Photo of Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive standards… for data security and investigation and notification of a data breach” for “any person or entity licensed, authorized to operate, or registered” pursuant to state insurance laws. The first draft Model Law was released in April of this year and received over 40 comments from trade associations, market participants and regulators.

The first draft was started as a compilation of four previously released guidelines, with implementation of specific practices and penalties. The first draft incorporated elements of the Insurance Information and Privacy Protection Model Act and the Privacy of Consumer Financial and Health Information Regulation, and the Principles for Effective Cybersecurity: Insurance Regulatory Guidance and the NAIC Roadmap for Cybersecurity Consumer Protections. With the release of the first draft Model Law came many criticisms. NAIC members expressed concerns about:  (1) certain prescriptive security measures that insurance companies were expected to incorporate into their information security programs; (2) the requirement that insurance companies compel third-party service providers to agree by contract to certain data security provisions; (3) the timing, substance, and procedure for notifying consumers of a data breach; and (4) consumer remedies following a data breach, such as regulatory remedies and a private right of action.

Now, after reviewing the comments received in response to the first draft Model Law, the NAIC has released a revised draft after its NAIC National Summer Meeting, where the Task Force met with interested parties to discuss comments on this revised draft.  Written comments to the revised Model Law may be submitted by September 16, 2016.


Continue Reading NAIC Releases Draft of Revised Insurance Data Security Model Law for Review

Drone mapping provides insurance companies with an easy, fast and accurate method of documenting a scene and preserving key details  while also letting the process of clean-up and reconstruction begin as quickly as possible. Recently, Dronotec, a start-up company specializing in drone inspection for insurance companies conducted a case study to determine just how much money this drone mapping was saving insurance companies. Dronotec’s founder, Emilien Rose, worked as a loss assessor in France and Australia for 10 years and conducted assessments of about 8,000 claims. Rose believes that Dronetec and drone mapping can really save time and money for insurers.

For example, recently a fire in France consumed 5 acres of a vacation destination on the coast. Once the insurance company came in to assess the damages, they realized that the sheer size of the site posed quite a challenge. Moreover, so much of the property was damaged by the fire, inspectors could not enter the properties or inspect the roofs without the threat of personal injury. A plane attempted to capture photos but many of the photos were not clear or sharp enough to use. However, the loss adjuster recommend a drone to do the mapping of the scene. In about 10 minutes, the drone collected more than 300 geo-tagged photos flying about 180 feet over the property. The images were uploaded to a drone mapping program, and three hours later a 2-D map and 3-D model of the property and the damages were available. The high degree of accuracy of not only the photos but the mapping improved the likelihood of identifying the cause of the accident exponentially. And the insurance company’s team members were able to collaborate and review the mapping in one cloud-based space. In this one case, the use of drone mapping saved this French insurance company about €99,985,000 (or about $110,600,000).

The ability to quickly process claims is very helpful to insurance companies with large scale disasters that have many claims filed related to the same incident.
Continue Reading Drone Mapping the Way of the Future for Insurance Companies

Back in March, our Data Privacy + Security Insider blog reported an increase in the use of commercial drones by State Departments of Transportation across the country. Now, insurance companies are also getting in the game. Using drones for underwriting, determining property values and conditions for policy issuance, inspections and risk evaluations may be more