On January 18, 2019, the New York State Department of Financial Services (NYDFS) issued Circular Letter 2019-1 (the Circular Letter), addressing insurers’ use of external consumer data and information sources in underwriting for life insurance. The Circular Letter follows an investigation commenced by NYDFS regarding life insurers’ use of external data, which was initiated in light of reports that insurers were using algorithms and predictive models that include unconventional sources or types of external data. Among other things, the Circular Letter provides guidance that when insurers use external data sources in connection with underwriting decisions, (1) the use of external data sources must not result in any unlawful discrimination, (2) the underwriting or rating guidelines must be based on sound actuarial principle; and (3) life insurers must have adequate consumer disclosures to notify insureds or potential insureds of the right to receive the specific reasons for any adverse underwriting decision based on such data. (more…)
With the midterm election out of the way, legislators on Capitol Hill and in state capitols are getting ready to consider the future of data privacy regulation in 2019 and consumer and industry groups continue to weigh in on the ongoing debate. The debate has begun to move from principles and frameworks to drafting of legislative language.
The National Association of Insurance Commissioners (NAIC) held its Fall 2018 National Meeting (Fall Meeting) in San Francisco, California, from November 15 to 18, 2018. This post summarizes the highlights from this meeting. (more…)
The U.S. Department of Commerce, Bureau of Industry and Security (BIS) has published an advance notice of proposed rulemaking (ANPRM) initiating a 30-day public comment process regarding export controls for certain emerging technologies. The notice launches the implementation of a key provision of the Export Control Reform Act of 2018 (ECRA), part of the National Defense Authorization Act for fiscal year 2019 (NDAA). In the ECRA, Congress authorized BIS to establish controls on the export, reexport and transfer (in country) of “emerging and foundational technologies.” The ANPRM, including a list of the 14 proposed representative technology categories and subcategories subject to review, can be found here. Our prior updates on the NDAA and ECRA can be found here.
The National Association of Insurance Commissioners (NAIC) held its Summer 2018 National Meeting in Boston, Massachusetts, from August 4 to 7, 2018. This post summarizes the highlights from this meeting. (more…)
Although the prospect of federal legislation on data privacy remains uncertain, states appear to be stepping up the range of their activity on privacy and security. Washington State notably adopted a law on net neutrality and there is the prospect of a ballot initiative in California that would give individuals the right to know which categories of their or their children’s personal data have been collected or traded by businesses. Though Vermont is one of the smallest states, it has been active in privacy regulation and, on May 22, 2018, enacted the first state-level measure aimed at data brokers. (more…)
Whether you are marking today with a glass of champagne, a shot of whiskey, or a hot cup of tea, today marks a significant day for privacy professionals world-wide.
Here’s to all of the privacy professionals who have put in so many hours to prepare for the GDPR, fully effective as of Friday May 25, 2018 at midnight in Brussels; that is 6 PM eastern on Thursday, May 24th for toasting purposes.
For business executives, policymakers, and consumers who have become aware of the GDPR in recent weeks and are interested in learning more, visit our GDPR resource page here.
This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.
As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)
Big Data has been a hot topic of discussion in recent years. This was especially the case in Brussels, where the fiercely debated EU General Data Protection Regulation (GDPR) was adopted in 2016. A major concern for all of us is personal privacy. Less discussed is the use of Big Data for social good.
A traditional sectoral approach to harnessing the potential of Big Data for social good is insufficient. This is the case in terms of organisations from different sectors partnering to develop new technologies. It also means that legislation and policies on Big Data must be forward thinking and facilitate cross-sectoral co-operation. (more…)
In a statement of intent published on 7 August 2017, the UK Government has committed to updating and strengthening data protection laws through a new Data Protection Bill (the “Bill”). The Bill will incorporate the new EU General Data Protection Regulation (the “GDPR”) into UK law.
According to the UK’s Minister of State for Digital, Matt Hancock, the Bill will “give [the UK] one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit.” (more…)