July 11th, 2018

Developments in the Data Privacy Regulatory Landscape

Posted at 1:00 AM ET

The recently enacted European Union (EU) General Data Protection Regulation (GDPR), the National Association of Insurance Commissioners (NAIC) Model Law and the New York State Department of Financial Services (NYDFS) Cybersecurity Act all address data privacy (the personal information of individuals) and data protection (using such personal information for business objectives), but from different perspectives.

The EU regulation is focused on broad principles: the rights of EU data subjects and the requirements for companies to:

  1. Use and process the data only for lawful purposes;
  2. Limit use by third-party recipients of the data; and
  3. Give the data subjects the rights to access, portability, rectification and erasure (the “right to be forgotten”).

By contrast, the NYDFS and NAIC regulations are focused on the technical requirements of financial service companies to assess cyber risk in their systems, implement additional security and report breaches promptly. The NYDFS regulation became effective on March 1, 2017. The Department is requiring companies to file Certifications of Compliance with specific sections of 23 NYCRR Part 500 (NY Regulation) according to a timetable of various transition periods.

For companies, understanding and prioritizing the risks with informed decision-making requires an understanding of the law as it unfolds.

Regulatory Landscape Part I: The New Privacy Order Created by GDPR

Regulatory Landscape Part II: Extra-Territorial Application of GDPR

Regulatory Landscape Part III: New York Department of Financial Services Regulation

Regulatory Landscape Part IV: NYDFS Cybersecurity Act - Risk of Third Party Service Providers

Regulatory Landscape Part V: NAIC Model Law

Regulatory Landscape Part VI: California Consumer Privacy Law

Regulatory Landscape Part VII: Conclusion

Click here to register to receive e-mail updates >>

AddThis Feed Button
Bookmark and Share

Related Posts