loader

Cyber Liability Insurance and the California Consumer Privacy Act

Oct 08, 2020

Cyber Insurance

Cyber Liability Insurance and the California Consumer Privacy Act
Modeled after Europe's General Data Protection Regulation (GDPR,) the California Consumer Privacy Act (CCPA), which took effect in January 2020, aims to give consumers residing in the Golden State greater control of their personal data. In essence, the CCPA focuses on consumer privacy rights legislation, especially in the ecommerce space, meaning it has significant implications for business liability insurance and cyber liability insurance providers in the state of California. Keeping this in mind, here is what you need to know about cyber liability insurance and the California Consumer Privacy Act.California Consumer Privacy Act - An OverviewThe CCPA is a piece of sweeping new legislation that introduces new requirements for producing, identifying, securing, managing, tracking and deleting consumers' personal data. More specifically, the CCPA gives consumers in the state of California these six rights: 1. The right to know what privacy information a particular business is collecting about you as well as the collection method(s)employed. 2. The right to request an organization to delete your personal data from its records. 3. The right to exercise your privacy rights without fear of being victimized. 4. The right to know whether and to whom a business sells or discloses your privacy information. 5. The right to tell a business not to sell your personal data. 6. The right to access your privacy information stored in an organization's database.The Organizations Affected by CCPAIn general, the CCPA targets any organization that captures and stores personal information of consumers residing in the Golden State and meets at least one of the following requirements:'Collects and sells, or buys the personal data of at least 50,000 devices, households, or Californian consumers'Handles the personal data of 4 million or more consumers'Generates at least $25 million annually in gross revenues'Generates at least 50% of its annual revenues through selling its customers' privacy informationIt is worth noting that the CCPA applies to any business in the world that serves or collects personal data of the residents of California. Additionally, other states across the U.S. have either enacted or are in the process of enacting similar privacy legislation to give American consumers greater control over their personal data. Nevada's privacy legislation, for instance, came into effect in October 2019.The Consequences of Violating CCPATo punish organizations that intentionally violate the CCPA, the legislation provides for two penalty mechanisms. The first penalty mechanism allows the government to penalize an organization that defies CCPA up to $7,500 per incident, translating to tens of millions of dollars for an organization that handles millions of consumer data. The second penalty mechanism allows consumers to bring a civil lawsuit against a business that suffers a data breach, leading to the loss or exposure of consumer data. An organization that loses such a lawsuit would be liable for statutory fines ranging from $100 to $750 per record. Depending on the number of the affected records, the organization could easily suffer financial losses running into tens of millions of dollars.CCPA and Cyber Liability Insurance CoverageAs mentioned earlier, the CCPA has significant implications for business liability coverage. However, to protect yourself against the business-related risks created by the CCPA, you need to carry the right cyber liability insurance coverage. Remember, the payout for an average data breach amounts to millions of dollars. For instance, in 2018, the average cost of a data breach was about $4 million, according to a study by Ponemon. With this in mind, when purchasing cyber liability insurance coverage for your business, ensure it covers the following risks:'Failure to delete personal data upon request'CCPA violations'Statutory damages related to the CCPA'Data breach claims'Regulatory claimsTo protect your business against the risks associated with the CCPA privacy law, you need to carry the right cyber insurance coverage. Contact the experts at Knight Insurance Services for all yourcyber insurance liability coverage needs. We understand the devastating impact cyber risks can have on your business and will help you get the right coverage.