Choose Site
On October 24, 2017, during a joint meeting of the National Association of Insurance Commissioners (NAIC) Executive (EX) Committee and Plenary, the NAIC officially adopted the Insurance Data Security Model Law (Model Law) to establish standards for data security and the investigation of and notification requirements following a cybersecurity event.
In the wake of several major data breaches over the last several months, new data security and data breach notification bills have been introduced in the US Congress, and others may also be in progress.
On January 23, the Federal Trade Commission (FTC) released “Cross-Device Tracking: An FTC Staff Report,” which explains how cross-device tracking is used to track consumers across multiple devices, sets out the benefits and challenges of tracking, and discusses industry efforts to manage these challenges, as well as outlines recommended best practices with respect to transparency, choice, and security.
On January 3, the Office of Management and Budget (OMB) issued Memorandum M-17-12, which clarifies how federal agencies should prepare for and respond to data security breaches involving personally identifiable information (PII).
On January 3, several US trade associations and internet service providers (ISPs) submitted petitions requesting that the Federal Communications Commission (FCC) reconsider its broadband privacy rules mandating consumer opt-in before using data for marketing purposes.
On March 31, the Federal Communications Commission (FCC), voting 3-2 along party lines, adopted a Notice of Proposed Rulemaking (NPRM) to establish a set of regulatory data security and privacy rules for broadband Internet access service providers (ISPs).
A recent article in CIO magazine highlights the potential security risks posed by using USB thumb drives.