Advancing Data Privacy
Oct 16, 2019

October is National Cybersecurity Awareness Month, a public / private campaign about the importance of cybersecurity and to ensure that all online users have the resources they need to #BeCyberSmart.  To all of you in our digital community, stay safe out there, and remember to own IT. Secure IT. Protect IT.



Right on cue, electronic data issues headline the risk and insurance industry this week, as New York and California take steps to increase the protection and privacy of personal information online.  The Way takes a closer look at the data privacy measures making news at both ends of the nation.  



A provision of New York’s “Stop Hacks and Improve Electronic Data Security (SHEILD) Act” becomes effective next Wednesday.  Under the SHEILD Act, companies that collect the personal data of New York residents must report data breaches to the New York attorney general.  The SHEILD Act expands the data elements that may trigger data breach notification to include certain biometric information, usernames, or email addresses, and account, credit card, or debit card numbers. The Act also revises how New York will interpret a security breach itself, broadening the infraction from a hacker’s “acquisition of data” to “access.”  The mere viewing of private information by a hacker may qualify as a “breach of the security of the system,” triggering notice obligations.



In California, Governor Gavin Newsom signed several bills to amend the California Consumer Privacy Act (CCPA).  These amendments change the state’s new privacy law before it goes into effect on January 1st. Notable changes include exemptions for de-identified or aggregate consumer and certain business-to-business communications.  The CCPA was also amended to exempt employee related data like the collection of personal information from job applicants, employees, business owners, directors, officers, medical staff, or contractors for one year. The governor also signed into law a new definition of personal information, in the context of a breach, to include specified biometric data, tax identification numbers, passport numbers, military identification numbers, and driver’s license numbers.



Additionally this week, California Attorney General Xavier Becerra proposed regulations that would dictate how the state will enforce the CCPA.  If finalized, the proposed regulations would include specific requirements that businesses must comply with, such as including a "do not sell" link for consumers. Businesses will also be required to treat consumer choices made in privacy settings as valid opt-out requests.



The AG’s office estimates that implementation of the CCPA regulations will cost companies between $467 million and $16.5 billion over the next decade and will also serve to protect more than $12 billion worth of information used for advertising each year.  That said, an independent research firm submitted an initial compliance cost estimate to the AG’s office topping $55 billion.  The deadline for submitting comments to the California AG's office regarding the proposed CCPA rules is Dec. 6. We’ll monitor the comments and report on any developments.




Governor Gavin Newsom signed legislation intended to grow the California home building industry and to combat a housing crisis in the Golden State.  The measure bans any housing construction moratorium for 5 years, forbids housing density reductions, and allows demolition of affordable and rent-controlled housing only if the demolished units are replaced. Supporters of the bill call it “a major step in addressing California’s housing shortage and will increase the housing supply by reducing the barriers to housing development.”



Following the passage of Pennsylvania House Bill 1170, private sector construction employers will be required  to run new hires’ information through the federal E-Verify program for social security number verification.  This is an existing requirement in public construction projects.  ​​Supporters of the bill say unauthorized labor drives down wages, and hurts companies and employees.​​ Governor Wolf did not sign or veto the bill, but his omission allowed it to become law. The new law will go into effect in one year.​


Making Our Way Around the Country


The U.S. Department of Labor (DOL) proposed new tip pooling regulations.  The proposed rule from the Labor Department would allow employers to require more widespread sharing of tips with "back of the house" coworkers, such as cooks and dishwashers. If finalized, the rule would permit employers to assign non-tipped tasks to workers who rely on gratuities for a big part of their income.  The proposal makes clear, however, that the existing rule prohibiting employers from keeping employees’ tips or participating in tip-pooling arrangements will remain in effect.



The Federal Motor Carrier Safety Administration proposes to review a Washington state law that requires employers to provide workers with a meal break of at least 30 minutes for every five-hour work period and a paid 10-minute rest break for every four-hour work period. Last December, the FMCSCA announced that carriers were exempt from similar labor laws in California.  Trucking trade associations and the FMCSA argue that such laws conflict with federal hours of service regulations. The agency is accepting comments through November 8th on whether it should exempt motor carriers from Washington’s employee break laws.



The Workers’ Compensation Insurance Rating Bureau of California (WCIRB) published a prospective estimate of the cost impact of SB 863, a 2012 measure that implemented a number of structural changes to the California workers’ compensation benefit delivery system.  The WCIRB estimates that SB 863 has saved $2.3 billion to the California workers’ compensation system annually, or 12 percent of total loss and loss adjustment expense costs. These savings have accumulated to a total system-wide savings of over $10 billion since SB 863’s implementation, which have largely driven a series of advisory pure premium rate decreases totaling more than 40 percent and have resulted in the lowest average charged premium rates in the marketplace in more than 40 years.



Back to our main story, the Risk Management Society (RIMS) will be in Washington, D.C., this week for the organization’s annual Legislative Summit.  Teams of RIMS delegates will be meeting members of Congress on a host of issues pertinent to our industry.  Included on the agenda is a legislative proposal to replace the current patchwork of state and federal regulations for data breaches with a federal standard that provides uniform protections for consumers and provides predictable notice requirements for employers in the wake of a breach.  Your authors at The Way will be proudly among the delegates on Capitol Hill.  We’ll provide you with a first-hand report on the progress of these initiatives. 


Share This
* Required Fields