IoT

Diving Into IoT Data? Here Are Some Privacy Considerations

Many insurers contemplate using data from internet-connected devices, including wearables, for a deep dive into wearers’ lifestyles and invaluable insights for automated underwriting. Before diving into the deep end, there are numerous privacy considerations. To ensure your IoT data does not plunge you into trouble: Adjust your data map. Begin by drawing out all the…
Read More
Privacy Legislation

2021 Year-in-Review – U.S. State Privacy Legislation

The COVID-19 pandemic has rapidly accelerated our reliance on digital services and platforms, which brings new challenges and expectations for data privacy. But, to date, there has been little movement towards all-encompassing federal privacy legislation. Therefore, the issue of consumer data privacy has been left to the states to decide.  During 2021, 23 states introduced…
Read More
Data Security

Protecting Data – Considerations for Drafting Security Schedules

With the exponential growth of cyber threats, cloud computing and remote working, contract provisions regarding data security requirements have also expanded in size and frequency. It has become common practice to prepare schedules to detail (and limit) security requirements. Customers and vendors both have a vested interest in clearly identifying expectations and obligations for such…
Read More
Privacy

Senate Hearing on Promoting Competition and Privacy in the Tech Sector: Two Hearings in One?

On December 7, 2021, the Senate Finance Committee’s Subcommittee on Fiscal Responsibility and Economic Growth conducted a hearing on “promoting competition, growth, and privacy protection in the technology sector.” The hearing could have been conducted using a split-screen format, since one group of Senators and witnesses focused on anti-competitive behavior by the tech giants and…
Read More
OCC

What’s the OCC Banking Regulatory Outlook for 2022?

As the year’s end approaches, the US Office of the Comptroller of the Currency (OCC), a primary US banking regulator, has published its Banking Supervision Operating Plan for 2022. As you might expect, much of the OCC’s focus is on managing the repercussions of the pandemic and the resulting economic, financial, operational, and compliance implications. The specific points it…
Read More
SolarWinds

Shareholders Seek to Hold Current and Former SolarWinds Officials Liable for Massive 2020 Security Breach

Investors filed a derivative suit claiming that the company knew about, and failed to mitigate known, existing cybersecurity risks and shortfalls prior to the security breach. In early November, pension funds and individual shareholders filed a lawsuit against SolarWinds Corporation (“SolarWinds”) as well as current and former members of the board directors. The suit comes in the…
Read More
Cyber Insurance

Ransomware Attacks Continue to Cause More Underwriter Scrutiny

Continued widespread cyber attacks have leaders in just about every industry wary and watchful, and insurance underwriters are no exception. Given the increase in claims from recent ransomware attacks, cyber insurers are requiring even more information as part of their underwriting processes. Applications for cyber insurance are already lengthy and require detailed information around specific practices,…
Read More
EDPB

What counts as a “transfer” of data under the EU GDPR? New draft EU Guidelines released

Summary It is well known that the EU GDPR (specifically, Chapter V) restricts transfers of personal data from the EU to a “third country” (i.e. a jurisdiction outside the EEA) or to an international organisation. But what is meant by a “transfer”? And how does this apply where the extra-territorial reach of the EU GDPR…
Read More
ZTA

An Understandable Guide to Zero Trust Architecture (“ZTA”)

While cybersecurity professionals are generally nice people, and I have nothing against them, they have trust issues. Their spouse, friends, and family may not appreciate the lack of trust, but it goes a long way towards protecting the systems entrusted to them. Cybersecurity best practices are to employ a Zero Trust Architecture (“ZTA”) to the…
Read More
NIST

NIST Publishes Draft Security Criteria for Consumer Software

Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its initial draft of this standard in a white paper titled “DRAFT Baseline Criteria for Consumer Software Cybersecurity Labeling” (the White Paper). The…
Read More
Back To Top