Navigating the Complex Maze of Online Data Privacy Regulations: An Added Challenge for Risk Managers

New York, NY — Online data privacy regulations are becoming increasingly complex for risk managers as states and countries introduce new measures. Anthony Dagostino, the New York-based global cyber chief underwriting officer for Axa SA, stated that staying up-to-date with regulatory issues is crucial for both underwriters and policyholders. Differing incident notification laws across US states present an additional challenge. Currently, 13 states have comprehensive privacy laws, while several others are in the process of developing legislation.

The variability between state regulations makes it challenging for risk managers to respond to breaches effectively. Kristen Peed, head of corporate risk at Sequoia Benefits and Insurance Services, explained that engaging with third parties who understand the specific requirements of each state is essential. California was the first state to introduce a mandatory notification requirement in 2003, which was later followed by other states, resulting in 50 different state notification requirements.

The regulatory landscape around the world is constantly evolving, and the same is true in the US. Rachel Lavender, Marsh’s US & Canada cyber brokerage leader, emphasizes the significance of brokers and insurers helping policyholders navigate these regulations. Paul Bantick, global head of cyber and technology for Beazley PLC, also agrees that providing guidance on compliance with regulations is an important aspect of their work.

Overall, the increasing number of regulations poses challenges for risk managers, underwriters, and policyholders alike. Staying informed about the evolving regulatory landscape is crucial to ensure proper response and compliance in the event of a cyber breach or related incident.