Home > Property & Casualty > New CalOPPA disclosure rules could pave way for federal cyberliability laws

New CalOPPA disclosure rules could pave way for federal cyberliability laws

070117_cybercrimeAs network security breaches and cybercrimes continue to plague businesses and major corporations, the issue has come under strict scrutiny from federal regulators, with at least 46 states passing laws pertaining to data breach and disclosure requirements. Most recently, the State of California has amended the California Online Privacy Protection Act (CalOPPA) which requires that any person or business operating a commercial Web site or online service that collects “personally identifiable information” about state residents post privacy policies on their site. Effective January 1, 2014, businesses must also disclose how their sites respond to “do not track” (DNT) signals sent by web browsers . DNT signals are proposed HTTP header fields that allow users to opt-out from being tracked by certain Web sites, including analytics services, advertising networks, and social platforms. 

The law also now requires operators to disclose whether third parties may collect personally identifiable information about an individual consumer’s online activities and when they are using certain sites. The amendment expands the definition of “personally identifiable information” from a person’s name, social security and credit card information to now include an individual’s email address, username and/or password and security questions, such as those used on social networking sites.

As the threat of online data breaches continues to grow, it’s likely that other states will follow California’s lead and enact similar DNT requirements into their cyber security laws. Research shows that organizations with strong security regulations in place can reduce their exposure to data breaches by at least 20 percent according to a Ponemon Institute survey conducted last year.

Today, risk managers have more responsibility than ever before to safeguard their client’s and customer’s personal information. Companies often store large volumes of private information on servers and databases, and as the recent Target scandal (http://news.msn.com/us/target-encrypted-pins-were-stolen-in-recent-breach) has shown, even when that data is encrypted, the files can be accessed. In addition, the use of unsecure smartphones and other mobile devices increases the threat of data breaches even more, especially when used for sending messages containing private information. As a result, risk managers have all the more reason to add cyberliablity coverage to their risk management portfolios.

Click here to learn more about the expansion of CalOPPA and its requirements from our friends at Pepper Hamilton LLP. In fact, they are hosting an upcoming webinar on Privacy and Data Security for Life Sciences and Health Care Companies,  click here to for more information.

About the Author

Amy Sinclair is an Executive Vice President and co-leader of the Life Sciences Practice in WGA’s Property and Casualty Group. She negotiates, implements and manages comprehensive insurance programs for a variety of clients, ranging from venture-backed start-up organizations up to publicly traded companies.

617.646.0229 | Asinclair@wgains.com | Connect with Amy on LinkedIn

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s