Data privacy remains one of the most significant concerns facing the insurance industry. A flurry of new and evolving data security and privacy laws and regulations are re-shaping the regulatory landscape, making it more difficult for companies to avoid exposing themselves to regulatory and other legal risk. This is especially true for companies that operate on a national level and must comply with the laws of multiple jurisdictions. It is crucial for companies to maintain a culture of compliance by staying abreast of emerging legal and regulatory standards adopted by state legislatures and insurance departments.

Overview

Recently, California enacted the California Consumer Privacy Act of 2018 (CCPA), which becomes effective Jan. 1, 2020. The CCPA was signed into law after being rushed through the California Legislature to block a similar ballot initiative that had garnered sufficient signatures to qualify for the November 2018 election. While both measures contained similar terms, it will be significantly easier for the California Legislature to amend the CCPA than its ballot counterpart.