In the past year, a new digital security baseline has been established for many businesses across the globe – making compliance more complicated and more critical. But will it affect your business? The answer is: yes, very likely. As more businesses continue to be impacted by evolving regulations, discussions about risk, responsibility, and cyber liability insurance should be happening in every board room and strategic planning session.
What is the California Consumer Privacy Act?
In June of 2018, Governor Jerry Brown passed the California Consumer Privacy Act (CCPA) – following in the footsteps of the European Union’s General Data Protection Regulation (GDPR). Both of these digital security laws are designed to hold businesses more accountable for protecting data and to give consumers more control over how their personal information is used.
Simplified for this discussion, here are some (but certainly not all) of the CCPA highlights that may impact your business:
- Consumers’ rights have been expanded – affecting the way you collect, handle, use, disclose, and sell consumer information.
- Consumers are able to request that their information is deleted from your organization’s databases (which includes deletion from your vendors’ systems).
- Businesses have a “duty to implement and maintain reasonable security procedures and practicesappropriate to the nature of the information” being discussed.
- “Consumers” will now be able to sue for damages over stolen personal information – whereas in the past only those “customers” who could prove that actual harm resulted from a breach (an impossible standard) were able to seek damages.
Who Must Comply with the CCPA?
While the CCPA solely extends the protections of California residents, we exist in a global marketplace. Ultimately, it will impact any business who has customers residing in the state – making it a state law with national implications.
However, the law doesn’t impact all businesses. In addition to having customers in California, one of these thresholds must also apply:
- Generates an annual gross revenue in excess of $25 million.
- Receives or shares personal information of more than 50,000 California residents annually.
- Derives at least 50 percent of its annual revenue by selling the personal information of California residents.
What’s the Role of Cyber Liability Insurance?
While laws like the CCPA and GDPR are making businesses think about the financial risk of non-compliance, we have to also recognize that these laws are being created for a reason. Consider this. The average cost of a data breach last year was $3.86 million (according to the 2018 Cost of a Data Breach Study by Ponemon). Next year, that number will inevitably increase as the CCPA enables consumers to seek between $100 to $750 in damages – potentially resulting in millions of dollars in lawsuit payouts.
Cyber liability insurance is specifically designed to address the risks that come with using modern technology, including data breaches, system failures, and cyber extortion. Other types of business liability coverage simply won’t cover these risks.
Are you certain that none of your employees would accidentally open a phishing email? Are all of your software and system patches implemented as soon as they become available? Do your vendors maintain the same digital security standards that you do? If you’re uncertain of any of these answers, then it’s essential to start the conversation about cyber liability insurance.
We Can Help with Your Commercial Insurance & Cyber Liability Insurance Needs.
At Swarts, Manning & Associates, we provide a unique perspective on all of your commercial coverage options, and we help to determine which carrier best fits your business needs. We strive to find you the broadest coverage at the best available rate. Give us a call to get started: (833) 878-2820.
Each week, Swarts, Manning & Associates covers relevant topics for your business. Stay tuned to hear more discussions about managing your insurance and industry-specific tips.
