Colorado is poised to become one of the first states to regulate how insurers can use big data and AI-powered predictive models to determine risk for underwriting. The Department of Insurance recently proposed new rules that would require insurance companies to establish strict governing principles on how they deploy algorithms and how they submit to
insurance
SolarWinds and Cyber Liability Insurance – What Businesses Need to Know
The SolarWinds cyber-attack is on everyone’s mind this week, given that most experts believe this cyber-attack will have broad impact across both the public and private sectors. For more details about the SolarWinds attack, please read this. The sheer breadth of this attack led me to reflect on the role of cyber-liability insurance for…
Connecticut Insurance Department Reminds Licensees to Comply with Data Security Law
On July 20, 2020, the Connecticut Insurance Department issued a bulletin to licensees reminding them that the Connecticut Insurance Data Security Law (“Act”) becomes effective on October 1, 2020 and providing guidance on compliance.
The Act requires “all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered…
Connecticut Budget Includes Insurance Data Security Law
For those of you who don’t know, a fun fact is that Robinson+Cole one of the oldest law firms in Connecticut, and among our claims to fame is that we represented Mark Twain and Helen Keller. We are quite proud of our history and our reputation, and rightfully so. We are steeped in Connecticut law,…
Using Drones For Business? Don’t Forget About Insurance
The use of drones use has grown rapidly in recent years, especially in the commercial sector, where the Federal Aviation Administration projects that the number of units in the commercial small drone fleet will exceed 420,000 units by 2021. As businesses continue to incorporate drones into their everyday operations, they also will want to set…
Massachusetts PATCH Act, Requires Additional Protection for Certain Confidential Health Care Information
Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one person is covered by the same medical insurance plan, sensitive health care information can be disclosed through the use of these common forms, sometimes including information on sexual assault, domestic violence, mental health disorders, or sexual and reproductive health. When the EOB or SOP is provided to the named policyholder—rather than the specific beneficiary that the services described therein relate to—the beneficiary’s confidentiality can be compromised.
Continue Reading Massachusetts PATCH Act, Requires Additional Protection for Certain Confidential Health Care Information
New York Department of Financial Services Updates Cybersecurity Guidance: Coverage of Cybersecurity Requirements Addressed in 4 New FAQs
On March 1, 2018, the New York Department of Financial Services (NYDFS) “cybersecurity regulations” (23 NYCRR Part 500) took effect, placing a number of cybersecurity requirements on banks, insurance companies, and other financial services institutions and licensees regulated by the NYDFS (“Covered Entities”).
To aid in compliance with the regulation, the NYDFS recently added new…
New York Financial Services Cybersecurity Regulations Deadline Looming This Week
On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”) must have implemented a cybersecurity program ends. By March 1, the Covered Entities must be in compliance with the following requirements:
23 NYCRR…
New York’s Landmark Cybersecurity Regulation Compliance Deadlines Looming
On February 15, 2018—that is, today—banks, insurance companies and other financial services institutions and licensees regulated by the New York Department of Financial Services (DFS) are required to file their first certification of compliance with DFS’s far reaching cybersecurity regulation (23 NYCRR Part 500) (the “Regulation”).
The Regulation, which became effective on March 1, 2017,…
Sixth Circuit: Substantial Risk of Harm and Mitigation Costs Sufficient to Confer Standing in Data Breach Case
On October 12, 2016, the U.S. Court of Appeals for the Sixth Circuit denied a petition for an en banc rehearing of its September 12 decision in Galaria, et al. v. Nationwide Mutual Insurance Company (Nos. 15-3386/3387). In that decision, a divided Sixth Circuit panel revived a suit against Nationwide arising from the 2012 theft by hackers of personal information of approximately 1.1 million individuals.
In Galaria, the plaintiffs brought claims alleging invasion of privacy, negligence, bailment, and statutory violations of the Fair Credit Reporting Act (FCRA) following the breach. The complaint alleged that the defendant failed to secure the plaintiffs’ data against a breach. A federal district court dismissed those claims, holding in part that the plaintiffs lacked Article III standing because they failed to allege a cognizable injury in fact. To establish standing under Article III of the U.S. Constitution, a plaintiff must suffer an injury in fact, fairly traceable to the defendant’s challenged conduct, that is likely to be redressed by a favorable judicial decision.Continue Reading Sixth Circuit: Substantial Risk of Harm and Mitigation Costs Sufficient to Confer Standing in Data Breach Case