Photo of Carrie Turner

Carrie Turner is a member of Robinson+Cole's Insurance + Reinsurance Group, where she focuses her practice on breach of contract, first- and third-party insurance coverage disputes, coverage analysis, cyber liability, property damage claims, environmental and contamination loss, breach of fiduciary duty, bad faith, and other extracontractual claims litigation.

Prior to joining Robinson+Cole, Ms. Turner clerked for the Honorable Boyce F. Martin, Jr. on the United States Court of Appeals for the Sixth Circuit. Ms. Turner has experience litigating and advising insurers and reinsurers on a broad range of coverage issues, including litigation arising from 9/11. She has litigated from inception to settlement numerous Superstorm Sandy claims regarding flood exclusion issues. Her additional litigation experience includes general commercial, corporate and partnership disputes, attorney malpractice, and a broad range of contract disputes at both the trial and appellate levels. She has authored appellate briefs in various state and federal courts.

Read Carrie’s bio.

On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)  must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:


On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).

The Regulation, which became effective on March 1, 2017,

In October 2017, healthcare insurer, CareFirst, petitioned the United States Supreme Court, requesting the Court to clarify the constitutional standing requirement for plaintiffs seeking to bring claims regarding their exposure during corporate data breaches.

In order to invoke federal court jurisdiction, a plaintiff must plead an actual or imminent injury. The Supreme Court has held

On March 1, 2017, New York’s Cybersecurity Regulation (23 NYCRR Part 500)[1] became effective.  The regulation is the first of its kind in the nation and requires certain companies, including banks, insurance companies and other financial services institutions regulated by the Department of Financial Services (“Covered Entities”), to have:

  • a cybersecurity program designed to protect consumers’ private data;
  • a written policy or policies that are approved by the Board of Directors or a senior officer;
  • a Chief Information Security Officer to help protect data and systems; and
  • in place controls and plans to help ensure the safety and soundness of New York’s financial services industry.[2]

In addition, pursuant to the regulation, Covered Entities must report a cybersecurity event if (a) the event impacts the Covered Entity and notice of it is required to be provided to any government body, self-regulatory agency or any other supervisory body; or (b) the event has a reasonable likelihood of materially harming any material part of the normal operation(s) of the Covered Entity.  Details regarding what makes up such an event are detailed on the New York Department of Financial Services website.[3] 
Continue Reading Compliance With New York’s Cybersecurity Regulation 23 NYCRR Part 500

Drone mapping provides insurance companies with an easy, fast and accurate method of documenting a scene and preserving key details  while also letting the process of clean-up and reconstruction begin as quickly as possible. Recently, Dronotec, a start-up company specializing in drone inspection for insurance companies conducted a case study to determine just how much