In a recently published survey of corporate directors and officers, cyber and privacy risks topped the list of global boardroom concerns. The survey report, titled Personal Exposure to Global Risks, compiled the views of 161 directors, non-executive directors, partners, in-house lawyers, risk officers, and compliance professionals around the world with regard to the top risks facing their enterprises.
Managing today’s privacy and data protection issues is no easy feat. Hyper-connectivity, mobility, big data and analytics, and remote assess to enterprise data have revolutionized the way modern organizations function. But those same phenomena also have exponentially broadened the privacy and data protection exposures companies now must manage.
It’s been almost a year since I posted Cyber Insurance: It’s Not Just for Data Breaches, in which I noted that just as cyber and privacy threats have continued to evolve, cyber insurance policies also have evolved to provide greater protection against some of today’s most vexing and relentless cyber risks. In this post, I highlight some additional and innovative coverages that can provide real value to insureds following a cyber or privacy incident. As noted in last year’s article, not all these coverages are offered by all cyber insurers, and sublimits, retentions, and the precise policy terms and conditions should be carefully reviewed. Further, its important to note that some carriers offer similar coverages to those described below, but they may use different terminology to describe the coverage provided.
In this post, Thomas Ritter and I take a look at cyber security laws affecting the insurance industry and offer recommendations about how affected companies can get in good cyber shape. Thomas is a leading cyber security attorney with Thomson Burton in Nashville. He advises clients on regulatory compliance, incident response, and risk mitigation techniques.
In May of 2018, the EU’s groundbreaking privacy and cyber security regulation, the General Data Protection Regulation (GDPR), went into effect. The GDPR covers virtually every aspect of how companies handle protected data and empowers individuals with a wide range of rights over their data. Implementing these sweeping GDPR requirements has proved to be strategically and operationally challenging for affected businesses, with few expecting to have achieved full compliance by the Regulation’s May 25, 2018, effective date.
Just as companies were catching their collective breath after racing toward the GDPR deadline, Governor Jerry Brown of California signed the hastily enacted and similarly groundbreaking California Consumer Protection Act (CCPA). Like the GDPR, the CCPA also vests individuals with more control over their protected data. Although the CCPA is expected to be further clarified prior to its January 1, 2020, effective date, it also promises to create challenging strategic and operational hurdles for covered businesses. While there are a number of similarities between GDPR and CCPA — some commentators actually refer to CCPA as “GDPR light” — understanding the specific areas of overlap as well as the differences between the two standards can help companies more efficiently and effectively work towards ongoing compliance with both.