data breach notification

State Legislatures Continue to Update Breach Notification Laws

While the California Consumer Privacy Act (“CCPA”) has inspired many states to consider their own consumer privacy bills, including Nevada which recently enacted a new law, not to be lost in the CCPA-focused frenzy is the fact that states continue to revise their data breach notification statutes. In recent weeks, the new Massachusetts breach notification amendment has gone into effect, New Jersey, Maryland, Oregon, Texas, and Washington have enacted their own breach notification amendments, and Illinois has proposed a bill that is poised to become law in the near term. READ MORE

Five Things to Look For in Your Cyber Coverage

The data breach earlier this month that potentially exposed information about millions of federal government employees is yet another reminder that any organization that maintains data is at risk of being hacked. And rest assured that if you get hacked, you will incur substantial costs as a result, including substantial notice and related costs and potentially massive third-party liability claims.

We have written extensively about so-called “cyber” insurance, including how cyber insurance is neither comprehensive nor standardized. As a result, when you are shopping for your first (or next) cyber policy it is important to understand what types of coverages, exclusions and conditions are in the market. Making a well-informed purchase starts with knowing your options.

There are too many differences between cyber policies to cover in one blog post, and the market, still in its youth, is rapidly evolving. But here is a list of five important things—in no particular order—to consider when you’re in the market for cyber insurance: READ MORE

Cyber Insurers On the Prowl for Liable Third Parties

While there have been a number of high-profile data breaches in recent years, there have been few coverage lawsuits arising out of these breaches, presumably because cyber insurers have been paying claims. A recent action, however, suggests how cyber insurers may be trying to fund this coverage position: by suing allegedly responsible third parties. In what appears to be a novel approach for insurers covering data breach claims, Travelers Casualty and Surety Co. of America has sued its insured’s website designer in the wake of a cyber attack. Travelers’ complaint alleges that its insured, Alpine Bank, hired Ignition Studio, Inc. to design and service the bank’s website. Travelers alleges that Ignition negligently designed and maintained the website, allowing hackers to access the site through the server on which it was hosted. Alpine spent over $150,000 complying with its data breach notification obligations, for which it was reimbursed by Travelers. Travelers, as Alpine Bank’s assignee and subrogee, now seeks to recover that amount from Ignition. READ MORE