Skip to main content
  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
Hiscox Insurance
Menu Toggle
  • Home
  • Small Business Insurance Small Business Insurance Toggle Menu
    Protect your business, plan for the unexpected, and help your business grow.
    • Top Coverages

      • General Liability Insurance

        The basic protection for claims against your business.

      • Errors and Omissions

        Protection against claims of negligence

      • Professional Liability

        Protection for specific risks in your field.

      • Business Owners Policy

        General Liability plus coverage for property.

      • Short-Term Liability Insurance

        Purchase coverage for a specific period of time.

      • Cyber Security Insurance

        Protection from cyber-related security risks.

      • Workers Compensation

        Protection from work-related illness or injury.

      • More Coverages

        Umbrella, Auto, Directors and Officers, and more

    • Coverage for 180+ Professions

      • Architects & Engineering
      • Beauty
      • Contractors
      • Consulting/Freelancing
      • IT/Technology
      • Landscapers
      • Marketing
      • View All Industries
    • Coverage for 49 States

      • View All States

    Retrieve Your Saved Quote

    Small Business Insurance Main Page

  • Why Hiscox Why Hiscox Toggle Menu
    With a single focus on Small Business Insurance, we provide fast, customized coverage just for you.
      • About Us
      • Customer Stories
      • Ratings & Reviews
      • Our Brand
      • Newsroom

    About Hiscox Main Page

  • Resources Resources Toggle Menu
    Insights and information to empower you and your business.
    • Blog
      • Start Your Business
      • Grow Your Business
      • Protect Your Business
      • Celebrate Courage
      • Business Insurance 101
      • Research & Insights
      • Partner Services
      • Insurance Glossary
      • Profit Calculator
      • Business Templates

    Resources Main Page

  • Policy Management Policy Management Toggle Menu
    We make it easy for policy-holders to make changes, access documents, and report claims.
    • Manage Your Policy Online

      • Hiscox Policy Management

        • Change Business Address
        • Get an ACORD Certificate
        • Get a Certificate of Insurance
        • Issue an ACORD for an Additional Insured
        • Request Policy Documents
        • And more

    • Claims

      • Claims Center
      • Report a Claim
      • Claims FAQs
      • Claims Customer Reviews
      • Cyber Vendor Services
      • Refer a friend

    If you purchased coverage from a broker and would like to update or change your policy, please contact your broker.

    Policy Management Main Page

  • Claims Center
  • Contact Us
  • Español
  • Brokers & Agents
  • About
  • Get a Quote Get a Quote
  • About
  • Get a Quote Get a Quote
  • Blog Home
    Start Your Business
    Grow Your Business
    Protect Your Business
    Celebrate Courage
    Search

    Small Business Insider

    Sign up to get the latest small business tips delivered right to your inbox.
    Close Close
    Protect Your Business
    February 25, 2019

    Preparing your small business for US data privacy regulations

    Cyber | Industry Spotlight
    By: Hiscox Blog

    Share Image

    Embed Image

    Copy

    Share Article:

    Data privacy laws have touched down on U.S. shores. While many large enterprises have already prepared, their small counterparts face unfamiliar burdens and potentially ruinous penalties.

    Is your small business ready to take decisive action by protecting people's personal information? Your answer could determine whether your company becomes an industry leader or a cautionary example of abject failure. Fortunately, with the right combination of privacy protection coverage and lawful compliance leadership, it's possible to master data privacy for small business. Here are a few pointers on minimizing risks and limiting the costs of events like breaches, hacks, and cyberextortion.

    The State of U.S. Data Privacy Regulations

    Even with widespread public adoption of data technology, the U.S. lacks a comprehensive federal privacy framework. This doesn't mean, however, that your growing enterprise can play things fast and loose when it comes to safeguarding personal information.

    In the absence of one universal law, firms are instead subject to a host of different statutes. Your compliance burdens are partially dependent on what field you specialize in.

    For example, the Health Insurance Portability and Accountability Act, or HIPAA, includes strict rules regarding the storage, transmission, sharing, and handling of patient data. HIPAA impacts everyone from private practices and clinics to the insurers and medical records software providers they do business with.

    The Children's Online Privacy Protection Act, or COPPA, covers activities that involve collecting data from kids under the age of 13. This means it can impact a large number of companies whose users include minors. The FTC hasn't been shy about fining businesses that fail to follow COPPA rules, such as ensuring that children have parental consent before using websites and posting age-specific privacy policies.

    Thanks to the Judicial Redress Act of 2015, citizens of certain covered foreign nations have the right to bring lawsuits against U.S. companies that don't protect their information as specified by the Privacy Act of 1974. This law might affect you if you do business with partners from overseas or want to expand your product sales to new territories.

    New Data Privacy Rules on the Rise

    If all you focus on is overcoming federal privacy hurdles, you're bound to get caught off guard. Different legal jurisdictions retain the power to set their own standards. For instance, in June 2018, state lawmakers passed the California Consumer Privacy Act. This law gave people the right to ask companies not only whether they'd collected their information but also whom they'd sold it to.

    One noteworthy aspect of modern privacy laws is that they don't always go into force at once or apply equally to all businesses. New York's 23 NYCRR 500 rule is a good example. This law went into effect on March 1, 2017, and it set later deadlines for different hoops companies had to jump through, such as submitting formal compliance certification by March 2019. The legislation also included exemptions to specific rules based on factors like how many in-state employees companies had, their annual revenues and assets, and whether they controlled their own IT systems and information.

    EU GDPR: Learning From the European Model

    If this patchwork of regulations seems confusing and burdensome, then you're probably not alone. Luckily, such events aren't without precedent.

    When the European Union's General Data Protection Regulation, or GDPR, became law in May 2018, it was the culmination of about four years' worth of effort. During that time, companies had to learn not only about the new rules regarding data breach handling, consent, privacy by design, and other topics but also rethink their business models to incorporate Data Protection Officer roles.

    What can you take from the GDPR transition? No matter whether you're trying to comply with state, federal, or international statutes, you'll need to do more than memorize a few rules here and there.

    The complexity of IT systems and processes makes data privacy a full-time job. Depending on where and how you work, you'll most likely have to bring in outside help to minimize your risks. You should also ensure that you have coverage in case you miss critical details.

    Four Steps for Complying With Data Privacy Laws as a Small Business

    Ready to enact better data privacy governance policies? Here are a few steps to get you started:

    Create a Dedicated System

    Data security regulations are still evolving, and even those based on well-established laws can be hard to decipher. The easiest way to stay on your toes is to appoint an accountable company officer to handle data privacy. Whether this is their sole responsibility depends on your resource availability and legal requirements, but at least one person in your firm should continuously be in tune with your oversight stance.

    Leverage Third-Party Auditing

    Sometimes, it takes an outsider's perspective to uncover your mistakes. Third-party auditing services may be able to help you identify compliance gaps before regulators fine you for them. With some laws, it may even be an explicit requirement.

    Establish a Culture of Accountability

    Privacy disasters occur for many reasons, but multiple studies have shown that human errors are prevailing factors. While the percentage of incidents caused by negligent insiders is hard to pin down, these security breaches can sink firms just as readily as outside hacks can. Establishing better rules, such as bring your own device policies, and investing in staff education might just save your reputation and user data.

    Vet Your Partners Thoroughly

    Small enterprises naturally rely on business-to-business networking and partnerships to accomplish more. These arrangements can represent serious hazards. If you're working with a web host that fails to secure its data centers, for example, then anyone who enters their information on your site might be in danger. Since they probably won't buy the excuse that their identity theft nightmare was someone else's fault, you need to make sure that your partners uphold the same rigorous compliance standards that you do.

    These are just some of the concepts you'll need to comprehend to stay ahead of the regulators. As laws shift, maintaining the right attitude is vital. Those who adopt a proactive stance are far less likely to fall prey to fines and reputation-killing data losses.


    Protect Your Business

    Protect the business you’ve worked so hard to build. Get a fast, free quote and your business could be covered today.

    Get a Quote
    Get a Quote
    Subscribe to our newsletter

    Related Articles

    4 Min Read
    Woman's hand on laptop keyboard. Cyber icons. Error message. Top cyber risks in 2021.

    The top 5 cyber risks for businesses in 2021

    Cyber | Insurance 101

    Cyber risks increased as a result of Covid-19 in 2020. Business owners still need to stay prepared against those threats plus new ones in 2021. Here are the top five cyber risks to watch for in 2021 and how you can protect your business. Read More

    3 Min Read
    Woman at work using hand sanitizer. OSHA COVID-19b guidelines.

    New OSHA guidelines on how businesses should handle COVID-19 in the workplace

    Claims | Management

    New OSHA guidelines on COVID-19 in the workplace are here. Here's everything you need to know if you're a business owner and have employees.  Read More

    4 Min Read
    how much does business insurance cost? Insurance icon.

    How much does small business insurance cost?

    Insurance 101 | Professional Liability

    Wondering how much business insurance costs? Here are some of the factors that go in to how much business insurance costs and some examples of what a hypothetical small business might pay for insurance.  Read More


    We’re here to help.
    We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.
    Get a Quote
    Get a Quote
    Blog, Footer2021
    • What We Cover
      • Business Insurance
      • General Liability Insurance
      • Professional Liability Insurance
      • Errors and Omissions
      • Cyber Security Insurance
      • Workers Compensation
      • Other Coverage
    • Who We Cover
      • Small Business Owners
      • LLC
      • Side Hustle
      • Contractors
      • Home Businesses
      • 180+ Professions
    • For Our Customers
      • Refer a Friend Program
      • Covid-19 Response
      • Claims Center
    • For Business Owners
      • Save with our Partners
      • Hiscox Podcast for Business
    • About Hiscox
      • About Us
      • Careers
      • Contact Us
      • Hiscox Corporate
      • Investors
      • Foundation
      • Newsroom
      • We Stand Together
      • Affiliate Partner Program
    Blog, Footer, 2nd Row (new)
    • Accessibility
    • Site Map
    • Privacy Policy
    • Terms of Use
    • Legal Notices
    • Español

    Feefo Reviews: Hiscox rated 4.8/5 with 2,032 reviews between January 31, 2020 - January 21, 2021

    © 2021 Hiscox Inc. All rights reserved. Underwritten by Hiscox Insurance Company Inc., 104 South Michigan Avenue, Suite 600, Chicago, IL 60603. As of December 31, 2019, HICI had admitted assets of $778,266,779 and policyholders surplus of $215,333,986. Total liabilities were $562,932,793 (inclusive of $236,274,591 of loss reserves) and paid up capital stock was $4,242,000.

    icon-facebook
    icon-youtube
    icon-twitter
    icon-linkedin