CAPTIVE INSURANCE COMPANY REPORTS
|
|
- Daniella Glenn
- 5 years ago
- Views:
Transcription
1 CAPTIVE INSURANCE COMPANY REPORTS New York Adopts Cyber-Security Requirements P. Bruce Wright, Saren Goldner, Daren Moreira Eversheds Sutherland LLP April 2017 Editor s Note: This article by P. Bruce Wright, Saren Goldner, and Daren Moreira of Eversheds Sutherland (US) LLP is the latest on the tough (to comply with) new rules on cyber-security for all New York financial services companies. If you have been awaiting it, you re in luck. If you haven t been paying attention, you had best read on. On February 16, 2017, the New York Department of Financial Services (DFS) released a final rule that establishes cyber-security requirements for financial services companies (including insurance companies) regulated by DFS (the Final Rule ). Absent an applicable exemption, the Final Rule would apply to captive insurance companies, risk retention groups (RRGs), and captive managers that are licensed in New York (or that should be so licensed). However, in response to a number of public comments, DFS revised earlier drafts of the Final Rule to provide several exemptions that may be available to captives, RRGs, and captive managers that are licensed in New York (or that should be so licensed). Whether any of these exemptions is applicable is a question that each entity (and its affiliated group) must consider carefully. The Final Rule applies to covered entities (broadly defined as any person or entity operating under or required to operate under a license or similar authorization under the New York Banking Law, Insurance Law, or Financial Services Law). The Final Rule s most significant requirements include the following mandates that all covered entities must adhere to. Maintain a cyber-security program that meets detailed requirements (including requirements for regular penetration testing and vulnerability assessments, audit trails, access privileges, cybersecurity training, multifactor authentication, and encryption of nonpublic information (as defined below)). Implement and maintain a cyber-security policy setting forth policies and procedures 1
2 for the protection of the covered entity s information systems 1 and nonpublic information stored on those systems. Designate a qualified individual to oversee and implement the cyber-security program and the cyber-security policy (the chief information security officer or CISO ), and utilize qualified cybersecurity personnel (although these requirements may be outsourced to an affiliate (defined broadly to include any person that controls, is controlled by, or is under common control with the captive) or a third-party service provider, 2 subject to certain restrictions). Conduct annual reporting on the covered entity s cyber-security program and material cyber-risks to the board of directors (or a designated senior officer 3 if the covered entity does not have a board of directors). Conduct periodic risk assessments of the covered entity s information systems. Implement written policies and procedures designed to ensure the security of information systems and nonpublic 1 Information system is defined as a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial/ process controls systems, telephone switching and private branch exchange systems, and environmental control systems. 2 Third-party service provider is defined as any person or entity that (i) is not an affiliate of the covered entity, (ii) provides services to the covered entity, and (iii) maintains, processes or otherwise is permitted access to nonpublic information through its provision of services to the covered entity. 3 Senior officer is defined as the senior individual or individuals (acting collectively or as a committee) responsible for the management, operations, security, information systems, compliance and/or risk of a covered entity, including a branch or agency of a foreign banking organization subject to [the Final Rule]. information that are accessible to, or held by, third-party service providers. Establish a cyber-security incident response plan that meets detailed requirements. Notify DFS as promptly as possible but in any event within 72 hours from a determination that a cyber-security event 4 has occurred (i) for which notice is required to be provided to any government body, self-regulatory agency, or any other supervisory body or (ii) that has a reasonable likelihood of materially harming any material part of the normal operation(s) of the covered entity. Submit an annual certification to DFS (signed by the chairperson of the board of directors or a senior officer) that the covered entity is in compliance with the requirements of the Final Rule. The Final Rule will take effect on March 1, 2017 (emphasis added), but covered entities have 180 days to comply with its requirements, and longer transitional periods are provided for compliance with certain provisions (including certain technical requirements for the cyber-security program). Notably, annual reporting to the board of directors or a senior officer is not required until March 1, 2018, the first certification of compliance is not required to be filed with DFS until February 15, 2018, and policies and procedures governing thirdparty service providers are not required until March 1, As noted above, the Final Rule includes a number of exemptions that may be available to captives, RRGs, and captive managers that are licensed in New York (or that should be so 4 Cyber-security event is defined as any act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an information system or information stored on such information system. 2
3 licensed). Covered entities that qualify for an exemption are required to notify DFS (using a Notice of Exemption form) within 30 days of the determination of exemption (which appears to mean within 30 days of the covered entity determining that it is exempt). In the event that a covered entity ceases to qualify for an exemption, the covered entity has 180 days from the fiscal year-end when it ceased to qualify for an exemption to comply with all applicable requirements of the Final Rule. The exemptions to the Final Rule that may be available to captives, RRGs, and captive managers are outlined below. Captive Insurance Companies A New York licensed captive insurance company that does not, and is not required to, directly or indirectly control, own, access, generate, receive, or possess nonpublic information, other than information relating to its corporate parent company (or affiliates), is exempt from some, but not all, requirements of the Final Rule. Nonpublic information is defined as all electronic information that is not publicly available information 5 and is also the following. Business-related information of a covered entity that the tampering with or unauthorized disclosure, access, or use of which would cause a material adverse impact to the business, operations, or security of the covered entity; 5 Publicly available information is defined as any information that a covered entity has a reasonable basis to believe is lawfully made available to the general public from: federal, state or local government records; widely distributed media; or disclosures to the general public that are required to be made by federal, state or local law. For the purposes of this [definition], a covered entity has a reasonable basis to believe that information is lawfully made available to the general public if the covered entity has taken steps to determine: (i) That the information is of the type that is available to the general public; and (ii) Whether an individual can direct that the information not be made available to the general public and, if so, that such individual has not done so. Any information concerning an individual that, because of name, number, personal mark, or other identifier can be used to identify such individual, in combination with any one or more of the following data elements: (i) Social Security number, (ii) drivers license number or nondriver identification card number, (iii) account number, credit or debit card number, (iv) any security code, access code, or password that would permit access to an individual s financial account, or (v) biometric records; or Any information or data, except age or gender, in any form or medium created by or derived from a healthcare provider or an individual and that relates to (i) the past, present, or future physical, mental, or behavioral health or condition of any individual or a member of the individual s family, (ii) the provision of health care to any individual, or (iii) payment for the provision of health care to any individual. Captive insurance companies seeking to rely on this exemption will need to consider whether any electronic information they control or have access to (directly or indirectly) would constitute nonpublic information and, if so, whether it relates to a person or entity other than the captive s corporate parent company or an affiliate. Captives, by their nature, primarily insure the risks of their parent or affiliates, but they may nonetheless have access to sensitive information of other business entities or individuals (e.g., third-party claimants or employees of a parent or affiliate). Furthermore, even if a captive qualifies for this exemption, it would still need to comply with several of the Final Rules requirements, including conducting periodic risk assessments of the covered entity s information systems, implementing policies and procedures governing third-party service providers and the disposal of nonpublic information, and providing the required notices and annual certifications to 3
4 DFS. However, as noted below, it may be possible for a captive to rely on a cyber-security program of an affiliate (or one of the other exemptions to the Final Rule). Non-New York RRGs Doing Business in New York The Final Rule includes a broad exemption for all RRGs chartered under the laws of a state other than New York (provided the RRG does not hold any additional license(s) or authorization(s) in New York that would otherwise cause it to be a covered entity). This exemption is intended to ensure that the Final Rule is consistent with the broad prohibition under the federal Liability Risk Retention Act on application of a state s laws to RRGs chartered under the laws of another state. Small Company Exemption A covered entity is exempt from some, but not all, of the Final Rule s requirements if it has any of the following. Fewer than 10 employees, including any independent contractors, of the covered entity or its affiliates located in New York or responsible for business of the covered entity; Less than $5 million in gross annual revenue in each of the last 3 fiscal years from New York business operations of the covered entity and its affiliates; or Less than $10 million in year-end total assets, calculated in accordance with generally accepted accounting principles, including assets of all affiliates. Because the employees (and independent contractors), gross revenues, and assets of all affiliates must be counted when determining whether an entity qualifies for the small company exemption, most New York captives likely would not qualify for this exemption. Furthermore, even if an entity qualifies for this exemption, it would still need to comply with a number of the Final Rule s requirements (emphasis added). This would include maintaining an adequate cyber-security program and cybersecurity policy, limiting access privileges to nonpublic information, conducting periodic risk assessments of the covered entity s information systems, implementing policies and procedures governing third-party service providers and the disposal of nonpublic information, and providing the required notices and annual certifications to DFS. However, as noted below, it may be possible for a captive to rely on a cyber-security program of an affiliate (or one of the other exemptions to the Final Rule). Adopting the Cyber-Security Program of Another Covered Entity The Final Rule includes a broad exemption for any covered entity that is an employee, agent, representative, or designee of another covered entity to the extent that the employee, agent, representative, or designee is covered by the cyber-security program of that other covered entity (which would, therefore, itself be required to comply with the requirements of the Final Rule). This exemption could be available to a captive manager (which acts as the agent or representative of the captive insurance companies that it represents), but, in most cases, the captives that a captive manager represents would not maintain cyber-security programs that cover the captive manager. Adopting the Cyber-Security Program of an Affiliate The Final Rule provides that a covered entity may satisfy its requirements by adopting the relevant and applicable provisions of a cybersecurity program maintained by an affiliate, provided that such provisions satisfy the requirements of the Final Rule applicable to the covered 4
5 entity. This exemption would not be available to captives and captive managers whose affiliates do not maintain cyber-security programs that meet the Final Rule s requirements. Covered Entities with No Information Systems or Nonpublic Information Finally, the Final Rule includes a limited exemption for any covered entity that does not directly or indirectly operate, maintain, utilize, or control any information systems and that does not, and is not required to, directly or indirectly control, own, access, generate, receive, or possess nonpublic information. The term information systems is defined very broadly and, as such, any captive or captive manager would be hard pressed to rely on this exemption in today s digital world. Furthermore, even if an entity qualifies for this exemption, it would still need to comply with several of the Final Rules requirements, including conducting periodic risk assessments of the covered entity s information systems, implementing policies and procedures governing third-party service providers and the disposal of nonpublic information, and providing the required notices and annual certifications to DFS. However, as noted above, it may be possible for a captive to rely on a cyber-security program of an affiliate (or one of the other exemptions to the Final Rule). Reproduced from the April 2017 issue of Captive Insurance Company Reports. Opinions expressed in this article are those of the author and are not necessarily held by the author s employer or IRMI. This content does not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with an attorney, accountant, or other qualified adviser. 5
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationWhat we will cover today
CYBERSECURITY WHAT YOU NEED TO KNOW March 30, 2017 Independent Insurance Agents Assoc of Western NY What we will cover today Broad overview of the regulation How did it come about? Who does it apply to?
More informationWhat You Need to Know to Make Sure Your Insurance Business Complies
New York State Department of Financial Services New Cybersecurity Regulation 23 NYCRR Part 500 What You Need to Know to Make Sure Your Insurance Business Complies Presented by: NAIFA-NYS, Peter J. Molinaro,
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationSouth Carolina General Assembly 122nd Session,
South Carolina General Assembly 122nd Session, 2017-2018 R184, H4655 STATUS INFORMATION General Bill Sponsors: Reps. Sandifer and Spires Document Path: l:\council\bills\nbd\11202cz18.docx Companion/Similar
More informationNEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS
REGULATORY LAW ALERT JUNE 2017 NEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS OVERVIEW In potentially the most significant state-level expansion
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationFREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500
FREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500 Effective March 1, 2017, the Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationRe: Proposed Cybersecurity Requirements for Financial Services Companies DFS P
CATHERINE M. TULLY Director, Government Affairs Submit via electronic mail: CyberRegComments@dfs.ny.gov November 15, 2016 Ms. Cassandra Lentchner Deputy Superintendent for Compliance NYS Department of
More informationHEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS
COVERYS RRG, INC. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT BUSINESS ASSOCIATE TERMS AND CONDITIONS WHEREAS, the Administrative Simplification section of the Health Insurance Portability and
More informationBy David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz
CYBERSECURITY LAW & STRATEGY AUGUST 2017 Third-Party Cybersecurity Strategies Critical to Preparedness By David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz Understanding
More informationDELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)
DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As
More informationSummary Comparison of Current Senate Data Security and Breach Notification Bills
Data Security reasonable Standards measures Specific Data Security Requirements Personal Information Definition None (a) First name or (b) first initial and last name, in combination with one of the following
More informationFederal Reserve Banks Operating Circular 1 ACCOUNT RELATIONSHIPS
Federal Reserve Banks Operating Circular 1 ACCOUNT RELATIONSHIPS FEDERAL RESERVE BANKS OPERATING CIRCULAR NO.1 ACCOUNT RELATIONSHIPS (Click CTRL + section or page number to go directly to the section)
More informationCritical Issues in Cybersecurity:
Critical Issues in Cybersecurity: Are you prepared and in compliance? July 27, 2017 Robert Barbarowicz Scott Lyon JillAllison Opell 1 What Types of Information do We Collect? PII v. PHI v. NPI v. sensitive/confidential
More informationClient Privacy Policy
Client Privacy Policy Introduction Famme & Co. Professional Corporation collects, uses and discloses personal information in the possession, or under the control, of its clients to the extent required
More informationMarch 1. HIPAA Privacy Policy
March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member
More informationThe Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure
The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure Purpose To provide for notification in the case of breaches of Unsecured Protected Health Information ( Unsecured PHI )
More informationROSETTA STONE LTD. PROCESSING ADDENDUM
ROSETTA STONE LTD. PROCESSING ADDENDUM This Data Processing Addendum (this DPA ) forms part of the order document(s) (each a Service Order ) and Services Agreement (collectively, the Agreement ), entered
More informationREF STANDARD PROVISIONS
This Data Protection Addendum ( Addendum ) is an add- on to the Purchasing Terms and Conditions. It is applicable only in those situations where the Selected Firm/Vendor provides goods or services under
More informationAS PASSED BY HOUSE AND SENATE H Page 1 of 37 H.764. An act relating to data brokers and consumer protection
2018 Page 1 of 37 H.764 An act relating to data brokers and consumer protection It is hereby enacted by the General Assembly of the State of Vermont: Sec. 1. FINDINGS AND INTENT (a) The General Assembly
More information2.0 Scope: This policy applies to all Board members, officers and employees of the Company and its subsidiaries in all global locations.
Policy Title: Prohibition on Insider Trading Policy 1.0 Purpose: This insider trading policy (the policy) has been adopted by Meritor, Inc. (the Company ) to establish procedures intended to prevent both
More informationCODE OF BUSINESS CONDUCT AND ETHICS
CODE OF BUSINESS CONDUCT AND ETHICS 1. Introduction Shutterstock, Inc. and its subsidiaries ( Shutterstock, the Company or we ) are committed to maintaining the highest standards of ethical conduct. This
More informationINFORMATION AND CYBER SECURITY POLICY V1.1
Future Generali 1 INFORMATION AND CYBER SECURITY V1.1 Future Generali 2 Revision History Revision / Version No. 1.0 1.1 Rollout Date Location of change 14-07- 2017 Mumbai 25.04.20 18 Thane Changed by Original
More informationIt is the policy of Citizens Deposit Bank & Trust to adhere to the following Privacy Policy.
It is the policy of Citizens Deposit Bank & Trust to adhere to the following Privacy Policy. Purpose and Objectives This policy reaffirms and formalizes our bank's realization of and respect for the privacy
More informationSupplier Code of Conduct
Supplier Code of Conduct VERIZON SUPPLIER CODE OF CONDUCT The Verizon Supplier Code of Conduct ( Supplier Code ) sets forth principles that Verizon has adopted to promote ethical conduct in the workplace,
More informationFederal Reserve Banks Operating Circular 1 ACCOUNT RELATIONSHIPS
Federal Reserve Banks Operating Circular 1 ACCOUNT RELATIONSHIPS FEDERAL RESERVE BANKS OPERATING CIRCULAR NO.1 ACCOUNT RELATIONSHIPS (Click CTRL + section or page number to go directly to the section)
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationNATIONAL PAYMENT AND SETTLEMENT SYSTEMS DIVISION
NATIONAL PAYMENT AND SETTLEMENT SYSTEMS DIVISION MINIMUM STANDARDS FOR ELECTRONIC PAYMENT SCHEMES ADOPTED SEPTEMBER 2010 Central Bank of Swaziland Minimum standards for electronic payment schemes Page
More informationRegenstrief Center for Healthcare Engineering HIPAA Compliance Policy
Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Revised December 6, 2017 Table of Contents Statement of Policy 3 Reason for Policy 3 HIPAA Liaison 3 Individuals and Entities Affected
More informationThe Allied Group Privacy Shield Policy
The Allied Group Privacy Shield Policy The Allied Group, Inc. ("Allied") has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection.
More informationDATA PROTECTION ADDENDUM
DATA PROTECTION ADDENDUM In the event an agreement ( Underlying Agreement ) entered into by and between (i) either Sunovion Pharmaceuticals Inc. or its subsidiary, Sunovion Pharmaceuticals Europe Ltd.
More informationOpus Bank. Insider Trading And Disclosure Policy. Board Approval Date: December 15, 2016
Opus Bank Insider Trading And Disclosure Policy Board Approval Date: December 15, 2016 BOD Approved: December 15, 2016 Table of Contents Purpose... 1 Application of Policy... 1 General Statement... 1 Insider
More informationANTI-MONEY LAUNDERING COMPLIANCE REQUIRED. LIMRA is preferred, but they will also accept RegEd, Web Ce, Kaplan, and Sandi Kruse.
PLEASE NOTE: These license papers may be returned with your first new business application is all states EXCEPT PA. If selling in PA, you must be appointed PRIOR to signing or dating any new business applications.
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationEMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES
EMPLOYEE NOTICE OF DATA PRIVACY POLICIES TABLE OF CONTENTS A. Ecolab s Commitment to Data Privacy... 2 B. Definitions... 2 C. Scope... 3 D. Application of Local Law... 3 E. Employee Data Collected... 3
More informationRECENT STATE DATA PRIVACY LAWS AND COURT DECISIONS IMPOSE EXTENSIVE OBLIGATIONS ON COMPANIES THAT COLLECT AND PROCESS PERSONAL INFORMATION
CLIENT MEMORANDUM RECENT STATE DATA PRIVACY LAWS AND COURT DECISIONS IMPOSE EXTENSIVE OBLIGATIONS ON COMPANIES THAT COLLECT AND PROCESS PERSONAL INFORMATION During the latter part of 2008, state legislatures,
More informationVIRTU FINANCIAL, INC. SECURITIES TRADING POLICY (adopted by the Board of Directors April 3, 2015)
VIRTU FINANCIAL, INC. SECURITIES TRADING POLICY (adopted by the Board of Directors April 3, 2015) To Directors, Officers and Employees of Virtu Financial, Inc. and its subsidiaries (collectively, the Company
More informationInformation Security and Third-Party Service Provider Agreements
The Iowa State Bar Association s ecommerce & Intellectual Property Law Sections presents 2016 Intellectual Property Law & ecommerce Seminar Information Security and Third-Party Service Provider Agreements
More informationNorthway Bank. Mobile Deposit Addendum. Addendum to the Online Banking Agreement
Northway Bank Mobile Deposit Addendum Addendum to the Online Banking Agreement This Mobile Deposit Addendum (the Addendum ) to the Northway Bank Online Banking Agreement (the Agreement ) contains the terms
More informationBYLINE BANCORP, INC. INSIDER TRADING POLICY
BYLINE BANCORP, INC. INSIDER TRADING POLICY Purpose The Board of Directors (the Board ) of Byline Bancorp, Inc. (together with Byline Bank and its other subsidiaries, the Company ) has adopted this Insider
More informationUNITED OF OMAHA Contracting Checklist
UNITED OF OMAHA Contracting Checklist Agent/Agency: Direct Upline: Agent #: Documents To Be Completed & Returned: Contract Information and Signature Form Fair Credit Reporting Act Disclosure Individual
More informationMEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE
MEMORANDUM OF UNDERSTANDING Pg. 1 of 3 DATA SHARING BETWEEN DISTRICT AND SCCOE MEMORANDUM OF UNDERSTANDING for DATA SHARING BETWEEN DISTRICT AND SCCOE This Memorandum of Understanding (MOU) is entered
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationInsider Trading Policy
FINAL ANIKA THERAPEUTICS, INC. Insider Trading Policy The Board of Directors (the Board ) of Anika Therapeutics, Inc. (including its subsidiaries, Anika ) has approved this Insider Trading Policy (this
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More informationRegulatory Notice 11-14
Regulatory Notice 11-14 Third-Party Service Providers FINRA Requests Comment on Proposed New FINRA Rule 3190 to Clarify the Scope of a Firm s Obligations and Supervisory Responsibilities for Functions
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy
More informationHURON CONSULTING GROUP INC. INSIDER TRADING POLICY. (As amended October 20, 2016)
HURON CONSULTING GROUP INC. INSIDER TRADING POLICY (As amended October 20, 2016) The federal securities laws generally prohibit persons who receive or become aware of material nonpublic information about
More informationCode of Conduct. This Code of Conduct covers all associates. When appropriate, it also covers all members of the Company's Board of Directors.
Code of Conduct This Code of Conduct has been adopted for the purpose of ensuring that the Company's "Associates" (Officers and Employees) conduct themselves and operate the Company's business in accordance
More informationDATA PRIVACY I. POLICY DEFINITIONS
DATA PRIVACY I. POLICY CBRE is committed to respecting and protecting the privacy of individuals and keeping Personal Information secure by complying with applicable data protection, privacy and information
More informationCBOE GLOBAL MARKETS, INC. RISK COMMITTEE CHARTER. Proposed Changes December 18, 2018
CBOE GLOBAL MARKETS, INC. RISK COMMITTEE CHARTER Proposed Changes December 18, 2018 Purpose and Authority The ( Committee ) is a committee of the of Directors (the ) of Cboe Global Markets, Inc. ( Cboe
More informationCBSA PRIVACY POLICY. Canadian Business Strategy Association Page 1
CBSA PRIVACY POLICY The CBSA Privacy Policy is a statement of principles and policies regarding the protection of personal information provided by the Canadian Business Strategy Association. The objective
More informationDoes the Applicant provide data processing, storage or hosting services to third parties? Yes No
BEAZLEY BREACH RESPONSE APPLICATION NOTICE: THIS POLICY S LIABILITY INSURING AGREEMENTS PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY TO CLAIMS FIRST MADE AGAINST THE INSURED DURING
More informationDATA PROCESSING TERMS DEFINITIONS
DATA PROCESSING TERMS DEFINITIONS Agency: means KTS Events Limited (company registration number 05289039) and any business entity from time to time controlling, controlled by, or under common control or
More informationDATA PROCESSING TERMS AND CONDITIONS
DATA PROCESSING TERMS AND CONDITIONS These Data Processing Terms and Conditions apply in respect of Personal Data that we process on behalf of Customers who purchase the Powwownow Premium Service. Please
More informationCSU. ICSUAM Section 6000 Financing, Treasury, and Risk Management
CSU ICSUAM Section 6000 Financing, Treasury, and Risk Management Table of Contents 6320.00 Petty Cash Funds and Change Funds... 3 6330.00 Incoming Cash and Checks... 5 **DRAFT** 6320.00 Petty Cash Funds
More informationPERSHING RESOURCES COMPANY INC. Adopted as of April 9, All Employees, Officers and Directors, and Contractors
PERSHING RESOURCES COMPANY INC. Adopted as of April 9, 2018 TO: RE: All Employees, Officers and Directors, and Contractors Pershing Resources Company Insider Trading Policy Statement This Policy Statement
More informationEpiserver Data Processing Agreement
1 /12 Episerver Data Processing Agreement Last Modified: May 30, 2017 As referred to in Section 7 of the Episerver End-User Services Agreement ( E ), for the purposes of Article 26(2) of Directive 95/46/EC,
More informationEMPLOYEE NOTICE OF DATA PRIVACY POLICIES AND PROCEDURES
... 1 A. Ecolab s Commitment to Data Privacy... 3 B. Definitions... 3 C. Scope... 4 D. Data Privacy Principles... 4 E. Application of Local Law... 5 F. Human Resources Data Collected... 6 G. Purposes of
More informationInformation Disclosure Policy
Information Disclosure Policy Employees, Officers and Directors Page i Table of Contents OBJECTIVES OF THIS POLICY... 1 POLICY/PROGRAM SCOPE... 1 POLICY ELEMENTS... 1 MATERIAL INFORMATION... 1 NON-PUBLIC
More informationSAFE DESTRUCTION OF DOCUMENTS
SAFE DESTRUCTION OF DOCUMENTS Federal and State Requirements for Proper Disposal of Information Contained in Consumer Reports OVERVIEW With the growth in popularity for organizations to utilize electronic
More informationINSIDER TRADING POLICY OF IBERDROLA RENEWABLES, LLC
INSIDER TRADING POLICY OF IBERDROLA RENEWABLES, LLC IBERDROLA RENEWABLES, LLC (the Company ) is integrated into the group of companies controlled by Iberdrola, S.A. and, as a result, is a subsidiary of
More informationBREACH MITIGATION EXPENSE COVERAGE
POLICY NUMBER: QBPC-2030 (09-16) THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. BREACH MITIGATION EXPENSE COVERAGE This endorsement modifies insurance provided under the following: INSURANCE
More informationWILLIAMS SCOTSMAN INTERNATIONAL, INC. CODE OF CONDUCT AND ETHICS
WILLIAMS SCOTSMAN INTERNATIONAL, INC. CODE OF CONDUCT AND ETHICS September 11, 2005 I. Introduction This Code of Conduct and Ethics ( Code ) provides a general statement of the expectations of Williams
More informationCYBER AND INFORMATION SECURITY COVERAGE APPLICATION
NOTICE: THIS APPLICATION IS FOR CLAIMS-MADE AND REPORTED COVERAGE, WHICH APPLIES ONLY TO CLAIMS FIRST MADE AND REPORTED IN WRITING DURING THE POLICY PERIOD, OR ANY EXTENDED REPORTING PERIOD. THE LIMIT
More informationMNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota
MNsure Certified Application Counselor Services Agreement with Tribal Nation Attachment A State of Minnesota 1. MNsure Duties A. Application Counselor Duties (a) (b) (c) (d) (e) (f) Develop and administer
More informationMentorcliQ Data Processing Agreement
MentorcliQ Data Processing Agreement This MentorcliQ Data Processing Agreement ( DPA ), that includes the Standard Contractual Clauses adopted by the European Commission, as applicable, reflects the parties
More informationJABIL CIRCUIT, INC. INSIDER TRADING POLICY
EXHIBIT A JABIL CIRCUIT, INC. INSIDER TRADING POLICY and Guidelines with Respect to Certain Transactions in Company Securities and other matters (Amended and Restated October 15, 2012) In order to take
More informationSECURITY SAFEGUARD BREACH GUIDE
SECURITY SAFEGUARD BREACH GUIDE On November 1, 2018, new regulations will come into force that will require all organizations, including insurance brokers, to report breaches of security safeguards that
More informationSEC PROPOSES AMENDMENTS TO REGULATION S-P TO SAFEGUARD CUSTOMER PRIVACY
CLIENT MEMORANDUM SEC PROPOSES AMENDMENTS TO REGULATION S-P TO SAFEGUARD CUSTOMER PRIVACY On March 4, 2008, the Securities and Exchange Commission ( SEC ) proposed for comment amendments to Regulation
More informationEquifax Data Breach: Your Vital Next Steps
Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Ann Davidson Vice President Risk Consulting/ Bond Division Allied Solutions, LLC Do You Remember When this Was the Biggest Threat to Data
More informationSECURITY POLICY 1. Security of Services. 2. Subscriber Security Administration. User Clearance User Authorization User Access Limitations
! SECURITY POLICY This Security Policy ( Policy ) applies to all Services provided by Collective Medical Technologies, Inc. ( CMT ) pursuant to a Master Subscription Agreement ( Underlying Agreement )
More informationAMERICAN FINANCIAL GROUP, INC. CODE OF ETHICS
AMERICAN FINANCIAL GROUP, INC. CODE OF ETHICS American Financial Group, Inc. (AFG), together with Great American Insurance Company (GAI), Great American Financial Resources, Inc. (GAFRI) and their respective
More informationUniversity Data Policies
BACKGROUND Data are valuable institutional assets of Washington State University. Data policies are needed to ensure that these resources are carefully managed, maintained, protected, and used appropriately.
More informationMutual of Omaha Insurance Company United of Omaha Life Insurance Company
Mutual of Omaha Insurance Company United of Omaha Life Insurance Company Disability insurance is underwritten by United of Omaha Life Insurance Company, 3300 Mutual of Omaha Plaza, Omaha, NE 68175, 1-800-769-7159.
More informationDATA PROCESSING ADDENDUM (v1.0)
DATA PROCESSING ADDENDUM (v1.0) Progressive Voice Services Limited trading as Meetupcall of Premier House, Carolina Court, Doncaster, DN45RA ( Meetupcall ) and having its place of business at, ( Customer
More informationLegal Alert: Overview of NYSE and Nasdaq Corporate Governance Listing Rules December 10, 2003
Legal Alert: Overview of NYSE and Nasdaq Corporate Governance Listing Rules December 10, 2003 Introduction On November 4, 2003, the SEC approved changes to the listing rules of the NYSE and the Nasdaq.
More informationPublic Act No
Public Act No. 18-90 AN ACT CONCERNING SECURITY FREEZES ON CREDIT REPORTS, IDENTITY THEFT PREVENTION SERVICES AND REGULATIONS OF CREDIT RATING AGENCIES. Be it enacted by the Senate and House of Representatives
More informationCBOE GLOBAL MARKETS, INC. AND SUBSIDIARIES CODE OF BUSINESS CONDUCT AND ETHICS. Adopted October 27, 2017
CBOE GLOBAL MARKETS, INC. AND SUBSIDIARIES CODE OF BUSINESS CONDUCT AND ETHICS Adopted October 27, 2017 Purpose This Code of Business Conduct and Ethics (the Code ) has been adopted by the Board of Directors
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationIdentity Theft Prevention Program Lake Forest College Revision 1.0
Identity Theft Prevention Program Lake Forest College Revision 1.0 This document supersedes all previous identity theft prevention program documents. Approved and Adopted by: The Board of Directors Date:
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement (the DPA ), entered into by the Customer and the company Ganttic OÜ (company registration number 11979702) having its registered office at Lai tn
More informationEU Data Processing Addendum
EU Data Processing Addendum This EU Data Processing Addendum ( Addendum ) is made and entered into by and between AlienVault, Inc., a Delaware corporation ( AlienVault ) and the customer specified in the
More informationGeorgia Health Information Network, Inc. Georgia ConnectedCare Policies
Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health
More informationADDENDUM #1 RFP# DBE/ACDBE Consultant January 19, 2015
ADDENDUM #1 RFP# 2016-01-001 DBE/ACDBE Consultant January 19, 2015 1. Does the RFP apply to Right of Way Consultant Firms? No 2. What is the expected level of effort required to address the supplemental
More informationCorporate Communications Policy
Corporate Communications Policy Adopted by the Board of Directors of Nutra Pharma Corporation on September 8, 2010 NUTRA PHARMA CORPORATION CORPORATE COMMUNICATIONS POLICY TABLE OF CONTENTS Section Page
More informationGI DYNAMICS, INC. RESTRICTIONS ON BUYING AND SELLING STOCK AND SECURITIES (INSIDER TRADING POLICY)
GI DYNAMICS, INC. RESTRICTIONS ON BUYING AND SELLING STOCK AND SECURITIES (INSIDER TRADING POLICY) 1. Policy Statement. Employees, consultants, officers, the Board of Directors and entities (such as trusts,
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationINSIDER TRADING COMPLIANCE MANUAL. Dipexium Pharmaceuticals, Inc.
INSIDER TRADING COMPLIANCE MANUAL Dipexium Pharmaceuticals, Inc. Adopted March 18, 2014 In order to take an active role in the prevention of insider trading violations by its officers, directors, employees,
More informationLong-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates
Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.
More informationAS SEB Pank. Terms and conditions of the Internet Bank for private clients. Content. Valid as of
Terms and conditions of the Internet Bank for private clients Valid as of 13.01.2018 Content Definitions 2 General provisions 2 Technical requirements 2 Applied terms and conditions 2 Security requirements
More informationPayment Card Industry Data Security Standards (PCI DSS) Initial Training
Payment Card Industry Data Security Standards (PCI DSS) Initial Training PCI DSS Training Content What topics will this training cover? What is PCI DSS? Objectives of PCI DSS Common Terminology Background
More informationSCCCI Personal Data Protection Policy
SCCCI Personal Data Protection Policy At SCCCI, we are committed to protecting and safeguarding the personal data we collected from you. This Personal Data Protection Policy describes the types of personal
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationData Protection Agreement
Data Protection Agreement This Data Protection Agreement (the DPA ) becomes effective on May 25, 2018. The Customer shall make available to GURTAM and the Customer authorizes GURTAM to process information
More information1.1 In these Terms and Conditions, the following words and expressions shall have the corresponding meanings wherever appropriate:
Terms and Conditions for DBS ibanking, DBS digibank and DBS iwealth (Formerly known as Terms and Conditions for DBS ibanking and DBS digibank and formerly known as Terms and Conditions for DBS ibanking)
More information