With the genie long out of the bottle, the ability to maintain and manage control over how one’s personal information is collected, accessed, maintained, stored, and shared simply cannot withstand the onslaught of increasingly sophisticated and interconnected technology. Still, companies eager to reach out and touch consumers (and their data) in increasingly intimate ways that are fast becoming normal business practices may find themselves at risk of encountering lawsuits, not only in the event of accidental or malicious data breaches, but also should an alleged misuse of personal data occur. New regulation that took effect recently takes data protection to a new level.
The GDPR Seeks to Protect Consumers
On May 25, 2018, the European General Data Protection Regulation, or GDPR, became a global watchdog – promising to levy substantial penalties on any organization anywhere in the world that improperly collects, processes or stores the personal data of citizens within the European Union. Canada is another country that is currently intensifying regulations concerning personal data, establishing more stringent requirements for data breach reporting, as well as expanded rules about the use and collection of personal data. In both Canada and the European Union, an emphasis is being placed on whether companies have sought the consent of individuals in gathering their information and communicated specifics about how it will be used.
Going forward, debates will continue to rage about privacy regulation, personal privacy rights, and whether the current lack of standard wording in these regulations will hamper their effectiveness in the long run. What is clear right now is that businesses will need to rely on a quality Cyber insurance program to offer protection against inappropriate access of data by employees or data breaches by malicious hackers. Companies that do business internationally will want to pay particular attention to compliance with GDPR regulations.
Many new risks are emerging as business operations continue to bring online new ways to process consumers’ personal information—from collection to use to storage and more—with the potential to result in litigation when data breaches or use outside of changing regulations is discovered. As new risks continue to emerge, the insurance industry is hard at work to develop new products and enhance existing coverage to address the new exposures. For example, protection against “publication of material that violates a person’s right to privacy” is already a component in many types of standard Commercial General Liability insurance policies; still, insurers are working to more precisely define language and develop new policies to address the multi-national challenges arising from commercial liability risks associated with privacy regulations.
RPS provides Cyber insurance solutions for businesses, with programs that can be tailored to fit a customer’s specific needs as well as written to cover a host of exposures, including the always-changing cyber risk du jour. Please give us a call to assist you with providing the right protection for your clients.