On January 1, 2020, a new law will go into effect in California. The bottom-line? It gives consumers more of a say on how businesses use and gather their personal data. As we’ll learn later, it will impact insurance.
The bill was introduced by Democrat Assemblyman Ed Chau. He said it is a response to the data breaches of Target and Equifax and the data collection done on Facebook by Cambridge Analytica.
Here’s how the new law will work. Companies have to tell a consumer — upon request — what data they’ve collected, why it was collected and what third-parties have been given that data. At that point, a consumer can instruct the company to delete their information and order the firm to not share it with others.
Chau’s bill — however — does let companies give consumers discounts if they are allowed to use their data, and lets them charge people a reasonable fee for opting out.
Joan D’Ambrosio is with the law firm Clyde & Co. It specializes in insurance technology, media and privacy. She says insurance needs to pay very close attention to this law and its impact on the business.
“From an insurance perspective, it certainly creates the potential for more liability for companies and therefore for their insurers. There’s no question it will create potential liability,” she said.
Companies — she noted — that violate the law can face prosecution and lawsuits.
“The potential exposure would be down the line if companies deviate from the requirements. A lot of the details now are to be fleshed out but there is going to be a much higher level of accountability about the collection and usage of the information,” D’Ambrosio said.
California Governor Jerry Brown signed the bill into law a couple of weeks ago and noted it only affects California residents. That sets up — says cybersecurity expert Cynthia Larose — problems that will affect other states.
“It’s going to be impractical for companies to maintain two separate sets of privacy protections, one for California and one for everyone else,” she said.
Many California Republican legislators think the bill’s language is overly broad and want fixes.
Technology firms are equally concerned. TechNet is a lobbying group and it wants the law improved — as many in the legislature are promising to do — before it takes effect.
The group said it wants “meaningful privacy protections for Californians while also allowing all the benefits and opportunities consumers expect from U.S. technology to continue. Policymakers around the country looking at what California has done on this issue should understand that the California Legislature’s work is far from finished and that this law remains a work in progress.”
Source links: Insurance Journal — link 1, link 2