Will GDPR change your insurance policy?

Will GDPR change your insurance policy?

Over the last few of months, you’ve probably received 100s of emails from companies informing you about their privacy policy changes (including Vidigami). This has largely been a response to evolving state laws in the US and major changes in the European Union (EU) with their General Data Protection Regulation (GDPR), which came into effect only a few days ago.

Insurance companies are now quickly getting in the act. As the laws change to be more restrictive with student data, insurance companies are looking to hedge their risk of a data breach or legal non-compliance. A number of schools we have been working with have recently brought up discussions with their insurer along these lines.  

The specific type of insurance at issue here is cybersecurity insurance. At a high level, the Department of Homeland Security defines how cybersecurity insurance is designed to mitigate losses from cyber incidents. These include data breaches, business interruption, and network damage.

As the legal landscape evolves, insurance companies will seek to disclaim (or avoid) liability for harm caused when a school is not compliant with the laws. So, for example, if a school causes harm by circulating personally identifiable data of students on platforms like Facebook or Flickr, the insurance company will attempt to avoid coverage of this claim because the school is not properly protecting the personal data of its students.

Here is a good resource covering some basic questions and some good direction: 

TEN THINGS YOU NEED TO KNOW ABOUT CYBERSECURITY INSURANCE (datacenterjournal.com)

Are you facing changes at your school because of these new insurance compliance requirements? Let us know.

By |2018-06-01T10:22:13+00:00June 1st, 2018|Privacy and Security|0 Comments

About the Author:

Leave A Comment