The California Consumer Privacy Act of 2018 (CCPA) took effect on Jan. 1, 2020, and compliance departments across the United States now have some work to do. This is especially relevant for insurance companies that insure countless businesses for regulatory liability risks.
With CCPA, Californians are guaranteed the right to know what personal information is being collected from them, whether such information is sold or disclosed and to whom, the right to request deletion of their personal information, and the right to opt out. There is much talk about how insurers will comply with this law as businesses that collect personal information, but insurers may also be asking whether they can or should be insuring their clients against CCPA violations. Because it may be difficult for some companies—especially large businesses that have numerous established data systems—to achieve CCPA compliance, this could translate into costly claims for insurers.