The Cyber Insurance Academy sat down with cyber insurance attorney, Judy Selby, to shed light on the significant implications of the recent legal case involving Meta (formerly Facebook). The case revolves around Meta’s transfer of EU citizens’ personal data to the US and the subsequent violation of GDPR regulations. But what is the impact of the Meta case on cyber insurance?
This blog post provides a concise overview of the interview. Watch the full interview here.
Meta’s Data Transfer and GDPR Violation – What Actually Happened?
Selby explained that Meta’s case gained prominence due to the substantial fine of €1.2 billion imposed on the company. The violation occurred when Meta transferred personal data of EU citizens to the US without adequate safeguards to comply with GDPR regulations. The regulatory decision revealed that over 300 million people’s data was being transferred daily, constituting a significant breach. While the decision indicated that Meta acted with serious negligence, it fell short of intentional violation, which would have resulted in even higher penalties.
Impact of the Meta Fines on Cyber Insurance
Selby pointed out that the Meta case brings to light the issue of privacy exposure for companies and its implications for cyber insurance claims, even in the absence of data breaches or security events. While Selby acknowledged that the impact might vary depending on the specific wording of cyber insurance policies, she emphasized the need for insurers to address this exposure proactively. The evolving landscape of privacy regulations, increased regulatory activity, and growing litigation indicate a pressing need for insurers to scrutinize their coverage and underwriting processes.
Emerging Trends and Challenges For Cyber Insurance Claims Handlers and Underwriters
Selby highlighted the rising frequency of privacy-related class-action lawsuits, even where data breaches or security incidents have not necessarily occurred. In the US, lawsuits filed under laws such as the Video Privacy Protection Act and the California Invasion of Privacy Act pose substantial risks for insurers. The absence of well-defined standards and the subjective nature of privacy laws make it challenging for underwriters to assess compliance accurately. Selby stressed the need for insurers to understand evolving privacy regulations, analyze court decisions, and seek legal counsel to navigate the complex landscape.
Boost your career
Boost your salary
Stay Relevant with the Global Standard in accredited Cyber Insurance Certification.
Changes to Cyber Insurance Minimum Controls Following the Meta Case
Against the backdrop of increasingly problematic privacy regulation exposure, Selby suggested that underwriters investigate their insured’s business processes in greater depth and reassess minimum requirements. Questions to put to insureds in proposal forms include those which evaluate the transmission and processing of EU residents’ personal information, the type and volume of data being transferred, and the level of compliance with privacy laws. Insurers may also need to review privacy policies, potentially seeking legal expertise to ensure compliance. Brokers should stay updated on regulatory developments and communicate effectively with clients to understand their business operations and potential exposures in order to help them to effectively and align their coverage needs with the changing environment
Resources For More Information on this Case
Staying well-versed in the evolving landscape of privacy regulations and compliance requirements is vital in order to build greater client trust and to manage regulatory exposure. Selby’s top three resources for keeping breadth of regulatory developments include: daily google searches, exploring reputable broker websites, and keeping an eye on industry publications, such as the Cyber Insurance Academy’s Knowledge Hub.
The Meta case highlights the critical intersection of privacy exposure and cyber insurance. Insurers must adapt to the evolving landscape of privacy regulations and take proactive measures to assess and address potential risks. By staying informed, engaging legal counsel, and collaborating closely with clients, insurers and brokers can navigate the complex realm of privacy compliance and effectively manage cyber insurance claims.
Cyber Insurance Academy?
We are the global standard for accredited cyber insurance certification, with +4,000 Members from +40 countries.
About Judy Selby
Judy is a partner in Kennedys’ New York office. She assists insurers with cyber insurance claims and policy wording. Judy is a frequent speaker at cyber insurance industry events and has been featured in prominent publications, including the Wall Street Journal, Law360, and Fortune, concerning insurance for cyber and other emerging risks.
Kennedys is a global law firm with experience in dispute resolution and advisory services, and over 2,400 people in 43 offices / 21 countries around the world, handling both contentious and non-contentious matters and provide an array of legal services with a particular focus on defending insurance and liability claims and advising on coverage issues.