Data Breach Notification Laws?



There are state, federal, and even international laws governing the notification processes that must be followed following a cyber incident that compromises data. Businesses of all sizes are obligated to adhere to the laws. Having a solid cyber incident response plan at the ready is essential.


Investigate, Respond, Report

Cybersecurity solutions built on “if” a cyber attack occurs are irrelevant in the face of increased threats to business and consumer data. Experts say it is now best practice to assume that cybersecurity breaches will occur and put protections and responses in place accordingly. Consider for example how even a failed cyber attack, such as the placement of malicious software in the system, can be very disruptive. Figuring out the forensics of what happened and the legalities of who needs to be properly notified can be very costly.


While having a comprehensive cybersecurity plan is essential for all businesses, it is also critical to have an incident response plan at the ready. Observing that the Federal Trade Commission (FTC) is enforcing consequences for “data breach inaction,” experts from Foley & Lardner underscore the importance of having—and implementing—cyber breach response plans:


Such a program should include an incident response plan in the event that a data breach occurs so that the appropriate regulators, government agencies, and affected individuals are timely and properly notified. All 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have data breach notification laws, and organizations must follow the law in each state where affected individuals are located, regardless of the location of the organization. Foley maintains a summary of applicable laws here


Organizations should be proactive in investigating, responding to, and reporting such incidents in accordance with state, federal, and international laws, as well as timely disclosing breaches to affected consumers. A failure to do so may not only result in penalties with the FTC, but also expose an organization to litigation…An organization will be best served to handle and potentially defend itself from any resulting data breach litigation by maintaining and monitoring the effectiveness of its security program, and diligently investigating, reporting, and responding to any potential breach.


Get your company’s response plan in place affordably, today: Colonial Surety’s Basic Cyber Liability Insurance includes breach response services, ensuring that obligatory investigation and notification procedures are implemented. Protection against lawsuits and regulatory actions are also covered. With an annual fee of less than $175, businesses can secure $50,0000 of Basic Cyber Liability Insurance. Complete the easy, online application in minutes and immediately print or download the policy, which gives you:


  • Expert-led response services following a data breach.
  • Protection from lawsuits and regulatory actions related to the breach.
  • Legal services.
  • Computer forensic services.
  • Public relations and crisis management expenses.
  • Notification services.
  • Call Center services.
  • Credit and Identity monitoring and other personal fraud or loss prevention solutions.


Obtain Basic Cyber Liability Insurance Here In Minutes


Small Business? Retirement Plan?

Cybersecurity is not just for big businesses—in fact, smaller businesses have a lot to worry about—and lose. As The National Law Review sums up: “Cybercriminals consider small businesses, because of their size, perceived lack of sophistication, and lower investment in cybersecurity, to be particularly vulnerable…”


Many small businesses have found that offering a company sponsored retirement plan is essential to attracting and retaining a diversity of talented employees. Having a retirement plan turns out to be good for business—as well as people. It also makes it extra important to put protections in place. Federal courts are shaping what the American Bar Association refers to as the intersection of ERISA and cybersecurity. Essentially, based on the duty of prudence, cyber breaches are resulting in allegations of fiduciary breaches. That’s why Colonial Surety offers an affordable Fiduciary with Cyber Liability Insurance Pack to retirement plan sponsors. Armed with this coverage, if you face claims of alleged or actual breaches of duty in connection with the employee retirement plan, you’ll be covered for defense costs and penalty limits up to $1,000,000. Plus, uniquely with this package, in the event of a cyber breach, your business—and plan—will receive support at every stage of incident investigation and breach response, as well as coverage against lawsuits or regulatory actions related to the breach. Obtain protection, conveniently and quickly, right here, today:


Fiduciary and Cyber Insurance for Retirement Plan Sponsors.


Colonial Surety was founded in 1930 and brings deep experience and market expertise to every product and every customer relationship. Colonial Surety gives its customers the assurance that they, their businesses, and their clients are safeguarded with the right surety and insurance products at all times.


We make it easy for a wide range of industries and professions to buy the bonds and insurance products they need. Colonial Surety is a direct and digital insurer offering products through an online platform supported with exemplary customer service. The company gives customers a simple, direct, and instant service that takes the pain out of buying insurance and bonds. Colonial Surety is licensed in every state in the U.S., rated “A” Excellent by A.M. Best, and listed by the U.S. Treasury as an approved surety.