Did you know that geoFence has a modern UI, that is secure and has the improved features that you need?
February 18, 2021
-
Insurance Cybersecurity Certifications: A State Roundup
by: James V. Fazio
and Liisa M. Thomas -
More States Consider Minimum Recycled Content Requirements
by: Packaging Law at Keller and Heckman -
“Consistent with Longstanding Principles of Law and Capitalism”:…
by: Scott E. Waxman -
English High Court Weighs in on MAC Clause in M&A Transaction
by: Sergey Kvitkin -
House Moves Forward on President Biden’s COVID-19 Stimulus Plan
by: Harry Sporidis
and Timothy Perrin -
Metlife Stockholders Demand Futility Claims Dismissed
by: Scott E. Waxman -
Certain Cannabis Workers Are Not Protected by the NLRA
by: Frank T. Mamat
and Alex M. Petrik -
Another Court Rejects Threadbare Allegations of So-Called Vicarious…
by: Michael P. Daly
and Deanna J. Hayes -
Delaware Court of Chancery Finds Oral Agreement to Form a Joint…
by: Scott E. Waxman
and Serena M Hamann -
Lease Dispute Series: Real Estate Taxes
by: Michael C. Thelen -
Executive Office for Immigration Review Update: Motion to Reconsider…
by: Raymond G. Lahoud -
Will COVID-19 Impact Your Eligibility for an Indiana Property Tax…
by: Brent A. Auberry
and Abraham M. Benson -
The Top 7 Benefits of Being a Lawyer
by: Practice Panther Blog -
Old Dawg, New Tricks: Bankruptcy Successor Is Also Inter Partes Re-…
by: Ravi Vohra -
Even After Passage of Proposition 22, California Supreme Court…
by: Kevin R. Vozzo -
Attempts to Appeal Institution Decision Is SIPCOed
by: Jiaxiao Zhang -
New NCDEQ Secretary Just Announced by Governor Cooper
by: Bradford A. De Vore -
Comprehensive State Privacy Laws On the Move, How Should…
by: Joseph J. Lazzarotti -
Health and Personal Information of N.C. Residents Posted Online by…
by: Linn F. Freedman -
Trade Secret Law Evolution – Episode 33: An Overview of Forensic…
by: Jordan D. Grotzinger -
Mass. Court Grants Rent Relief to Restaurant Tenant Shut Down by…
by: Edward M. Bloom -
Patent Extension Requires Board or Court Reversal, Multiple Examiner…
by: Jackie L. Toney -
Recent FTC Settlement Serves as Reminder For Digital Health Developers
by: Liisa M. Thomas
and Julia K. Kadish -
Two Bitcoin ETFs Approved for Sale in Canada
by: Scott H. Kimpel -
New EU Transparency Regulation to Apply from March 27, 2021
by: Packaging Law at Keller and Heckman -
Stick to the Fax: Conflicting Statements Made During Prosecution Lead…
by: Thomas DaMario -
OCR Continues to Enforce Its HIPAA Right of Access Initiative
by: Linn F. Freedman -
What AMCs May Expect in Health Care Policy Priorities from the New…
by: Rebecca M. Schaefer -
Hawaii Proposes Tax on Sugar-Sweetened Beverages
by: Food and Drug Law at Keller and Heckman -
Virginia Might Be the Next State to Enact a Privacy Law
by: Deborah A. George -
Stick to the Fax: Conflicting Statements Made During Prosecution Lead…
by: Thomas DaMario -
Beneficial Ownership Reporting Requirements Under the Corporate…
by: Gary J. Kocher
and Mary Burke Baker -
Top 5 Employee Benefit Plan Opportunities for Employers to Consider…
by: Adam B. Cantor -
Regulators to Review Market Design and Reliability Following 2021…
by: Catherine P. McCarthy
and Michael W. Brooks -
Report on FINRA’s 2021 Examination and Risk Monitoring Program
by: William B. Mack
and Richard M. Cutshall -
What is M-E-A-T?
by: L. Christine Lawson -
Privacy Tip #272 – To Get Up to Speed on Facial Recognition…
by: Linn F. Freedman -
2G or Not 2G: Patent License Applies to Future Generation Wireless…
by: Thomas DaMario -
IMS Insights Podcast: Episode 21 – The Post-COVID (Remote) Courtroom…
by: Teresa Barber
and Jeff Dahm -
TCPA Regulatory Update — Compliance Dates Established for Reassigned…
by: Russell H. Fox
and Elana R. Safner -
“New” Guidance from Acting Attorney General on Prosecutorial…
by: Lindsey Olson Collins -
A Closed Book: No Past Infringement, No Reading Between the Lines…
by: Jodi Benassi -
11th Circuit Says Standing in Data Breach Case Requires Actual Harm
by: Kathryn M. Rattigan -
How Isolation and COVID Make Seniors More Vulnerable to Fraud and…
by: Shana Siegel -
Reimagining Jury Research: The Versatility of Online Community…
by: Clint Townson, Ph.D. -
Circuit Split Deepens as Eleventh Circuit Rejects “Risk of Identity…
by: Melissa D DiGrande -
TCPA Regulatory Update — Industry Shows Support for FCC Hospital…
by: Russell H. Fox
and Elana R. Safner -
Restaurant Workers Qualify for Vaccines in Some States; May Qualify…
by: Rachel E. Ehlers
and Felice B. Ekelman -
Advertising in the Time of Coronavirus
by: Arthur Artinian
and Georgina Rigg -
Where to Open Shop: New Report Ranks the Best Places to Do Business…
by: Nonnie L. Shivers -
Why Tomorrow Is An Important Day For The California Legislature
by: Keith Paul Bishop -
TCPA Litigation Update — The TCPA’s Constitutionality After Barr v….
by: Joshua Briones
and Matthew Novian -
City of Oldsmar, Florida Narrowly avoids ‘Hot Water’ in…
by: Cameron Abbott
and Rob Pulham -
“PFAS Blueprint” In MN May Be Blueprint For Other States
by: John Gardella -
Minnesota Employer’s Handbook Disclaimer Fails on PTO Policy Under…
by: Bruce J. Douglas -
Industrial Comes Roaring Back to Record High Optimism
by: Dana P. Palmer -
Business Judgement Rule in Polish Commercial Companies Code –…
by: Marcin S. Wnukowski -
Whistleblower Attorney Challenges SEC Final Rule Changing Its…
by: Lloyd B Chinn
and Pinchos (Pinny) Goldberg -
Oakland Approves COVID-19–Related ‘Hazard Pay’ Ordinance Requiring…
by: Charles L. Thompson, IV -
HSR and Section 8 Jurisdictional Thresholds Decrease Two Percent for…
by: Brian K. McCalmon
and Gregory G. Wrobel -
Michigan-Based Insurance Licensees Now Subject to New Data Security…
by: John J. Rolecki
and Charumati Ganesh
February 17, 2021
-
SEC Staff Issues No-Action Relief for Custody of Certain Loan…
by: Ryan F. Helmrich
and Nathan M. Iacovino -
Do All Class Members Have Standing For Mere Statutory Violations? The…
by: Rucha Desai -
JUST OUT-Seventh Circuit Declines Thornley Rehearing, Affirming…
by: Christina Lamoureux -
An Alternative Approach to an ERISA Litigation Conundrum
by: Michael H. Woolever -
New Rules Prohibiting the Government’s Use of Certain ‘Guidance…
by: Carolyn Fitzhugh McNiven
and Mark L. Mattioli -
BREAKING: President Biden Nominates Former Deputy General Counsel…
by: Mark Theodore
and Joshua S. Fox -
Evaluating Foreign Investment in RCEP Member States From a Dispute…
by: Raja Bose
and Robert L. Houston -
Pennsylvania Governor Vetoes Bill Extending Reach of Business…
by: Jolena Jeffrey -
Recent Developments on U.S. Ban on American Investment in Chinese…
by: Jeffrey G. Richardson
and Zhiguo Du -
Washington Department of Ecology Preparing New Rule to Assess…
by: Ankur K. Tohan
and Molly K. Barker -
Mexico’s National Hydrocarbons Commission Agreement on Hydrocarbon…
by: Erick Hernández Gallego -
National Academies Committee Recommends EPA Improve Its Use of…
by: Lynn L. Bergeson
and Carla N. Hutton -
COVID-19: EEOC Withdraws Proposed Rules on Employer Wellness…
by: Scott G. Kobil
and Erinn L. Rigney -
A Pair of Federal Courts Find No Vicarious Liability Under the TCPA
by: Dwayne D. Sam -
Portfolio Company Insolvency: Risk Mitigation Strategies for Fund…
by: Jonathan M. Weiss
and Alexandra V Bargoot -
The Antecedent Delegation Agreement: “Russian Doll Questions”…
by: Gilbert A. Samberg -
Virginia Passes Consumer Privacy Law; Other States May Follow
by: Jason C. Gavejian
and Joseph J. Lazzarotti -
Broad New Data Privacy Legislation Supported by Florida Governor and…
by: Hayden R. Dempsey
and Kate Black -
The DOL’s New Missing Participant Guidance: Tips for Applying it…
by: Belinda S. Morgan
and Arthur T. Phillips -
Weekly IRS Roundup February 8 – February 12, 2021
by: McDermott Will & Emery -
Getting Back to Basics: Intermittent FMLA Leave
by: Delaney M. Busch -
M&A Pre-Flight Check: Avoiding Common Issues in Aerospace &…
by: Zachary M. Turke
and Rambod Peykar -
Disruptionware V: Malicious Cyber Actors Attack a Florida Water…
by: Jason G. Weiss -
NO ESCAPE: ViSalus Can’t Shake Loose of $925MM TCPA Judgment In Bid…
by: Eric J. Troutman -
Employment Law This Week: OSHA’s Updated COVID-19 Guidance, CDC’s New…
by: George Carroll Whipple, III -
Copy Cats II: Nexus of Copying Required to Substantiate Non-…
by: Kenneth E. Jenkins, PhD
and Jeffery C. Giering, PhD -
COBRA Subsidies for Involuntary Termination or Reduction in Hours –…
by: Paul M Hamburger
and Annie (Chenxiaoyang) Zhang -
United States-Canada COVID-19 Travel Restrictions
by: Alexandra LaCombe -
BIPA Litigation Against Manufacturers and Vendors of Biometric…
by: Christina Lamoureux
and Kristin L. Bryan -
Serving on Your Community Association’s ARC, ACC, or ARB? Take Note…
by: Allen N. Trask, III
and Amy H. Wooten -
U.S. Users Targeted with Phishing Scams More than Users in Other…
by: Linn F. Freedman -
New General Counsel for Labor Board May Change Fate of ‘Scabby the…
by: Jonathan J. Spitz
and Richard F. Vitarelli -
Helping the Show Go On: Shuttered Venue Operators Grants
by: Curtis R. Hearn
and Joshua A. DeCuir -
Acting NLRB General Counsel Rescinds 10 Trump-Era Guidance Memos
by: Frank T. Mamat
and Alex M. Petrik -
Understanding the Enforce and Protect Act — and Preparing for Its…
by: Matthew R. Kinsman
and Randy Rucker -
It’s Here: How Law Firms Must Prepare for the Rise of “New Law”
by: Scott Brennan -
EDPS Publishes Opinion on Digital Services Act and Digital Markets Act
by: Hunton Andrews Kurth’s Privacy and Cybersecurity -
Southern District of New York Reaffirms That Seven-Year Window for…
by: Jason D. Wyman -
Update on Forced Labor for Imported Products
by: Jordan W. Cowman
and Laura Siegel Rabinowitz -
FDA Responds to Questions About Heavy Metals in Baby Food
by: Food and Drug Law at Keller and Heckman -
Best Interest Standard of Care for Advisors #39
by: Fred Reish -
Social Bonds Are All The Rage: How to Credibly Attain The Coveted…
by: Melissa R. Santiago
and Marc T. Kamer -
Stumbling Through Securities Law Challenges for COVID-19 Vaccine…
by: Mee (Rina) Kim -
EU Expected to Permit Data Flow to UK With Forthcoming Adequacy…
by: Kristin L. Bryan -
Are the Rules Changing for Employer Dress Codes and Union Insignia?
by: Grant T. Pecor -
COVID-19: Are Your Workplace Safety Compliance Policies Medium-Rare…
by: David C. Rybicki
and Barry M. Hartman -
Massachusetts House Bill No. 5250: Revisions to Massachusetts Zoning
by: Andrew E. Bensson -
Driving the Deal Podcast Episode 8: Healthcare Private Equity…
by: Kristian A. Werling -
FTC Settles Facial Recognition Data Misuse Allegations with App…
by: Sheila A. Millar
and Tracy P. Marshall -
COVID-19: US State Policy Report – February 13-16, 2021
by: Jacqueline Orfield -
How Should These Form 10-K Items Be Captioned?
by: Keith Paul Bishop -
Recent Federal Developments: February 2021
by: TCSA Blog at Bergeson Campbell -
No “Finite Fellows” in the Bargaining Unit – the Board Weighs in on…
by: Mark Theodore
and Joshua S. Fox -
Colgate-Palmolive Not Rebranding China’s Darlie/Black Person’s…
by: Aaron Wininger -
Brexit Updated: EU Set to Publish UK Adequacy Decision
by: Anna Ciesielska -
Legal Pitfalls and Precautions When Returning to In-Person Events in…
by: Norma W. Zeitler -
Biden Administration Rapidly Advances Climate Change Agenda
by: Brook J. Detterman
and Jessalee L. Landfried -
PFAS Water Utility Lawsuit Shows An Increasing Trend
by: John Gardella -
EAT refuses to swallow stale discrimination training – keeping up the…
by: David Whincup -
Democrats May Invoke Congressional Review Act to Reverse Recent EPA…
by: Ashley E. Parr
and Fredric P. Andes
Thursday, February 18, 2021
Under new rules put forth by the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law and adopted by the Michigan legislature in 2018, Michigan-based insurance licensees are now subject to additional requirements relating to data security as of Jan. 20, 2021. The new rules are codified as chapter 5A of the Insurance Code (the “Act”) and focus on regulating “licensees,” which are defined as “any licensed insurer or producer required by DIFS to hold a certificate of authority, such as life & health, property & casualty, surplus lines, fraternal, and title insurers.”
The portions of the Act that became effective on January 20 include terms requiring licensees:
- with 25 or more employees to develop, implement, and maintain a comprehensive written information security program (WISP) that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensee’s information system, in addition a written incident response plan; and
- to contractually bind their third-party service providers to implement appropriate measures to protect and secure the information systems and nonpublic information they can access or hold.
Notably, many of these requirements are similar to those of the federal Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule, which also imposes data privacy-related obligations on “financial institutions,” including insurance agencies.
Unlike the GLBA, however, the Act also contains specific data breach notification requirements. Although Michigan’s general data breach notification law expressly exempts entities subject to or regulated by the Michigan Insurance Code, under the Act’s recently effective terms licensees of any size – even those having fewer than 25 employees – must notify the director of the Department of Insurance and Financial Services (DIFS) within 10 days after a determination of a cybersecurity event is made. In its notification to DIFS, the licensee must include a copy of its privacy policy, a summary of the event, and a statement regarding whether the event resulted from a lapse in its controls and procedures.
If the event is likely to cause substantial loss or injury, or result in identity theft, to one or more Michigan residents, the licensee must provide notice to each resident whose personal information was accessed without authorization. Non-Michigan licensees are only required to notify DIFS of a security breach if 250 Michigan residents are impacted; for Michigan licensees, there is no such threshold.
What this means for you:
- If you are a licensee with 25 or more employees, you are required to have a WISP in place.
- If you are a licensee with 25 or more employees, you are required to have contractual terms in place that require third-party service providers to implement security measures to protect the data that you share with them.
- If you are a licensee of any size and you experience a data breach of any size, you must provide DIFS with a detailed notification, including whether your controls and procedures contributed to the security event.
© 2020 Varnum LLPNational Law Review, Volume XI, Number 49
John represents clients in various types of complex commercial litigation and provides counsel on matters including regulatory compliance, licensing and insurance coverage. He has successfully represented clients in a range of litigation including contractual and supply chain disputes, unfair competition, creditors’ rights, securities disputes and administrative actions. John’s background in complex matters includes bringing cases to summary judgment, trial and courts of appeal in state and federal courts throughout the country.
Practice Areas
- Insurance
- …
Charu holds a CIPP/US certification and focuses her legal practice on Data Privacy and Cybersecurity. Charu represents clients in a number of industries, including autonomous and connected vehicles and the consumer data marketplace. Charu is able to skillfully navigate the intricacies of the rapidly-evolving data privacy and cybersecurity regulatory landscape and help her clients develop policies and procedures that comply with both international and domestic privacy laws.
Charu has represented clients in the insurance, manufacturing and agricultural industries through regulatory…
To sum up, as we move on to the next post, may I add that geoFence blocks unwanted traffic and disables remote access from FSAs and that’s the no lie!
