The burgeoning multi-billion dollar cyber insurance market is expected to continue its 25%+ annual growth over the next few years. Despite this dramatic growth, the market is plagued with uncertainty over the meaning of key policy terms and scope of coverage. The lack of both uniformity in cyber policy language and judicial guidance interpreting policy language prevent companies from confidently assessing their loss exposure in the event of a major data breach.
On March 2, 2016, the CFPB finalized a Consent Order with Dwolla, an online payment platform, for violations of the CFPA. It is the CFPB’s first enforcement action related to data privacy and security. It is notable because Dwolla appears to have become an enforcement target due solely to its robust claims about security, and not due to any data breach. It also places obligations on Dwolla’s Board to become responsible for data privacy and security in the company.
The past week has seen two key developments in EU-US data privacy relations — the US enacted the Judicial Redress Act into law, and EU and US officials published the proposed EU-US Privacy Shield protocol for transatlantic data transfers. While the Privacy Shield still has a gauntlet of EU bureaucracy to navigate, companies that relied on Safe Harbor should begin to plan now to comply with the robust new requirements of Privacy Shield, or implement other measures to satisfy the EU Privacy Directive to import EU data to the US.
As part of a massive new initiative, Obama establishes the Federal Privacy Council and a national commission on cybersecurity
Spencer Fane Chairman Pat Whalen was featured as a guest author in this month’s issue of BankNews magazine providing insights and updates on the protocol for handling data breach notifications. The article, titled “When to Send a Data Breach Notification,” discusses the laws surrounding security breaches and the responsibility of companies to determine when notification of customers is both necessary and required by law.
Elizabeth Fast will be speaking on the subject of data security breaches and internet fraud losses at the 4th Annual MIBA Security Conference in Columbia, MO on September 25, 2013.