CA’s New Privacy Law, And Why Insurers Are Paying Close Attention

In many respects, California’s sweeping new privacy law is similar to Europe’s General Data Protection Regulation. It puts businesses on the defensive, while giving consumers vastly more control over their data. But there is at least one major difference. Under the GDPR, fines and penalties are not insurable, but under California’s Consumer Privacy Act of 2018, they are. This is both a concern and a big opportunity for carriers, according to an article in Insurance Journal. There is a lot of potential liability: The California law provides both for private lawsuits and for enforcement by the state attorney general, and among its requirements are that a businesses disclose the categories of personal information it has collected about consumers, where it got that information, and what it’s being used for. The law covers any for-profit company that does business in California, no matter where it’s based, and that has revenues of more than $25 million, that receives each year more than 50,000 unique personal records (which could include something as simple as the IP addresses of a websites’s visitors) or that derives more than 50 percent of its annual revenues from selling personal information.