As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.
Continue Reading Hunton Insurance Head Comments on Hotel Data Breach Coverage Dispute

Effective September 21, 2018, Section 301 of the Economic Growth, Regulatory Relief, and Consumer Protection Act requires consumer reporting agencies to provide free credit freezes and year-long fraud alerts to consumers throughout the country.
Continue Reading New Federal Credit Freeze Law Eliminates Fees, Provides for Year-Long Fraud Alerts

On June 25, 2018, the New York Department of Financial Services issued a final regulation requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity Regulation.
Continue Reading NYDFS Cybersecurity Regulation to Apply to Consumer Reporting Agencies

On July 1, 2018, HB 183, which amends Virginia’s breach notification law, will come into effect. The amended law will require income tax return preparers who prepare individual Virginia income tax returns to notify the state’s Department of Taxation if they discover or are notified of a breach of “return information.”
Continue Reading Virginia Amends Breach Notification Law Applicable to Income Tax Information

On March 20, 2018, the Financial Stability Board delivered a note to finance ministers and central bank governors from the world’s top 20 economic powers, known as the G-20. The note provides a progress update on the FSB’s work to develop a common vocabulary of cyber terms.
Continue Reading Financial Stability Board to Develop International Cybersecurity Lexicon

On February 27, 2018, the FTC announced an agreement with PayPal, Inc., to settle charges that its Venmo peer-to-peer payment service misled consumers regarding privacy and the extent to which consumers’ financial accounts were secured. This signals a renewed focus by the FTC on violations of the Gramm-Leach-Bliley Act’s Privacy and Safeguards Rules.
Continue Reading FTC Announces Settlement for Venmo’s Alleged Violations of the GLBA’s Privacy and Safeguards Rules

On January 22, 2018, the New York Department of Financial Services issued a press release reminding entities covered by its cybersecurity regulation that the first certification of compliance with the regulation is due on or prior to February 15, 2018.
Continue Reading NY Department of Financial Services Issues Reminder for Cybersecurity Filing Deadline

On November 8, 2017, the FTC announced a settlement with Georgia-based online tax preparation service, TaxSlayer, LLC, regarding allegations that the company violated federal rules on financial privacy and data security. The FTC charged TaxSlayer with violating the Gramm-Leach-Bliley Act’s Safeguards Rule and Privacy Rule.
Continue Reading FTC Announces Settlement with Tax Prep Service over Financial Privacy and Security Violations

On August 7, 2017, the Securities and Exchange Commission Office of Compliance Inspections and Examinations issued a Risk Alert examining the cybersecurity policies and procedures of 75 broker-dealers, investment advisers and investment companies.
Continue Reading SEC Risk Alert Highlights Cybersecurity Improvements and Suggested Best Practices