Nov 92022

European Commission Publishes Draft Cyber Resilience Act

, , , ,
William RM Long, Subhalakshmi Kumar and Eleanor Oates

On 15 September 2022, the European Commission (“Commission” or “EC”) published a draft proposal for a Cyber Resilience Act (“CRA” ). The CRA comes in response to the increasingly common occurrence of cyberattacks, with some predicting that the global cost of cyberattacks for companies will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. The CRA promises to transform the European cybersecurity landscape by harmonizing and bolstering cybersecurity rules across all technologies with “digital elements.” The Commission is currently inviting public feedback on the CRA through 18 November 2022. The CRA will then pass through the European Parliament for debate and for amendments to be proposed.

(more…)

Read more
Sep 72022

Regulatory Update: NAIC Summer 2022 National Meeting

, , ,
Stephanie H. Dobecki, Ellen M. Dunn, Andrew R. Holland, Michael L. Rosenfield, Chris H. Burusco, Sara N. Africano and Jacob A. Grossman

The National Association of Insurance Commissioners (NAIC) held its Summer 2022 National Meeting (Summer Meeting) August 9–13, 2022. This post summarizes the highlights from this meeting in addition to interim meetings held in lieu of taking place during the Summer Meeting. Highlights include a proposal for a new consumer privacy protections model law, continued discussion of considerations related to private equity ownership of insurers, continued development of accounting principles and investment limitations related to certain types of bonds and structured securities, and initiatives to address climate risks in the insurance sector.

(more…)

Read more
Sep 62022

Big California Privacy News: Legislative and Enforcement Updates

, , , ,
Colleen Theresa Brown, Sheri Porath Rockwell and Amy P. Lally

Privacy never sleeps in California.  In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country.  For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could require significant investments of time and resources.  The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law.  (more…)

Read more
Jun 232022

Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law

, ,
Thomas D. Cunningham and Stephen W. McInerney

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law.  Kentucky Governor Andy Beshear signed House Bill 474 into law, and Maryland Governor Larry Hogan signed SB 207. (more…)

Read more
Jun 222022

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

, , ,
Colleen Theresa Brown, Alan Charles Raul, Sheri Porath Rockwell and Sean Royall

Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023.  The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide a mechanism for consumers to revoke their consent to the processing of their data. (more…)

Read more
Jun 132022

UK Consults on Algorithmic Processing

, , , , , , , ,
Monika Zdzieborska, Ken Daly, Fiona Shajko and Sean Sawyer

Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)

Read more