Will GDPR change your insurance policy?
Insurance companies are now quickly getting in the act. As the laws change to be more restrictive with student data, insurance companies are looking to hedge their risk of a data breach or legal non-compliance. A number of schools we have been working with have recently brought up discussions with their insurer along these lines.
The specific type of insurance at issue here is cybersecurity insurance. At a high level, the Department of Homeland Security defines how cybersecurity insurance is designed to mitigate losses from cyber incidents. These include data breaches, business interruption, and network damage.
As the legal landscape evolves, insurance companies will seek to disclaim (or avoid) liability for harm caused when a school is not compliant with the laws. So, for example, if a school causes harm by circulating personally identifiable data of students on platforms like Facebook or Flickr, the insurance company will attempt to avoid coverage of this claim because the school is not properly protecting the personal data of its students.
Here is a good resource covering some basic questions and some good direction:
Are you facing changes at your school because of these new insurance compliance requirements? Let us know.