- Privacy Risk Report - https://privacyriskreport.com -

Modification of Data Breach Laws Directly Impacts Insurers and Insureds

We have previously reported on other states, including California [1] and New Jersey [2], strengthening their data breach notification laws. Illinois Attorney General, Lisa Madigan, is now proposing [3] similar steps be taken in Illinois. In support of her attempt to modify the 2005 law, Madigan stated: “In light of last year’s massive data breaches, it is clearer than ever that much more must be done to protect sensitive data while ensuring that people know when their information has been compromised….”

In particular, the Attorney General is proposing the following modifications to Illinois’ Personal Information Protection Act (PIPA [4]):

Of course, while these heightened standards may be good for Illinois residents, anyone holding personal information of Illinois residents will be responsible for meeting the current and, at some point, the proposed requirements. The expanded definition of “personal information” will increase the number of entities subject to the current version of PIPA.Therefore, the best strategy is to continue to review your breach response plan to confirm it reflects the current laws.

Additionally, these proposals in Illinois and other states will have a direct impact on insurance coverage for data breaches. First, these proposals require insureds to inform not only their insurance carrier of a breach, but also the Attorney General’s office in addition to those individuals involved in the breach. Second, the risk to insureds increases as the scope of data breach notification laws widens. Therefore, we can expect the need for cyber insurance to continue to increase as more states strengthen their laws.