Turn on more accessible mode

Turn off more accessible mode

Skip Ribbon Commands

Skip to main content

Turn off Animations

Turn on Animations

Print

S1-Post-Only

Cyber Guide Cost and Penalties for Non-compliance

Non-compliance with any of these regulations may come with a substantial penalty These can vary by state, as do the data breach communication requirements. Penalties can be assessed as: Civil penalties per resident affected and/or per breach. Additional penalties for actual economic damages. Also punishable by other state-specific deceptive trade practices laws, or as prescribed by a state attorney general. The law that applies is within the jurisdiction of the person whose data was breached. There are also timelines for responses; may carry penalties for delays in notifications. As impactful as anything listed above or below, comes the loss of trust from your customers. You are the trusted advisor and custodian of their private information - Consider the business impact to your agency if you experience a data breach and have to communicate their personally-identifiable information has been exposed. See examples of Real-World IA Data Breaches here**. The IIABA Office of General Counsel's paper “The Privacy Provisions of the Gramm-Leach-Bliley Act and Their Impact on Insurance Agents & Brokers" defines the penalties for noncompliance under section VIII – Enforcement as follows: Penalties for Insurance related entities are enforced by each state's Department of Insurance. Civil action against any financial institution that engages in conduct constituting a violation of the Act. Financial institutions found to have violated the Act can be fined: A. Up to $100,000 for each violation. B. Officers and directors of the financial institution ('agencies') may be personally liable for a civil penalty of not more than $10,000 per violation. Costs and Penalties for Noncompliance Could Include the Following: EXAMPLES OF FIRST-PARTY EXPENSES Legal Expenses Computer Forensics Expenses Notification and Call Center Expenses Crisis Management and Public Relations Expenses Cyber Extortion Expenses Data Restoration Expenses Business Interruption Expenses Dependent Business Interruption Expenses Fraudulent Transfer of Funds Possible ID Monitoring and Protection Expenses EXAMPLES OF THIRD-PARTY EXPENSES Privacy and Security Related Litigation Expenses Lawsuits filed by customers or employees. Regulatory Fines Fines by state and federal regulators. Agencies Could Be Subject to Payment Card Losses Fines and penalties from credit card companies and PCI requirements. Agency Financial Penalties Due to a Breach - As Defined In Agency Contracts As a result of the 'hold harmless' and 'indemnification' sections of agency/carrier agreements, the agency could be required to pay the following costs and expenses, which would be in addition to the direct cost and expenses incurred by the agency in defense of their actions.
A Pay all costs of the investigation by the Carrier, both of the Agency as well as the costs of a national investigation since the breach originated at the agency level. B Pay all costs of the required notifications by the Carrier. C Pay all costs of attorney fees that were accrued by the Carrier.	D Pay all defense and liability costs accrued by the Carrier. E Pay any additional costs accrued by the carrier as a result of the Agency's executed agency-carrier agreement.
More Guide Information 12-Step Compliance Roadmap Dive into each regulation and find resources from cyber providers and industry experts. Real-World BreachesIndependent agencies of any size can experience breaches. Read their stories here! Regulations and DescriptionsOverview cyber security regulations including Gramm-Leach-Bliley, NAIC, and NY DFS. Cybersecurity Provider ListingsFind a detailed analysis of service provider who can help independent agencies comply with cyber regulations. Reviewed and organized by ACT.