Our prior post discussed three potential enhancements to cyber-related liability insurance policies designed to maximize their potential responsiveness to actions initiated by consumers or the state attorney general under the California Consumer Privacy Act (CCPA). Today, we offer four additional suggested coverage enhancements for consideration in advance of the CCPA’s January 20, 2020, effective date:
The California Consumer Privacy Act (CCPA) is a game-changer. Taking effect on January 1, 2020, the data privacy law creates new statutory rights governing the handling, storage, and sale of personal information. It broadens significantly the definition of “personally identifiable information” over prior statutory enactments. It reaches companies inside and outside of California based on revenue or the number of consumers whose personal information is bought, sold, shared, or received by a company. It creates private rights of action permitting the potential recovery of statutory or actual damages for consumers, and a new public form of action for the assessment of fines by the state attorney general.
Will typical cyber-related liability insurance policies respond to actions initiated under the CCPA? In their current form, many likely will not. This post suggests enhancements to existing cyberliability policies to maximize their potential responsiveness to CCPA actions.