CCybersecurity, or information security, refers to the measures taken to protect a computer or computer system against unauthorized access from a hacker. On its most basic level, data privacy is a consumer’s understanding of their rights as to how their personal information is collected, used, stored and shared.
Data breaches can take place on both a large and small scale, but most people are probably more familiar with the bigger incidents. Every employer faces the reality that they could be the target of a network security breach. A cybersecurity breach can jeopardize credibility and cost small businesses without cyber liability insurance thousands of dollars (or more) in damages, impacting customer service, productivity and reputation.
Data breaches are cybersecurity attacks that impact personal data and privacy. It might seem like cybersecurity or information security and data privacy are interchangeable terms, but let’s take a look at the main differences.
Cybersecurity, or information security, refers to the measures taken to protect a computer or computer system against unauthorized access from a hacker. A robust cybersecurity policy protects secure, critical or sensitive data and prevents it from falling in to the hands of malicious third parties. The most common forms of cyber attacks are phishing, spear phishing and injecting malware code into a computer system.
What is Data Privacy?
Varonis defines data privacy as a type of “information security that deals with the proper handling of data concerning consent, notice, sensitivity and regulatory concerns.” On its most basic level, data privacy is a consumer’s understanding of their rights as to how their personal information is collected, used, stored and shared. The use of personal information must be explained to consumers in a simple and transparent manner and in most cases, consumers must give their consent before their personal information is provided.
The protection of data privacy has come to the forefront with the launch of the General Data Protection Regulation (GDPR) by the European Union (EU) in 2018. The GDPR updated an older data law to reflect today’s ever-changing technology. The GDPR places more requirements on organizations that process and collect personal data, emphasizing accountability and evidencing compliance while strengthening the individual’s rights.
The GDPR applies to all data directly or indirectly related to an identifiable person in the EU that is processed by an individual, company or organization. Any small business that processes people's personal data within the EU is subject to the GDPR, no matter where in the world the business is based. It is important to note that the GDPR pertains to people within the EU, but not necessarily to EU citizens. This means that any company using the data of EU subjects, even if this company is stationed outside the EU, will need to comply with new ways of protecting data related to identifying information, IP address, cookies, health, genetic or biometric data, racial or ethnic data and sexual orientation.
The California Consumer Privacy Act A.B. 375 (CCPA) gives California residents an assortment of new privacy rights, starting with the right to be informed about what kinds of personal data companies have collected and why it was collected.
The CCPA gives California residents an assortment of new privacy rights, starting with the right to be informed about what kinds of personal data companies have collected and why it is being used. The law stipulates that consumers have the right to:
The GDPR and California privacy regulations spotlight the importance of data privacy. This privacy extends to the systems that collect, store, process and transmit data. Cyber privacy can include both personally identifying information (PII) or non-identifying information which when aggregated can be used to identify - like a user’s behavior on a website and cookie information.
The GDPR requires that an organization notify data protection regulators and affected individuals about any data breach which is likely to result in a privacy risk to those affected. Notification significantly increases the costs of responding to a data breach, as well as the chances that affected individuals will make claims against the controller.
The CCPA strengthens an individual’s rights to access and protect their personal data. These include a right for the individual to request that their data be deleted (the right to erasure), a right to object to processing and the right to data portability – in electronic form. This means that a policyholder could request a copy of all data that their insurer holds about them in a commonly used and machine-readable format so they can provide it to their new insurer. Also, individuals must be informed about any automated decision-making processes in the insurer’s privacy notice. Individuals will also have the right to object to automated decision-making, meaning that the insurer must have a non-automated alternative.
Ultimately, cybersecurity attacks are trying to get at a person’s or company’s data, and the risk for a data breach at an organization of any size has become increasingly higher. However, there’s been a distinct focus on cyber security, as companies have grown more aware of the various types of data breaches and the impact they can have on their brand, reputation and customer loyalty, not to mention the costs involved to properly notify all parties of the breach.
Companies are making it a priority to protect their organizations from data breaches by offering data security training, creating a company-wide data breach policy with a response plan ready to implement when/if it is needed. Small businesses can also help prevent data breaches by:
Another way to stay protected from a data breach is to understand their common warning signs and the things your organization can do to remain secure. These include:
Cyber insurance augments and supports the business’s efforts to recover in the event of a cyberattack. It will provide access to expert resources and financial support through investigation, notification, recovery and post-recovery activities related to a data breach event. For more information about cyber liability coverage in the time of data privacy, contact Jon Stolp at FRF Insurance at 850-222-8308 or firstname.lastname@example.org.
This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.