Colorado Small Businesses Now have More Liability to Protect Consumer Data
Did you know that over 58% of Data Breaches happen to small Businesses?
Did you know that in May 2018…..
Colorado passed House Bill 18-1128 which strengthens protections for Consumer Data Privacy? And the new Colorado State Law requires a hacked company to respond!
A Colorado business or entity that uses another’s ‘personal Identifiable info’ in course of business such as a: Social Security number, Drivers License number, passport number or any other government issued identifying number has a duty to protect this information and notify the consumer of a breach and possible misuse of their data or face and penalties and/or prosecution by the Colorado State Attorney General. Some of the business’ duties after a breach are listed below. (Make sure to go to the actual Colorado House Bill 18-1128 for the full language of the bill for more information on a business’ responsibility to prevent a data breach, responsibilities after a breach and potential penalties for not following the law. )
• The Business must develop ‘written’ policy to require paper or electronic documents no longer needed to be shredded, erased or modified to make the info unreadable or indecipherable.
• Business must implement and maintain ‘reasonable’ security procedures to protect identifying information. If that identifying information is then turned over to a 3rd, the business is responsible to make sure the 3rd party has procedures to shield the info from unauthorized access or use.
• If a business becomes aware that a security breach may have occurred:
o They must conduct a good faith, prompt investigation to determine the likelihood personal information has or will be misused.
o Give notice (free of charge) to the person of the breach if it’s determined their info might misused. Giving the client the following: date (or date range) of the breach, a description of acquired information, contact info for consumer reporting agencies, contact info for the Federal Trade Commission, and notice they can obtain info from these agencies about fraud alerts and security freezes.
o Contact Law Enforcement and cooperate in an investigation
o Restore integrity of the breached system
o Direct the person to change their password…. And so on.
Yikes…this sounds expensive!
Why Small Businesses Should Purchase Cyber Liability or Data Breach Coverage
The good news is the insurance industry has created a coverage that is designed to help offset the costs to address a data breach. Client notification, extortion fees, legal fees, data recovery, damages awarded to clients are all costs a business can expect to pay and might be reimbursed if Cyber Liability Coverage is purchased before the breach occurs. Most policies will also provide resources to help the business avoid this type of loss and access professionals to help in the recovery process if a data breach occurs.
The cost to purchase Cyber liability coverage depends on the size of the company and its exposure to a data breach. We encourage ALL businesses to contact their insurance agent and get more information on this coverage and how it can help their company (and company’s clientele) recover from a data breach. Denver West Insurance Brokers commercial insurance broker and works with commercial businesses throughout the State of Colorado. We are local to Denver, Lakewood, Arvada, Wheat Ridge, Littleton and Golden. Give us call to find out how this important coverage can be of benefit to your small business.