Rachel Zucker

All articles by Rachel Zucker

 

Ohio Cybersecurity Legislation Applicable to Insurers Now In Effect

Ohio’s new law requiring insurance providers to take steps to protect personal information recently went into effect March 20, 2019. Ohio now follows South Carolina as the second state to adopt legislation modeled after the NAIC’s Insurance Data Security Model Law.             The law, codified at new Ohio Revised Code Chapter 3695, applies to all individuals or non-governmental entities required to be authorized, registered, or licensed under Ohio insurance laws (defined as “licensees”). Only smaller licensees that have fewer than 20 employees, less than $5…  

Key Upcoming Deadlines under the New York DFS Cybersecurity Regulation

When New York’s landmark cybersecurity regulation became effective back in March 2017, the Department of Financial Services (DFS) implemented a two-year timeline for implementation of the regulation’s requirements, with a final compliance deadline of March 1, 2019.  Entities covered by the wide-sweeping regulation should remember filing their first certificate of compliance in February of last year.  The two-year implementation period is almost over, and once again, important deadlines are now quickly approaching.  “Covered Entities” (banks, insurance companies, and other financial services institutions and…  

Colorado Data Privacy Act a Landmark in Dealing with Protection of Personally Identifiable Information

Colorado’s Protections for Consumers Data Privacy Act, unanimously approved by the state legislature on May 29, imposes heightened data protection and breach notification requirements on businesses of all sizes and government entities. It affects all entities that receive, collect, create or save personally identifiable information (PII) from Colorado residents, customers, employees or even prospective employees.  The law comes in the wake of the Equifax data breach in 2017, and Colorado being rated the second riskiest state for identity theft in a 2017 study, only…  

Congress Passes Bill to turn Cybersecurity Wing of Department of Homeland Security into Fully-fledged Agency

On November 13, the U.S. House of Representatives voted unanimously to pass bipartisan legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The CISA Act (H.R. 3359), first introduced in July, 2017, passed the Senate in October. It will “reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security,” according to a statement released by DHS. The new agency…  

In Line with GDPR, Canada Amends its Privacy Protection Regulation to Include Stringent and Mandatory Breach Notification Rules

On November 1, 2018, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) was amended to include stringent, mandatory breach notification rules. These rules are similar to the European Union’s General Data Protection Regulation (GDPR), which took effect in May, 2018. Organizations that conduct business in Canada will be subject to PIPEDA as well as the GDPR, if that organization is accessible in the European market. The new PIPEDA regulations reinforce the image of Canada as an international leader in personal data protection…  

Long-struggling ‘Google Plus’ Social Network to be Shutdown after Security Breach Affects 500,000

On Monday, October 8, 2018 Google disclosed a security breach it discovered months ago that put at risk the personal data of hundreds of thousands of Google Plus users. In March, Google discovered, and fixed, the bug that allowed outside software developers to gain access to personal information on Google Plus users, including names, email addresses, ages, occupations and relationship status. The company’s decision to not immediately report the software bug has some concerned that Google cannot be relied on to protect privacy. Google…  

Security Breach Compromises 50 Million Facebook Accounts

In the wake of concerns that the social media giant collects too much personal data, Facebook, Inc. discovered a security breach on September 25, 2018 that affected almost 50 million accounts. Recent privacy regulations, including those recently enacted in the European Union, may have forced Facebook into promptly reporting the breach just three days after it was discovered. Based on the breaking-news reports, the FBI is working with Facebook to investigate the breach to determine the extent of the breach, what information was accessed, whether…  

Firewall’s Up: South Carolina Passes First-of-its-Kind Insurance Data Security Act

South Carolina recently became the first state to pass legislation modeled closely on the Insurance Data Security Model Law that was approved by the National Association of Insurance Commissioners (NAIC) last October. Amid the rising incidence of cyberattacks, cyber security is a key issue facing the insurance sector. South Carolina has taken a proactive step in protecting their business and customers from possible data breaches. The South Carolina Department of Insurance (SCDOI) Data Security Act, signed by the Governor on May 3, 2018, will become…