Data Privacy Archives

Aon SVP Belfiore on Corporate Cyber Risk

November 1st, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Business Interruption, Cybersecurity, Data Breach, Data Privacy, Directors & Officers|

Cyber Risk of Paramount Concern to Corporate Boards Lack of History Remains a Challenge "Cyber security is the most polarizing issue on the corporate board agenda these days," says Anthony Belfiore, SVP and Chief Information Security Officer at Aon. "It has the most potential impact and the most regulatory pressure among all risks companies face. Nothing is more top of mind right now." "You just have to look at the amount of media coverage and the actual realized impacts companies are experiencing. Hundreds of thousands of businesses from big to small are being affected. The entire healthcare system in the UK went down. The impact is tangible. It’s affecting day-to-day operations," he says. “And no one is immune. Board members come from a diverse set of industries, and all are impacted." Why is cyber risk such a hot button for companies versus other types of risks? "The risk has become more urgent as it has shifted to actual business interruption," Belfiore says. "Historically companies were concerned with data leakage and loss, or regulatory fines, but now the actual operation itself can come to a halt. When a company goes down for three days that hits the media. Analysts notice. You can trace a specific event to a drop in stock values." Aren't fines still a concern? "Yes. We are operating in [...]

Protecting Intangible Assets: Risk Transfer Market Yet to Catch Up

October 12th, 2018|Categories: HB Risk Notes, Insurance, Intellectual Property, Technology Law|Tags: Cybersecurity, Data Analytics, Data Breach, Data Privacy|

Intrinsically Intangible. by Giles Harlow, Senior Vice President, Aon (Bermuda) Ltd. In the early 1980's, tangible assets made up around 80% of the value of the S&P 500. Fast forward to today and nearly 85% of the value of the S&P 500 is attributable to intangible assets. However, the risk transfer market has not caught up. According to the Aon/Ponemon report of last year, whilst around 60% of tangible assets (property, plant and equipment) are currently being insured, only 12% of informational assets are. So what gives? If the vast majority of companies' values in 2018 are attributable to intangibles, why are they not transferring those risks? Is it a lack of education on the client side? A lack of innovation in the brokerage community? A lack of understanding or willingness to accept these new risks on the carrier end? Or is it that whilst the marine and property markets have had centuries to evolve, the newer intangible insurance markets are just gearing up to size as they collate the data they need to properly price and model these risks? Likely, it is some combination of all of these factors. We have seen great strides in the cyber market, with double-digit premium growth over the last four-to-five years. The market has evolved from being focused on large data holders, to providing [...]

Financial Services Cyber Risk Information Sharing

September 26th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Claims Recovery, Risk Management|

Why We Need to be More Like Apes, Less Like Seagulls By Tom Hagy Featuring Craigg Ballance, Director of Canadian Member Services, FS-ISAC Even before we can walk we are encouraged to share. We’re told to share our things even when we barely have any. Even some wild animals share food and resources – even when those resources are scarce. Some creatures are better at it than others, of course. Apes and lions? Absolutely. Seagulls? All you have to do next time you’re on the beach is toss what’s left of your ham sandwich into the air and see how generous gulls are. People fall into sharing -- and not-fond-of-sharing -- groups, too. Sharing is particularly critical in the financial sector where, while privacy and security regulations command a tight lid on data, global financial institutions are successfully sharing data about cyber risk, says Craigg Ballance, Director of Canadian Member Services for FS-ISAC in Toronto. But, he says, sharing has to take place across a broad landscape. “Information analysis sharing has to cut across the various subsets of the financial sector,” says Ballance. “While banks share local data, they are trying more and more to share globally, but,” he says, “banks need to share with other institutions, like insurers, investment funds, pension funds, and other types of financial institutions, for this [...]

Oracle Health Sciences on Pharmacovigilance and Artificial Intelligence

August 22nd, 2018|Categories: Complex Business Litigation, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Artificial Intelligence (AI), Biotechnology, Data Analytics, Data Privacy, Life Sciences|

"The potential to use artificial intelligence methods increasingly for the analysis of the increasing amounts of pharmacovigilance data is well understood and many companies are moving (or planning to move) there, and we can predict that routine tasks in pharmacovigilance will in the future be increasingly automated. It will be crucial, however, for regulatory authorities to very clearly provide a position about the use of AI as well as the acceptable level of quality from AI applications. But in parallel with the shaping of those definitions, given the massive increase in their AE case workloads that most companies are currently experiencing, the industry will out of necessity proceed swiftly with the adoption of AI and cloud technologies to reduce their costs and increase their efficiencies. "Like other industries, the pharmaceutical business and in particular the pharmacovigilance field will see a massive change in their processes in the near future, away from tedious, repetitive manual tasks towards a better utilization of scarce resources, in particular medical and scientific knowledge, for value-adding tasks. It is imperative for all stakeholders – industry, service providers and regulators – to provide an environment in which such a transformation can take place without ever compromising public health or the safety of the individual patient, and ideally providing additional benefit for patients." A quote from Addressing the Data [...]

Francoise Gilbert on Colorado’s New Privacy Law: Are You Ready?

August 1st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Cybersecurity, Data Breach, Data Privacy, Privacy|

Effective Sept. 1, 2018, Colorado will require all entities that process or store certain personal information of Colorado residents, regardless of whether the entity is located within or outside of Colorado, to have formal data security and data disposal programs. This is the result of the adoption of Bill 18-1128 “Concerning Strengthening Provisions for Consumer Data Privacy,” signed into law at the end of May 2018, to amend and supplement existing law .... Previously, the definition of “personal identifying information” under the Colorado law was limited to a resident’s first name or initial and last name in combination with the individual’s Social Security, driver’s license, or identification card number, or a credit or debit card or bank account number, combined with a password or access code. The new definition includes additional forms of identification, such as student, military, passport, and health insurance identification number, as well as other types of information, such as medical information or biometric data. It also includes username or e-email address in combination with a password or security question answers that would permit access to an online account .... Organizations that collect personal identifying information of Colorado residents and that do not yet have the written programs necessary to formalize their data protection practices urgently need to focus on compliance. -- Francoise Gilbert, Greenberg Traurig Francoise Gilbert, a partner [...]

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Companies, Risk Management|

Explore how cybersecurity breaches impact insurance, risk management, and data privacy with evolving legal and compliance challenges. [one-third-first] DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: • A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. • The opportunity to connect directly with speakers during the audience Q&A session. • At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law [/one-third-first] [two-thirds] Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the [...]

Willis Towers Watson: Cyber Risk Top D&O Concern

July 22nd, 2018|Categories: Corporate Compliance, HB Risk Notes, Insurance|Tags: Cybersecurity, Data Breach, Data Privacy, Directors & Officers, Insurance Companies|

Based on their survey, Willis Towers Watson says cyber risk continues to top the list of concerns for directors and officers (right up there with employee claims). As for coverage, while they care about price, things like their relationship with the carriers and how well they handle claims are critical elements. And, maybe one key reason cyber events keep happening: "Only 13% of board members feel that their organizations learn from past cyber mistakes." Read the results of the Willis Towers Watson survey.

RSA’s Zulfikar Ramzan on Blockchain

July 21st, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Crypto, Cybersecurity, Data Privacy, Information Technology Law|

Is blockchain as impenetrable as people think? Or as necessary? It's not predicated on the same type of cryptographic security that we've seen historically, but if someone has enough money and enough motivation -- like a nation state -- couldn't they severely compromise a system? Is blockchain the only way transactional protections can become so secure, or could traditional technologies be employed and with less effort? RSA Security's Chief Technology Officer Zulfikar Ramzan, Ph.D., spoke at our Cyber Sector Risk: Blockchain Security in April 2018 in New York. Hear what he had to say about this much-heralded technology. Related content https://litigationconferences.com/www-litigationconferences-comprivacysecurity-forum-2018-2/ https://litigationconferences.com/international-cyber-risk-management-conference/ https://litigationconferences.com/video-the-urgency-of-cyber-threats-to-u-s-and-global-critical-infrastructures/

BitSight Releases eBook on Use of A.I. & Big Data in Continuous Cyber Risk Monitoring

July 18th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Cybersecurity, Data Breach, Data Privacy, Risk Management|

"With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. "With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly." Read more. We're looking forward to seeing the BitSight team in Bermuda Dec. 6-7, 2018, at the International Cyber Risk Management Conference.

California Enacts the ‘First Truly Sweeping Privacy Regime’ in Record Time

July 5th, 2018|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Corporate & Securities, Data Privacy, Privacy, Regulations|

The California legislature -- apparently not wanting to be pegged as just another slow-moving governing body -- took the California Consumer Privacy Act of 2018 from proposal to passage to signing in one week. Critics weren't sitting on their hands either. "Businesses Blast California’s New Data-Privacy Law," read one headline in the Wall Street Journal. For consumers, Californians anyway, the good news is that they can refuse to allow companies to sell their personal data. But, the WSJ reported, business across the country say the law will cause "far-reaching damage to everything from retailers’ customer-loyalty programs to data gathering by Silicon Valley tech giants." Law firms are cranking out their advisories and analyses. Sullivan & Cromwell says the CCPA establishes a new privacy framework for covered businesses by: "Creating an expanded definition of personal information for purposes of the Act; "Creating new data privacy rights for California consumers, including rights to know, access, have deleted and opt out of the sale of their personal information; "Imposing special rules for the collection of consumer data from minors; and "Creating a new and potentially severe statutory damages framework for violations of the Act and for businesses that fail to implement reasonable security procedures and practices to prevent data breaches." The firm also offered a quick comparison between the CCPA and the GDPR. "At a [...]

Insurance Coverage and GDPR: What’s Your Financial Exposure? –Linda Kornfeld, Blank Rome

May 28th, 2018|Categories: Corporate Compliance, HB Risk Notes, Insurance|Tags: Compliance, Cybersecurity, Data Privacy, Insurance Claims Recovery, Insurance Companies|

In her recent article -- GDPR Is Finally Here: It’s Time to Make Sure Your Current Cyber Policy Will Protect against New Financial Exposures -- Blank Rome insurance coverage partner Linda Kornfeld wrote: Companies can face large financial exposure for GDPR “fines or penalties.” Are they covered under currently worded cyber policies? The answer is, maybe not if your policy, e.g., covers regulatory proceedings addressing only failures to protect private information, as opposed to GDPR proceedings that may address broader noncompliant data collection and use practices. Additionally, coverage for GDPR fines or penalties may be more restricted under the laws of many European countries than the laws of certain states in the United States. Your insurer may agree to choice of law language in your policy that will increase the chances of coverage. On behalf of all of us at HB -- Congratulations to Linda on her move to Blank Rome! Now Vice Chair of the firm's Insurance Recovery Practice Group, Linda is one of the nation’s most prominent insurance recovery attorneys, representing corporate policyholders in high-stakes litigation for more than 25 years. Using strategic, creative approaches in her trial and appellate practice, Linda assists her clients in the recovery of hundreds of millions of dollars in insurance assets. She is a strategic adviser to senior executives and in-house counsel on mitigating risk [...]