The cyber insurance markets are beginning to adapt to the new California Consumer Privacy Act (CCPA) which went into effect on January 1, 2020.
There is great variation in how cyber insurance policies currently address risks under the CCPA. And further developments are expected as the law begins to impact companies under its jurisdiction—that is, companies that, regardless of their location, are for-profit, collect data from California residents, and either have annual revenue of at least $25 million; or collect, store and/or save the data of at least 50,000 California data subjects; or realize at least half of their revenue from the sale of data.
It is critical that companies subject to the CCPA understand the nuances of cyber insurance policies, and how they may be able to negotiate favorable coverage terms when they buy or renew them this year.
I dive into the CCPA’s impact on insurance policies in an article I co-authored with my Farella colleagues Sushila Chanana and Nate Garhart for TAG Cyber Law Journal. Read the full article, here.