BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

RIMS urges risk managers to address California privacy law

Data privacy

Risk managers should start internal discussions with key stakeholders about implementing the California Consumer Privacy Act of 2018 and the impact it may have on their business operations, says a report issued by the Risk & Insurance Management Society Inc. on Thursday.

The legislation, which was signed into law by Gov. Jerry Brown in June, becomes effective Jan. 1, 2020, and is similar in some respects to the European Union’s General Data Protection Regulation. 

The RIMS report describes the businesses covered by the CCPA; its key obligations; how personal information is defined under the legislation; the rights provided to California consumers under the law; and how it compares with the GDPR.

It was written by RIMS external affairs committee member Teri Cotton Santos, who is global chief compliance and risk officer and general counsel with Chicago-based Hoffman-Barnes Risk Management Consulting Co.

“Stakeholders should consider the impact of the legislation on current and future business models, specifically those that rely on the sale of consumer data,” says the report.

“Stakeholders should also consider whether key operational changes needed to comply with CCPA can be implemented only in the portion of the business that touches California consumers, or whether the implementation should be across a larger part of the organization, recognizing that other states could implement laws similar to the CCPA in the future,” says the report.

Among other advice provided, the report says companies should conduct an analysis of the consumer data they hold. They should also develop requirements and documents unique to their business and a gap analysis to determine where operational controls may be needed.



Read Next