February 23, 2024 at 12:29PM
Corporate directors and security teams are under pressure to comply with the SEC’s new cybersecurity regulations. Woodruff Sawyer’s David Anderson warns that mishandling PII could lead to costly claims, potentially rivaling ransomware attacks. Privacy issues, including pixel-tracking claims and GDPR violations, are becoming a top concern for cyber insurance underwriters. Compliance with privacy laws and regulation is crucial, as even minor infractions could lead to significant fines and legal violations. It is important for companies to stay informed about privacy laws, eliminate unnecessary data, and seek guidance from their cyber insurer to ensure compliance.
Key Takeaways from the Meeting Notes:
1. Cybersecurity regulations by the SEC are a top concern for corporate directors and security teams, with potential financial impact comparable to ransomware attacks.
2. Privacy claims can have catastrophic effects over the long term, with pixel-tracking claims emerging as a target for plaintiffs’ bar, and privacy being identified as a major concern for cyber insurance underwriters.
3. Privacy is increasingly recognized as a business issue, requiring closer attention from underwriters and boards of directors.
4. Data hoarding and inadequate data classification pose significant challenges for organizations, with failure to understand the full scope of privacy laws and data privacy requirements escalating risks.
5. Compliance with regulations and laws, such as posted privacy policies and opt-out requests, is critical, as minor infractions can lead to significant regulatory violation fines and denial of insurance claims.
6. Seeking support from cyber insurers to address compliance gaps and leveraging resources such as security tabletop exercises can help companies navigate complex privacy landscapes and maintain policy compliance.
Let me know if you need anything else.