New data privacy laws like the California Consumer Privacy Act (CCPA) have “forced enterprises to rethink the types of personal information they collect and share, and the policies and procedures they implement to safeguard that data,” Marc S. Voses and Courtney H. Zucker write in Security.
In their article, Marc, chair of Goldberg Segalla’s Cybersecurity and Data Privacy practice, and Courtney, an associate in the Cybersecurity and Global Insurance Services practices, discuss the CCPA, its scope and application, legal risks, and practical steps that enterprises can take to ensure compliance.
“The CCPA’s implicit goal is to have enterprises re-evaluate the categories of information they collect from California residents so as to minimize the risk of loss of that personal information,” they write, pointing to the statutory damages that are now available to data-breach class action plaintiffs if they establish that an enterprise failed to maintain reasonable cybersecurity procedures and practices. Marc and Courtney advance the argument that the CCPA’s “true nature” is one of “a data security regulation, adding more pressure to an organization’s cybersecurity experts to adopt ‘reasonable security procedures and practices’ and make sure they evolve as new cyber risks emerge.”
Courtney H. Zucker counsels insurers on a variety of complex coverage matters and handles all stages of insurance coverage litigation, from inception through trial and appeal. In addition, she handles issues related to cyber insurance coverage and data breach-related litigation. Her background also includes representing clients in high-exposure and catastrophic injury cases with a focus on damages.