Christopher M Brubaker

October 08, 2018 | FC&S Insurance

South Carolina recently became the first state to adopt the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model…

By Christopher M. Brubaker

8 minute read

October 04, 2018 | The Legal Intelligencer

South Carolina recently became the first state to adopt the National Association of Insurance Commissioners' Insurance Data Security Model Law. The NAIC is a standard-setting and regulatory support organization consisting of the top insurance regulators from the 50 states, D.C. and five U.S. territories.

By Christopher M. Brubaker

8 minute read

December 26, 2017 | The Legal Intelligencer

On Oct. 24, the National Association of Insurance Commissioners (NAIC) formally approved the Insurance Data Security Model Law (model law). The NAIC is a standard setting and regulatory support organization consisting of the top insurance regulators from the 50 states, District of Columbia, and five U.S. territories. T

By Christopher M. Brubaker

9 minute read

September 12, 2017 | The Legal Intelligencer

Have you become immune to the latest breach headline unless you might be personally impacted (or unless it offered the opportunity to watch "Game of Thrones" episodes early)? Tired of wondering if today is the day we get breached, hacked or held for ransom? Sick of knowing that there is no perfect ­solution to cybersecurity? Dumbfounded by the amount of resources that are being thrown at the issue with no guarantees that you won't suffer a catastrophic ­cyberevent? Fed up with trying to navigate the ­ever-expanding regulatory web impacting the use of data and cybersecurity? Confused by how much and what type of cyberinsurance to purchase? Welcome to cyberfatigue.

By Christopher M. Brubaker

15 minute read

March 07, 2017 | The Legal Intelligencer

The New York Department of Financial Services' new ­cybersecurity rules applicable to banks, insurance ­companies and other financial services companies, 23 NYCRR 500, went into effect on March 1.

By Christopher M. Brubaker

15 minute read

December 14, 2016 | The Legal Intelligencer

As 2016 comes to a close I want take a moment to look back at my cyberrisk predictions from a year ago and discuss what to expect in 2017 and beyond. In case you missed it, with the election and cyberfatigue, cyber-related incidents are still happening at an alarming rate. According to the Identity Theft Resource Center, as of Nov. 29, there have been 932 breaches and 34,305,616 compromised records so far in 2016. That is an average of nearly three breaches and over 100,000 compromised records a day. Looking back, my predictions were fairly close to the mark.

By Christopher M. Brubaker

22 minute read

June 15, 2016 | The Legal Intelligencer

As details continue to emerge ­concerning the $81 million cyberheist of funds from the Bangladesh Central Bank by way of hacked wire-transfer requests sent to the Federal Reserve Bank of New York (NY Fed), a lingering question remains regarding the role people played in approving the transfer requests.

By Christopher M. Brubaker

16 minute read

March 23, 2016 | The Legal Intelligencer

This is the second of a two-part look at the new EU-U.S. Privacy Shield Agreement. The first part looked at the general framework of the Privacy Shield and focused on the responsibilities of the private sector in taking advantage of the protections offered by the Privacy Shield, such as self-certification; review by the U.S. Department of Commerce; the principles (transparency, quick attention to consumer inquiries and complaints, free (to consumer) dispute resolution mechanisms); and cooperation with data protection authorities (DPAs). Part II addresses the ­primary government responsibilities in terms of enforcement and the U.S. government's agreements to limit bulk data collection and provide analysis of the framework.

By Christopher M. Brubaker

11 minute read

March 16, 2016 | The Legal Intelligencer

This is the first of two parts providing an overview and analysis of the ­EU-U.S. Privacy Shield Agreement. The first part focuses on the general framework of the Privacy Shield and on the responsibilities of the private sector in taking advantage of the protections offered by the Privacy Shield: self-certification; review by the U.S. Department of Commerce; the principles (transparency, quick attention to consumer inquiries and complaints, free (to consumer) dispute resolution mechanisms); and cooperation with data protection authorities. Part II will look at the primary government responsibilities in terms of enforcement and the U.S. government's agreements to limit bulk data collection and provide analysis of the framework.

By Christopher M. Brubaker

7 minute read

December 09, 2015 | The Legal Intelligencer

As 2015 winds down, it is a good time to take stock of where you are with cybersecurity. As you should be aware by now, cybersecurity is an ongoing process that requires constant evaluation, monitoring, testing, training and adaptation. The events of the last year only reinforce this notion. While large-scale payment card data and health care information breaches continue to dominate the headlines, the Ashley Madison breach shows that plenty of damage can occur when a financial windfall is not the hacker's objective. Following on the heels of the Sony breach, which was all about ideology, it is all too clear the harm that a breach can cause, regardless of the type of data that you have or the motivation for the attack. Here are a few predictions for what to expect in 2016:

By Christopher M. Brubaker

8 minute read