CCPA Effective Date is January 1st: Does Your Business Have Indemnity Insurance Coverage?

January 1, 2020, is the effective date of the California Consumer Privacy Act (“CCPA”), which is coming up fast. The CCPA provides consumers with various rights with respect to the data and personal information that is collected on them by businesses operating here in the Golden State. Violation of the CCPA could be very costly. The CCPA allows for the imposition of statutory civil penalties of up to $7,500 per violation per consumer. Even a few violations could result in substantial fines and penalties. The CCPA is a complex and confusing statute. To ensure compliance, your business should seek the advice and counsel of an experienced San Diego corporate attorney.

For now, these civil penalties can be sought by the California Attorney General’s Office. As of now, there is no private right of action by individuals impacted by violation of the CCPA outside of limited circumstances involving a hack, security breach, or other unauthorized exfiltration of personal data. With respect to the civil penalties, two questions that every San Diego business should ask are: Does my business have indemnity insurance coverage if my business violates the CCPA? Will the insurance coverage be effective?

The CCPA will apply to more businesses than is commonly thought. Those subject to the CCPA are any business operating in California that have gross revenue of more than $25 million per year OR collects, receives, shares, or sells personal information of more than 50,000 California individuals/devices, OR earns at least half of its annual revenue by selling — sharing in exchange for value — the personal information of California residents. These thresholds are actually quite low. Further, “collecting” personal information is so routine that many businesses do not even recognize that they are in fact collecting personal information. Shipping and billing addresses, emails, phone numbers, credit card information and the like are all forms of “personal information” as defined by the CCPA.

Because the CCPA will apply to so many businesses, it is essential for every business to ensure that they have coverage for any violations under their general liability insurance policies. In general, indemnity insurance is available for computer, security, and data-related errors and omissions. These insurance products include coverage for direct losses (such as an adverse judgment or a settlement) and also for coverage related to director and officer liability. Without question, insurance coverage is needed for any private-party lawsuits that are filed and now is the time to seek coverage.

As for civil penalties that might be assessed as part of a proceeding by the Attorney General, insurance coverage should be obtained if possible. That being said, as currently written, there is an open question about whether civil penalties imposed by the CCPA are insurable. A general liability insurance policy will generally cover fines and penalties unless such coverage is prohibited by law. In this regard, the California Insurance Code prohibits insurance companies from providing coverage for any “fine, penalty, or restitution” imposed in any “proceeding or in any action or proceeding brought” pursuant to various statutory provisions, including Chapter 5 (section 17200 et seq.) of the Business and Professions Code. See Cal. Ins. Code, § 533.5. The civil penalties allowed under the CCPA are specifically linked to the Business and Professions Code, §17206. See CCPA, §1798.155(a)-(b). Thus, given the internal statutory linkage, one wonders if the State Assembly meant to preclude insurance coverage for civil penalties assessed for violations of the CCPA. The typical justification for prohibiting insurance coverage is preventative. That is, the wrongdoer should suffer the adverse consequences of the wrongful actions; allowing insurance coverage would eliminate the consequences and frustrate the purposes of the penalties and fines. Given the looming deadline, it is important to begin investigating insurance coverage now.

Contact San Diego Corporate Law Today

For more information, contact attorney Michael Leonard, Esq., of San Diego Corporate Law. Mr. Leonard can be reached at (858) 483-9200 or via email. Mr. Leonard has been named a “Rising Star” for four years running by Mr. Leonard provides a full panoply of legal services for businesses and proudly serves the San Diego business community. Like us on Facebook.

You Might Also Like:

What the California Consumer Privacy Act of 2018 Means for San Diego Businesses

Update: 2018 California Consumer Privacy Act is Amended

Mergers & Acquisitions: How Does The CCPA Impact The Deal?

Text Message Exchange Sufficient For Contract Formation

Checklist of Discussion Points For Business Buy-Sell Agreement

Source link

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.