California SB-1159: On 9/17/2020 California enacted SB-1159 which imposes certain reporting requirements on California employers. Effective immediately, California employers are required to report positive COVID-19 tests to their workers compensation claim administrator, whether there is an allegation the COVID-19 exposure is related to work or not. Additional information on California SB-1159 can be found here.

Cyber & Information Security vs. Data Privacy

Topics: Cyber Liability Small Business Advice Small Business

Organizations both large and small were victims of data breaches over the past year. Some of the big names impacted were British Airways, T-Mobile, Facebook and the biggest breach, Marriott Starwood, which was discovered at the end of 2018. Every employer faces the reality that they could be the target of a network security breach. A cybersecurity breach can jeopardize credibility and cost small businesses thousands of dollars (or more) in damages, impacting customer service, productivity and reputation.

Data breaches are cybersecurity attacks that impact personal data and privacy. It might seem like cybersecurity or information security and data privacy are interchangeable terms, but let’s take a look at the main differences.


What is Cybersecurity or Information Security?

Cybersecurity or information security refers to the measures taken to protect a computer or computer system against unauthorized access from a hacker. A robust cybersecurity policy protects secure, critical or sensitive data and prevents it from falling in to the hands of malicious third parties. The most common forms of cyber attacks are phishing, spear phishing and injecting malware code into a computer system.

What is Data Privacy?

Varonis defines data privacy as a type of “information security that deals with the proper handling of data concerning consent, notice, sensitivity and regulatory concerns.” On its most basic level, data privacy is a consumer’s understanding of their rights as to how their personal information is collected, used, stored and shared. The use of personal information must be explained to consumers in a simple and transparent manner and in most cases, consumers must give their consent before their personal information is provided.

Worldwide Data Privacy Regulations


The protection of data privacy has come to the forefront with the launch of the General Data Protection Regulation (GDPR) by the European Union in 2018. The GDPR updated an older data law to reflect today’s ever-changing technology. Additionally, it was created to bridge a perceived gap between the EU’s fundamental right to privacy and the routine collection and use of personal data in our increasingly digitalized economy. It places more requirements on organizations that process and collect personal data with an emphasis on accountability and evidencing compliance, while strengthening the individual’s rights.

The GDPR applies to all data directly or indirectly related to an identifiable person in the EU that is processed by an individual, company or organization. Any small business which processes the personal data of people within the EU is subject to the GDPR, no matter where in the world the business is based. It is important to note that the GDPR pertains to people within the EU, but not necessarily to EU citizens. This means that any company using the data of EU subjects, even if this company is stationed outside the EU, will need to comply with new ways of protecting data related to identifying information, IP address, cookies, health, genetic or biometric data, racial or ethnic data and sexual orientation.

The GDPR is viewed as a model for updating privacy laws around the world. Currently, there is no U.S. federal standard for data privacy protection, but many states have their own data privacy laws. In fact, California has passed a wide-reaching privacy law that will go into effect in 2020.


California Consumer Privacy Act

As mentioned above, the California Consumer Privacy Act A.B. 375 gives California residents an assortment of new privacy rights, starting with the right to be informed about what kinds of personal data companies have collected and why it was collected. The law stipulates that consumers have the right to request the deletion of personal information, opt out of the sale of personal information and access the personal information in a “readily useable format” that enables the easy transfer of the data to third parties.

Protecting Your Company from a Cybersecurity Attack

Ultimately, cybersecurity attacks are trying to get at a person’s or company’s data, and the risk for a data breach at an organization of any size has become increasingly higher. However, this year there’s been a distinct focus on cyber security, as companies have grown more aware of the various types of data breaches and the impact they can have on their brand, reputation and customer loyalty, not to mention the costs involved to properly notify all parties of the breach.

Companies are making it a priority to protect their organizations from data breaches by offering data security training, creating a company-wide data breach policy with a response plan ready to implement when/if it is needed. Small businesses can also help prevent data breaches by:
  • Keeping Data Safe: Because many data breaches happen because of employee error, staff should only have access to the information vital to their particular role within the company. Additionally, consider records retentions programs that require employees to purge files both on their computers and any hard copies they keep (according to the program), destroying the information in the proper manner.
  • Password Protection Program: To stay protected from a data breach, small businesses and their employees should use strong passwords for every site accessed on a daily basis. Also, passwords should never be shared between employees or written down where others can see it.
  • Update Security Software: Companies should utilize firewalls, anti-virus software and anti-spyware programs to help ensure sensitive data cannot be easily accessed by hackers. However, these security programs also require regular updates to keep them free from vulnerabilities, so make sure to check any software vendors’ websites to learn about upcoming security patches and other updates.

Protect Your Company with Cyber Liability Insurance

Cyber liability insurance for small businesses provides a variety of services to address the modern day risks and threats of business identity theft and data breaches. For more information about cyber liability coverage in the time of data privacy, contact AmTrust Financial Services or your AmTrust-appointed agent.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones