurers submit to the IL DOI an affidavit

Read More Illinois Insurance Department Proposes Amendment to Cumbersome Records Retention and Destruction Requirements

Last week, an NAIC task force moved forward in recommending a cybersecurity “bill of rights” that insurance regulators could provide consumers, essentially creating an expectation of notice of a breach “never more than 60 days” after a breach, and the right to one year of free credit monitoring. Insurance industry

Read More NAIC Cybersecurity “Bill of Rights” Wrong to Many Insurers

A recent attempt by the Illinois legislature to significantly expand the scope of the Illinois data breach notification legislation was vetoed by Governor Rauner. As passed by the General Assembly, Illinois Senate Bill 1833 would have extended the type of information covered by the state’s breach notification law to include
Read More Illinois Governor Vetoes Expansion of Breach Notice Requirements