Skip to main content
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
Hiscox Insurance
Menu Toggle
  • Home
  • Small Business Insurance Toggle Menu Toggle Menu
  • Why Hiscox Toggle Menu Toggle Menu
  • Resources Toggle Menu Toggle Menu
  • Policy Management Toggle Menu Toggle Menu
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
  • About
  • Get a Quote Get a Quote
  • About
  • Get a Quote Get a Quote
  • Blog Home
    Start Your Business
    Grow Your Business
    Protect Your Business
    Celebrate Courage
    Search

    Twenty-Four Seven

    Sign up to get the latest small business news delivered right to your inbox.
    Close Close
    Protect Your Business
    February 25, 2019

    Preparing your small business for US data privacy regulations

    Cyber | Industry Spotlight
    By: Hiscox Blog

    Share Image

    Embed Image

    Copy

    Share Article:

    Data privacy laws have touched down on U.S. shores. While many large enterprises have already prepared, their small counterparts face unfamiliar burdens and potentially ruinous penalties.

    Is your small business ready to take decisive action by protecting people's personal information? Your answer could determine whether your company becomes an industry leader or a cautionary example of abject failure. Fortunately, with the right combination of privacy protection coverage and lawful compliance leadership, it's possible to master data privacy for small business. Here are a few pointers on minimizing risks and limiting the costs of events like breaches, hacks, and cyberextortion.

    The State of U.S. Data Privacy Regulations

    Even with widespread public adoption of data technology, the U.S. lacks a comprehensive federal privacy framework. This doesn't mean, however, that your growing enterprise can play things fast and loose when it comes to safeguarding personal information.

    In the absence of one universal law, firms are instead subject to a host of different statutes. Your compliance burdens are partially dependent on what field you specialize in.

    For example, the Health Insurance Portability and Accountability Act, or HIPAA, includes strict rules regarding the storage, transmission, sharing, and handling of patient data. HIPAA impacts everyone from private practices and clinics to the insurers and medical records software providers they do business with.

    The Children's Online Privacy Protection Act, or COPPA, covers activities that involve collecting data from kids under the age of 13. This means it can impact a large number of companies whose users include minors. The FTC hasn't been shy about fining businesses that fail to follow COPPA rules, such as ensuring that children have parental consent before using websites and posting age-specific privacy policies.

    Thanks to the Judicial Redress Act of 2015, citizens of certain covered foreign nations have the right to bring lawsuits against U.S. companies that don't protect their information as specified by the Privacy Act of 1974. This law might affect you if you do business with partners from overseas or want to expand your product sales to new territories.

    New Data Privacy Rules on the Rise

    If all you focus on is overcoming federal privacy hurdles, you're bound to get caught off guard. Different legal jurisdictions retain the power to set their own standards. For instance, in June 2018, state lawmakers passed the California Consumer Privacy Act. This law gave people the right to ask companies not only whether they'd collected their information but also whom they'd sold it to.

    One noteworthy aspect of modern privacy laws is that they don't always go into force at once or apply equally to all businesses. New York's 23 NYCRR 500 rule is a good example. This law went into effect on March 1, 2017, and it set later deadlines for different hoops companies had to jump through, such as submitting formal compliance certification by March 2019. The legislation also included exemptions to specific rules based on factors like how many in-state employees companies had, their annual revenues and assets, and whether they controlled their own IT systems and information.

    EU GDPR: Learning From the European Model

    If this patchwork of regulations seems confusing and burdensome, then you're probably not alone. Luckily, such events aren't without precedent.

    When the European Union's General Data Protection Regulation, or GDPR, became law in May 2018, it was the culmination of about four years' worth of effort. During that time, companies had to learn not only about the new rules regarding data breach handling, consent, privacy by design, and other topics but also rethink their business models to incorporate Data Protection Officer roles.

    What can you take from the GDPR transition? No matter whether you're trying to comply with state, federal, or international statutes, you'll need to do more than memorize a few rules here and there.

    The complexity of IT systems and processes makes data privacy a full-time job. Depending on where and how you work, you'll most likely have to bring in outside help to minimize your risks. You should also ensure that you have coverage in case you miss critical details.

    Four Steps for Complying With Data Privacy Laws as a Small Business

    Ready to enact better data privacy governance policies? Here are a few steps to get you started:

    Create a Dedicated System

    Data security regulations are still evolving, and even those based on well-established laws can be hard to decipher. The easiest way to stay on your toes is to appoint an accountable company officer to handle data privacy. Whether this is their sole responsibility depends on your resource availability and legal requirements, but at least one person in your firm should continuously be in tune with your oversight stance.

    Leverage Third-Party Auditing

    Sometimes, it takes an outsider's perspective to uncover your mistakes. Third-party auditing services may be able to help you identify compliance gaps before regulators fine you for them. With some laws, it may even be an explicit requirement.

    Establish a Culture of Accountability

    Privacy disasters occur for many reasons, but multiple studies have shown that human errors are prevailing factors. While the percentage of incidents caused by negligent insiders is hard to pin down, these security breaches can sink firms just as readily as outside hacks can. Establishing better rules, such as bring your own device policies, and investing in staff education might just save your reputation and user data.

    Vet Your Partners Thoroughly

    Small enterprises naturally rely on business-to-business networking and partnerships to accomplish more. These arrangements can represent serious hazards. If you're working with a web host that fails to secure its data centers, for example, then anyone who enters their information on your site might be in danger. Since they probably won't buy the excuse that their identity theft nightmare was someone else's fault, you need to make sure that your partners uphold the same rigorous compliance standards that you do.

    These are just some of the concepts you'll need to comprehend to stay ahead of the regulators. As laws shift, maintaining the right attitude is vital. Those who adopt a proactive stance are far less likely to fall prey to fines and reputation-killing data losses.


    Protect Your Business

    Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

    Get a Quote
    Get a Quote
    Subscribe to our newsletter

    Related Articles

    4 Min Read
    the impact the war in Ukraine has on small businesses

    The war in Ukraine – is there a risk to your business?

    Cyber | Management

    The war in Ukraine could pose a cyber risk to your small business that you haven’t considered. Read how you could be affected. 

    Read More

     
    Learn more about cloud storage and get tips on choosing the right provider

    Best cloud storage for small businesses

    Technology | Tools & Templates

    Most everything is up in the cloud these days, and moving your business data to the cloud is a logical and practical move. Learn more about cloud storage and get tips on choosing the right provider.

    Read More

    4 Min Read
    supporting mental health in the workplace

    5 tips to support mental health as people return to the workplace

    Small business inspiration | Management

    You’ve taken your time in finding the best staff for your small business, now invest in their holistic well-being. Learn how to support mental health in your workplace.

    Read More


    We’re here to help.
    We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
    Get a Quote
    Get a Quote

    Footer menu 1

    • What We Cover
      • Business Insurance
      • General Liability Insurance
      • Professional Liability Insurance
      • Errors and Omissions
      • Cyber Security Insurance
      • Workers Compensation
      • Other Coverage
    • Who We Cover
      • Small Business Owners
      • LLC
      • Sole Proprietors
      • Entrepreneurs
      • Side Hustle
      • Contractors
      • Home Businesses
    • For Our Customers
      • Refer a Friend Program
      • Covid-19 Response
      • Claims Center
    • For Business Owners
      • Save with our Partners
    • About Hiscox
      • About Us
      • Careers
      • Contact Us
      • Hiscox Corporate
      • Investors
      • Foundation
      • Newsroom
      • We Stand Together
      • Affiliate Partner Program

    Footer menu 2

    • Accessibility
    • Site Map
    • Privacy Policy
    • Terms of Use
    • Legal Notices
    • Español

    Feefo Reviews: Hiscox rated 4.8/5 with 2,032 reviews between January 31, 2020 - January 21, 2021

    © 2022 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 104 South Michigan Avenue, Suite 600, Chicago, IL 60603. As of December 31, 2021, HICI had admitted assets of $1,250,758,353 and policyholders surplus of $332,792,666. Total liabilities were $917,965,687 (inclusive of $433,752,764 of loss reserves) and paid-up capital stock was $4,242,000.

    icon-facebook
    icon-youtube
    icon-twitter
    icon-linkedin