Skip Ribbon Commands
Skip to main content
S1-Post-Only

Cyber Guide Cost and Penalties for Non-compliance

Non-compliance with any of these regulations may come with a substantial penalty These can vary by state, as do the data breach communication requirements. Penalties can be assessed as:
  • Civil penalties per resident affected and/or per breach.
  • Additional penalties for actual economic damages.
  • Also punishable by other state-specific deceptive trade practices laws, or as prescribed by a state attorney general.
  • The law that applies is within the jurisdiction of the person whose data was breached.

There are also timelines for responses; may carry penalties for delays in notifications.


** As impactful as anything listed above or below, comes the loss of trust from your customers.  You are the trusted advisor and custodian of their private information - Consider the business impact to your agency if you experience a data breach and have to communicate their personally-identifiable information has been exposed.  See examples of Real-World IA Data Breaches here.  



The IIABA Office of General Counsel's paper “The Privacy Provisions of the Gramm-Leach-Bliley Act and Their Impact on Insurance Agents & Brokers" defines the penalties for noncompliance under section VIII – Enforcement as follows:  


Button

Penalties for Insurance related entities are enforced by each state's Department of Insurance.

Button

Civil action against any financial institution that engages in conduct constituting a violation of the Act.

Button

Financial institutions found to have violated the Act can be fined:

A.  Up to $100,000 for each violation.
B.  Officers and directors of the financial institution ('agencies') may be personally liable for a civil penalty of not more than $10,000 per violation.





Costs and Penalties for Noncompliance Could Include the Following:

EXAMPLES OF FIRST-PARTY EXPENSES


Button

Legal Expenses

Button

Computer Forensics Expenses

Button

Notification and Call Center Expenses

Button

Crisis Management and Public Relations Expenses

Button

Cyber Extortion Expenses

Button

Data Restoration Expenses

Button

Business Interruption Expenses

Button

Dependent Business Interruption Expenses

Button

Fraudulent Transfer of Funds

Button

Possible ID Monitoring and Protection Expenses



EXAMPLES OF THIRD-PARTY EXPENSES



Button

Privacy and Security Related Litigation Expenses

Lawsuits filed by customers or employees.

Button

Regulatory Fines

Fines by state and federal regulators.

Button

Agencies Could Be Subject to Payment Card Losses

Fines and penalties from credit card companies and PCI requirements.







Agency Financial Penalties Due to a Breach - As Defined In Agency Contracts

As a result of the 'hold harmless' and 'indemnification' sections of agency/carrier agreements, the agency could be required to pay the following costs
and expenses, which would be in addition to the direct cost and expenses incurred by the agency in defense of their actions.



Button

A

Pay all costs of the investigation by the Carrier, both of the Agency as well as the costs of a national investigation since the breach originated at the agency level.

Button

B

Pay all costs of the required notifications by the Carrier.

Button

C

Pay all costs of attorney fees that were accrued by the Carrier.

Button

D

Pay all defense and liability costs accrued by the Carrier.

Button

E

Pay any additional costs accrued by the carrier as a result of the Agency's executed agency-carrier agreement.


image 
 
​127 South Peyton Street
Alexandria VA 22314
​phone: 800.221.7917
fax: 703.683.7556
email: info@iiaba.net

Follow Us!

Empowering Trusted Choice®
Independent Insurance Agents.​