Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

The Final Rule: DOL Proposes to Extend Transition Period until July 1, 2019, and Issues Additional Non-Enforcement Policy for Arbitration Limitations

By a notice published in the Federal Register on August 31, 2017, the Department of Labor proposed to extend from January 1, 2018, until July 1, 2019, the date for compliance with the full conditions in its new “investment advice” fiduciary definition and related exemptions, which became generally applicable on June 9. Learn more.
Continue Reading

NAIC Report: 2017 Summer National Meeting

The National Association of Insurance Commissioners (NAIC) met in Philadelphia, Pennsylvania for the 2017 Summer National Meeting from August 5-9. Commissioners, staff and interested parties alike converged in Philadelphia hoping for a busy and productive meeting ahead of what is expected to be a sparsely attended Fall National Meeting in Honolulu, Hawaii. The National Meetings were again dominated by themes of technological and operational change, with many meetings focused on keeping up with the rapid evolution occurring across the industry. Learn...
Continue Reading

An Emerging Patchwork Of Cybersecurity Rules

With the recent adoption of cybersecurity regulations governing broker-dealers and investment advisers registered in Colorado and Vermont, the landscape of cybersecurity regulation continues to evolve in significant ways. For those businesses not yet covered by cyber regulations, these latest moves indicate that the day of reckoning may be coming, with both federal and state regulators actively expanding their reach. Learn more.
Continue Reading

Legislation Could Aid Highly Automated Vehicle Development

In their article for Property Casualty360, Eversheds Sutherland (US) attorneys Michael Nelson, Trevor Satnick and Tony Ficarrotta discuss the Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution (SELF DRIVE) Act, and three key proposals within it that should help facilitate the development and adoption of highly automated vehicles. Learn more.
Continue Reading

Stand Up, Sit Down, Stand Up: Ninth Circuit Revives Spokeo No-injury Suit

In a decision surely welcomed by the plaintiffs’ bar, the US Court of Appeals for the Ninth Circuit held, on August 15, 2017, that a putative class action plaintiff has Article III standing as long as the plaintiff alleges just slightly more than a mere statutory violation. The case, Robins v. Spokeo, was on remand from the United States Supreme Court following that Court’s well-known May 2016 Spokeo v. Robins decision, which held that allegations of a statutory violation of the Fair Credit Reporting Act (FCRA), without more, did not confer standing. Learn...
Continue Reading

Is the Shipping Industry on Cybersecurity Autopilot?

In his article for The Maritime Executive, Eversheds Sutherland (US) Partner Michael Bahar provides insight on the cyber risks associated with the possibility of automated ships and what the US House Intelligence Committee and the US Coast Guard are doing to mitigate these risks. Ultimately, for the maritime industry and for those industries reliant on the maritime industry, Michael says the time is now to generate and implement a sound cyber strategy, especially with the move to greater connectivity and greater automation. Learn...
Continue Reading

NAIC Takes Major Step Toward Final Approval of Insurance Data Security Model Law

In a flurry of approvals last week, the National Association of Insurance Commissioners (NAIC) took substantial steps toward finalizing its proposed Insurance Data Security Model Law during the 2017 NAIC Summer National Meeting in Philadelphia. The Model Law establishes minimum cybersecurity standards consistent with New York’s cybersecurity regulation. The approval of the Model Law by key NAIC bodies is further indication of the increasing consensus among federal and state agencies regarding the core cybersecurity practices that businesses across sectors will be expected to meet. Learn...
Continue Reading

Toward a Culture of Continuous Cybersecurity

The SEC’s Office of Compliance Inspections and Examinations (OCIE) just issued a “Risk Alert” containing the results of its Cybersecurity 2 Initiative. In their article for Law360, which analyzes the OCIE Alert, Eversheds Sutherland (US) Partners Michael Bahar and Brian Rubin write that the SEC supports the notion that effective cybersecurity is not a matter of one-and-done, but rather a senior-management led cultural shift towards a holistic, proactive, risk-based and well-practiced cyber strategy. Learn...
Continue Reading

What European Financial Institutions need to know about New York’s Cybersecurity Regulations

From 28 August 2017, banks, insurers, and other financial institutions operating in New York will be required to comply with the New York Department of Financial Services (“NYDFS”) Cybersecurity Requirements for Financial Services Companies (the “Regulations”). Finalized on March 1, 2017, firms had 180 days from the effective date to comply with the core requirements of the Regulations, while being allowed additional time to comply with others. Learn...
Continue Reading

The FTC is Watching When Your Children’s Toys are Listening

In his article published by The Hill, Eversheds Sutherland (US) Partner Michael Bahar provides insight on the recent Federal Trade Commission (FTC) update to its Children’s Online Privacy Protection Act (COPPA) compliance plan. The update is the latest in a series of regulatory moves to bring attention to the serious cybersecurity and data privacy issues latent in the ever-expanding internet of things and the ever-smartening supply chain. Whether a company manufacturers smart toys or not, Michael discusses that the one key takeaway from the FTC’s latest COPPA guidance is that new...
Continue Reading

The Future of Cyber Coverage Leans to Standardization

In this interview with A.M BestTV, Eversheds Sutherland (US) Partner Michael Bahar discusses cybersecurity issues and how organizations can prepare for potential cyberattacks. Learn more.
Continue Reading

NYDFS Makes Inquiry into Life Insurers’ Use of Algorithmic Underwriting

On June 29, 2017, the New York Department of Financial Services (NYDFS) issued an information request pursuant to Section 308 of the New York Insurance Law addressed to all life insurers and fraternal benefit societies authorized to write life insurance in New York (the 308 Request) requesting information about how they use “external consumer data” and algorithms in their underwriting processes. Under Section 308, NYDFS has broad authority to make inquiries to any licensed insurer in relation to its “transactions or condition or any matter connected therewith.” Learn...
Continue Reading

UK Data Regulator Reveals Sweeping International Strategy

The UK is committed to promoting itself as a global data protection gateway, with high standards of data protection law and practice, according to the UK Information Commissioner’s Office’s (ICO) newly released international strategy for effectively protecting the public’s personal information over the next four years. Learn more. 
Continue Reading

The Regulatory Bellwether: Forecasting Cyber Breach Litigation

While the prospects of cybersecurity litigation loom ever larger, there are tangible ways that may very well decrease the unease and mitigate the risk—if you know where to look. Learn more.
Continue Reading