Cyber Insurers and Insureds Must Prepare For New Privacy Regulations
First there was the European Union’s General Data Protection Regulation which has now been in effect for over a year. Then California passed its Consumer Protection Act to be effective January 1, 2020. Now New York has passed its own privacy act (the SHIELD Act) effective March 21, 2020 requiring companies to safeguard personal information and giving consumers the right to know who sees their personal information.
These new laws and their penalties for violations will affect many businesses with customers in those jurisdictions even if they do not have a physical presence there. Insurers must cover those regulations as part of “cyber” policies or endorsements. Businesses with limited cyber coverage which excludes regulatory fines and penalties need to upgrade their insurance. Insurers must not only protect the personal information they collect, but educate their customers about new privacy requirements.