The cyber insurance markets are beginning to adapt to the new California Consumer Privacy Act (CCPA) which went into effect on January 1, 2020.

There is great variation in how cyber insurance policies currently address risks under the CCPA. And further developments are expected as the law begins to impact companies under its jurisdiction—that is,

California employers collectively breathed a sigh of relief when the state legislature delayed most of the California Consumer Privacy Act’s (CCPA) application to them until 2021. However, there’s not much time to relax: two significant CCPA provisions took effect in 2020, and the legislature is expected to pass an employer-specific data privacy law this year.

To ensure compliance with the provisions taking effect this year, and prepare for what may be coming next year, covered employers should consider taking the following steps now:
Continue Reading What Steps Should Employers Take Now Regarding the CCPA?

It was recently discovered that a certain software product, in this case used by numerous cannabis companies around the country, was not secure and allowed access to consumer data of companies using the software. You can read more about it in this linked article. This isn’t the first time a security vulnerability was introduced by the use of third-party software, and it won’t be the last. The CCPA requires “reasonable security measures” be taken to protect consumer data. It is likely that employing vulnerable software will be seen to violate this standard (it has yet to be tested), but will it lead to liability of the company employing the software?  I think it will.

So what is a company to do when purchasing third-party software that will store or otherwise have access to consumer data?
Continue Reading Data Security: Are you looking at your third party software?