Last Friday, California’s governor signed into law Senate Bill 46 (PDF), a major expansion of their current data breach notification legislation. The highlight of the bill makes any known intrusion or breach into a security system grounds for notification, whereas the previous version of the law only required notification if there was a confirmed loss of personally identifiable information (PII).
The law goes into effect on January 1, 2014, and applies to all governmental agencies, persons, or businesses that conduct business in California. That’s an important distinction for businesses in the other forty-nine states (and abroad), because they are now required to follow not only their domestic state laws but California’s as well.
For consumers and individuals, this expanded law should be welcomed. When one provides a business with confidential information, it’s expected that that information will remain in the hands of the trusted source. In today’s world of hackers and identity thieves, no entity is immune from the threat of a data breach. (Just ask Amazon.com, the Pentagon, or the NASDAQ. If they were all breached, do you believe your company is immune?) So when PII is lost, California’s consumers can at least find comfort in the fact that the breached organization is mandated by law to notify them of the loss of information.
Enter the world of cyber liability insurance. Businesses worried about a future data breach and loss of confidential information (of their customers and employees) can use a cyber liability insurance policy as a proven risk transfer tool. An effective cyber policy pays for the notification costs (like those required by California) as well as expenses for legal defense, computer forensics, public relations, business interruption, cyber extortion, and more.
And believe you me: A cyber liability insurance policy is a heck of a lot cheaper than having to pay all those costs out of your bottom line.
On an individual basis, some homeowners’ insurance policies offer endorsements or riders that will help and financial resources to a person recover their stolen identity.
Of the 46 states that have notification laws on the books, California’s newly expanded legislation places a large onus on businesses to protect any and all information in their possession, and also notify their customers if, and when, a data breach occurs.
Stay safe, Nickel
Don’t hesitate to call me directly if you have any questions or worries about cyber liability coverage—410-727-2211 x606.