While some of the legal requirements on your organization can seem overly burdensome, there are times when legal requirements also align nicely with what makes good business sense. Risk assessments in the healthcare industry...more
We previously informed our readers about regulations being proposed by the Virginia Bureau of Insurance (BOI) pursuant to Virginia’s relatively new Insurance Data Security Act (IDSA). After considering comments received in...more
The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center, recently released a Joint Cybersecurity Advisory warning that cyber...more
12/18/2020
/ Colleges ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Educational Institutions ,
Hackers ,
Personal Data ,
Personally Identifiable Information ,
School Districts ,
Universities
We recently provided an overview of Virginia’s new Insurance Data Security Act (the “Act”). Now, as required under the Act, Virginia’s Bureau of Insurance has proposed regulations (the “Proposed Regs”) implementing the Act. ...more
On August 12, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reported an unknown malicious cyber actor sending phishing emails purporting to be from the Small Business...more
Virginia has a new law, the Insurance Data Security Act (New Law), going into effect on July 1, 2020, which will expand the data security and incident notification requirements on insurers licensed in the Commonwealth. The...more
4/7/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Security ,
Insurance Industry ,
Insurer Liability ,
New Legislation ,
Notification Requirements ,
Risk Assessment ,
State Data Breach Notification Statutes
As many businesses and organizations adapt to the impact of COVID-19 on their operations, the systems and data security risks they face continue to increase and must be an area of focus in all planning for COVID-19. While...more
In the fall of last year, we wrote about the passage of the SHIELD Act (the Act) in New York, which expanded aspects of the state’s breach notification requirements (Breach Requirements) and created a statutory obligation to...more
3/10/2020
/ Cybersecurity ,
Data Protection ,
Data Security ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
NYDFS ,
Personal Data ,
Risk Management ,
Security Standards ,
SHIELD Act ,
Small Business ,
State Data Breach Notification Statutes
New York recently enacted important changes to its data breach notification requirements (Breach Requirements) and created a statutory obligation to maintain reasonable data security (Security Requirements). Under the new...more
Beginning on March 1, 2020, Washington State’s data breach notification law will change in a number of important ways. First, the definition of “Personal Information” will expand significantly. This means more data elements...more
When it comes to information security, the Safeguards Rule of Regulation S-P (Safeguards Rule) requires SEC-registered investment advisers and brokers and dealers (Registrants) to adopt written policies and procedures that...more
5/1/2019
/ Broker-Dealer ,
Customer Information ,
Cybersecurity ,
Investment Adviser ,
OCIE ,
Personally Identifiable Information ,
Policies and Procedures ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Under a new law in Virginia that goes into effect on July 1, 2019, contractual liability of certain information technology (IT) suppliers to the Commonwealth of Virginia will generally be capped at a maximum of two times the...more
If your organization embraces (or simply allows!) the use of mobile devices for the workplace, the natural tradeoff you’re making for increased productivity, efficiency and convenience is an increase in cybersecurity risks to...more
As of April 11, 2019, Massachusetts will require organizations suffering a data breach that involves a resident’s social security number to provide credit monitoring services (CM Services) at no cost to the resident. If the...more