Skip to main content
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
Hiscox Insurance
Menu Toggle
  • Home
  • Small Business Insurance Toggle Menu Toggle Menu
  • Why Hiscox Toggle Menu Toggle Menu
  • Resources Toggle Menu Toggle Menu
  • Policy Management Toggle Menu Toggle Menu
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
  • About
  • Get a Quote Get a Quote
  • About
  • Get a Quote Get a Quote
  • Blog Home
    Start Your Business
    Grow Your Business
    Protect Your Business
    Celebrate Courage
    Search

    Twenty-Four Seven

    Sign up to get the latest small business news delivered right to your inbox.
    Protect Your Business
    February 25, 2019

    Preparing your small business for US data privacy regulations

    Cyber | Industry Spotlight
    By: Hiscox Blog

    Share Image

    Embed Image

    Copy

    Share Article:

    Data privacy laws have touched down on U.S. shores. While many large enterprises have already prepared, their small counterparts face unfamiliar burdens and potentially ruinous penalties.

    Is your small business ready to take decisive action by protecting people's personal information? Your answer could determine whether your company becomes an industry leader or a cautionary example of abject failure. Fortunately, with the right combination of privacy protection coverage and lawful compliance leadership, it's possible to master data privacy for small business. Here are a few pointers on minimizing risks and limiting the costs of events like breaches, hacks, and cyberextortion.

    The State of U.S. Data Privacy Regulations

    Even with widespread public adoption of data technology, the U.S. lacks a comprehensive federal privacy framework. This doesn't mean, however, that your growing enterprise can play things fast and loose when it comes to safeguarding personal information.

    In the absence of one universal law, firms are instead subject to a host of different statutes. Your compliance burdens are partially dependent on what field you specialize in.

    For example, the Health Insurance Portability and Accountability Act, or HIPAA, includes strict rules regarding the storage, transmission, sharing, and handling of patient data. HIPAA impacts everyone from private practices and clinics to the insurers and medical records software providers they do business with.

    The Children's Online Privacy Protection Act, or COPPA, covers activities that involve collecting data from kids under the age of 13. This means it can impact a large number of companies whose users include minors. The FTC hasn't been shy about fining businesses that fail to follow COPPA rules, such as ensuring that children have parental consent before using websites and posting age-specific privacy policies.

    Thanks to the Judicial Redress Act of 2015, citizens of certain covered foreign nations have the right to bring lawsuits against U.S. companies that don't protect their information as specified by the Privacy Act of 1974. This law might affect you if you do business with partners from overseas or want to expand your product sales to new territories.

    New Data Privacy Rules on the Rise

    If all you focus on is overcoming federal privacy hurdles, you're bound to get caught off guard. Different legal jurisdictions retain the power to set their own standards. For instance, in June 2018, state lawmakers passed the California Consumer Privacy Act. This law gave people the right to ask companies not only whether they'd collected their information but also whom they'd sold it to.

    One noteworthy aspect of modern privacy laws is that they don't always go into force at once or apply equally to all businesses. New York's 23 NYCRR 500 rule is a good example. This law went into effect on March 1, 2017, and it set later deadlines for different hoops companies had to jump through, such as submitting formal compliance certification by March 2019. The legislation also included exemptions to specific rules based on factors like how many in-state employees companies had, their annual revenues and assets, and whether they controlled their own IT systems and information.

    EU GDPR: Learning From the European Model

    If this patchwork of regulations seems confusing and burdensome, then you're probably not alone. Luckily, such events aren't without precedent.

    When the European Union's General Data Protection Regulation, or GDPR, became law in May 2018, it was the culmination of about four years' worth of effort. During that time, companies had to learn not only about the new rules regarding data breach handling, consent, privacy by design, and other topics but also rethink their business models to incorporate Data Protection Officer roles.

    What can you take from the GDPR transition? No matter whether you're trying to comply with state, federal, or international statutes, you'll need to do more than memorize a few rules here and there.

    The complexity of IT systems and processes makes data privacy a full-time job. Depending on where and how you work, you'll most likely have to bring in outside help to minimize your risks. You should also ensure that you have coverage in case you miss critical details.

    Four Steps for Complying With Data Privacy Laws as a Small Business

    Ready to enact better data privacy governance policies? Here are a few steps to get you started:

    Create a Dedicated System

    Data security regulations are still evolving, and even those based on well-established laws can be hard to decipher. The easiest way to stay on your toes is to appoint an accountable company officer to handle data privacy. Whether this is their sole responsibility depends on your resource availability and legal requirements, but at least one person in your firm should continuously be in tune with your oversight stance.

    Leverage Third-Party Auditing

    Sometimes, it takes an outsider's perspective to uncover your mistakes. Third-party auditing services may be able to help you identify compliance gaps before regulators fine you for them. With some laws, it may even be an explicit requirement.

    Establish a Culture of Accountability

    Privacy disasters occur for many reasons, but multiple studies have shown that human errors are prevailing factors. While the percentage of incidents caused by negligent insiders is hard to pin down, these security breaches can sink firms just as readily as outside hacks can. Establishing better rules, such as bring your own device policies, and investing in staff education might just save your reputation and user data.

    Vet Your Partners Thoroughly

    Small enterprises naturally rely on business-to-business networking and partnerships to accomplish more. These arrangements can represent serious hazards. If you're working with a web host that fails to secure its data centers, for example, then anyone who enters their information on your site might be in danger. Since they probably won't buy the excuse that their identity theft nightmare was someone else's fault, you need to make sure that your partners uphold the same rigorous compliance standards that you do.

    These are just some of the concepts you'll need to comprehend to stay ahead of the regulators. As laws shift, maintaining the right attitude is vital. Those who adopt a proactive stance are far less likely to fall prey to fines and reputation-killing data losses.


    Protect Your Business

    Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

    Get a Quote
    Get a Quote
    Subscribe to our newsletter

    Related Articles

    5 Min Read
    Small business owners in capes, protecting what they've built from impacts of recession

    Ideas on how to make your business recession-proof

    Management | Entrepreneur

    Here’s what you need to know about the recession and some things you can do to reduce its impact on your small business.

    Read More

    4 Min Read
    sole proprietor learning what insurance policies are best for her business.

    Useful information on the best insurance for sole proprietors

    Insurance 101 | Entrepreneur

    As a sole proprietor, were you aware that you should have business insurance? Get the details on what type of policies are best for your small business needs.

    Read More

    3 Min Read
    Man sits on couch with telehealth professional on laptop

    Telehealth: Risks and rewards for your healthcare business – and what comes next

    Management | Cyber

    Many health and wellness providers are offering their services virtually. Here’s what you need to know about the risks, rewards, and future of telehealth. 

    Read More


    We’re here to help.
    We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
    Get a Quote
    Get a Quote

    Footer menu 1

    • What We Cover
      • Business Insurance
      • General Liability Insurance
      • Professional Liability Insurance
      • Errors and Omissions
      • Cyber Security Insurance
      • Workers Compensation
      • Other Coverage
    • Who We Cover
      • Small Business Owners
      • LLC
      • Sole Proprietors
      • Entrepreneurs
      • Side Hustle
      • Contractors
      • Home Businesses
    • For Our Customers
      • Refer a Friend Program
      • Covid-19 Response
      • Claims Center
    • For Business Owners
      • Save with our Partners
    • About Hiscox
      • About Us
      • Careers
      • Contact Us
      • Hiscox Corporate
      • Investors
      • Foundation
      • Newsroom
      • We Stand Together
      • Affiliate Partner Program

    Footer menu 2

    • Accessibility
    • Site Map
    • Privacy Policy
    • Terms of Use
    • Legal Notices
    • Español

    Feefo Reviews: Hiscox rated 4.7/5 with 1,067 reviews between January 1, 2022 - January 1, 2023

    * Any cost, premium, or coverage stated before an official customer quote are estimates and an approximation and are not guaranteed. Actual cost, premium, and coverage are subject to the unique considerations of each individual risk. Customer quotes are based on the information provided to Hiscox, and are subject to required underwriting and rating factors. Until an official customer quote is provided, all communication on this website or advertisement is provided as an example for informational purposes only, and is neither an offer nor a guarantee of available premium or coverage. Any coverage afforded by the products described are subject to and governed by the terms and conditions of each policy issued. This information may not be used to modify any policy that might be issued. Any information provided to assist in understanding the coverage we offer does not modify any insurance policy, nor does it imply that any claim is covered.

    © 2023 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 30 N. LaSalle St., Suite 1760, Chicago, IL 60602. As of December 31, 2021, HICI had admitted assets of $1,250,758,353 and policyholders surplus of $332,792,666. Total liabilities were $917,965,687 (inclusive of $433,752,764 of loss reserves) and paid-up capital stock was $4,242,000.

    icon-facebook
    icon-youtube
    icon-twitter
    icon-linkedin