Business man on laptopLast month, the California Attorney General approved the final set of regulations interpreting the requirements of the California Consumer Privacy Act (Cal. Civ. Code Sections 1798.100 et seq.) (the “CCPA”).

What does it include?

The final CCPA regulations include a number of points of clarification such as what it means to provide “notice at collection,” the methods to provide a consumer with access to a business’s privacy policy and what content is required to be disclosed in that privacy policy, and the methods by which a company must provide consumers with a right to opt out from the sale of their personal information.
Continue Reading What do the final CCPA regulations mean for you?

On April 10, 2018, the Federal Financial Institutions Examination Council (the “FFIEC”), an interagency body composed of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency and the State Liaison Committee, issued guidance to assist financial institutions in analyzing the use of cyber insurance in an effective risk management program (the “Guidance”).Continue Reading How to Evaluate Cyber Insurance Options?

Businesses have largely benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, such technologies also make it increasingly difficult to monitor and control the unauthorized distribution of confidential data. On March 30, UK regulators fined a former managing director of Jeffries Group for divulging confidential client information. The banker, Christopher Niehaus, shared confidential information with two friends using WhatsApp, a popular text messaging app. The exposed information included the identity of a Jeffries Group client, the details of a deal involving the client, and the bank’s fee for the transaction. Perhaps the most surprising aspect of this story is that the leak was discovered at all. Because data sent on WhatsApp are encrypted and Mr. Niehaus used his personal mobile phone to send the messages, Jeffries Group only viewed the communications—and subsequently informed regulators—after Mr. Niehaus turned his device over to the bank in connection with an unrelated investigation.
Continue Reading Encrypted Messaging Apps Create New Data Privacy Headaches for Employers

Brokers around the globe are proselytizing about insurance for cyber risks. They say gaps in typical business coverages leave companies exposed to high costs and potentially extraordinary liability without coverage specifically tailored to cyber risks (including, but not necessarily limited to, data breach). And these brokers are right. The brokers, however, are sometimes wrong in encouraging their clients to opt into cyber coverage policies that are far less than ideal.

Recently, a client asked me to review various cyber coverage options presented to it by its broker. The broker had told the client that the cheapest option was, fortunately from the broker’s perspective, the best option. But as I reviewed the various cyber coverage forms, I was reminded that you often get what you pay for.
Continue Reading Holy Cr*p! I Have an Insurance Gap for My Cyber Attack?