Wednesday, November 30, 2022

State-Mandated Cyber Insurance Bill Fails Passage

Legislation opposed by the California Chamber of Commerce as an overbroad state mandate requiring contractors with state agencies to obtain cyber insurance failed to pass the Assembly Privacy and Consumer Protection Committee this week.

The 11-member committee, chaired by Assemblymember Ed Chau (D-Monterey Park), failed to approve AB 2320 (Chau; D-Monterey Park) on May 5.

In testimony to the committee, CalChamber Policy Advocate Shoeb Mohammed argued that the bill “raise[s] concerns, particularly for small businesses,” and detailed ambiguities with the language of the bill which could lead to duplicative insurance coverage, unreasonable coverage limits, and liability for losses that are not the result of a contractor’s breach of an agreement with a state agency.

Overall Lack of Clarity

CalChamber opposed AB 2320 because it is unclear. The bill did not clarify whether businesses with existing coverage are required to obtain duplicative cyber insurance policies, and it does not specify whether duplicative insurance is a requirement.

Additionally, the bill’s requirement that contractors purchase cyber insurance should be tied to whether the contract itself involves receiving personal information, but the language of the bill does not address this.

Moreover, there is a lack of clarity as to whether the bill intends to be prospective only, or whether it has retroactive applicability.

Overbroad Insurance Requirements

CalChamber further opposed the bill because it would require a contractor to carry “cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information” (emphasis added).

This language is problematic because the term “all” losses could include losses that are not the result of the contractor’s breach of the agreement, and the term “potential” unlawful access or disclosure is not tailored by any measurable harm.

These concerns were also shared by Assemblymember Jay Obernolte (R-Big Bear Lake), who asked the author to respond to CalChamber’s comments relating to this broad language during the committee hearing.

Amount of Cyber Insurance Coverage Not Linked to Contract

CalChamber additionally opposed AB 2320 because it provided no guardrails to ensure that the value of any mandatory cyber insurance coverage is mathematically or logically linked to the value of the data, the amount of data, the value of the contract, or any other relevant metric.

As it relates to the amount of cyber insurance coverage, the bill says that it shall be “in an amount determined by the contracting agency” but provides no safeguards to ensure that the amount of coverage required by state agencies must be calculated in a logical and relevant manner.

Although CalChamber agrees with efforts to increase data protection and cyber security for people across the state, mandatory insurance requirements are most appropriately addressed during the request for proposal process. This is partly because state mandates drive up the barriers of entry for businesses that want to compete for these types of contracts, thus eliminating the number of businesses who can compete and therefore eliminating competition. Consequently, this also harms state agencies by driving up costs for these contracts, ultimately increasing costs for taxpayers.

Key Vote

AB 2320 fell short of votes needed to pass Assembly Privacy and Consumer Protection on May 5, 5-3:

Ayes: Chau (D-Monterey Park), Carrillo (D-Los Angeles), Medina (D-Riverside), Mullin (D-South San Francisco), Wicks (D-Oakland).

Noes: Kiley (R-Roseville), Gallagher (R-Yuba City), Obernolte (R-Big Bear Lake).

Not voting: Bauer-Kahan (D-Orinda), Berman (D-Palo Alto), Irwin (D-Thousand Oaks).

Staff Contact: Shoeb Mohammed

Shoeb Mohammed
Shoeb Mohammed
Shoeb Mohammed was a CalChamber policy advocate from December 2019 to January 2022. He specialized in privacy and cybersecurity, economic development, technology, telecommunications and elections/fair political practices issues.

Related Articles

5 New California Labor Laws Employers Should Start Preparing For

In Episode 161 of The Workplace podcast, CalChamber employment law expert Matthew Roberts and CalChamber policy advocate Ashley Hoffman discuss five new labor laws employers should know and prepare for: SB 1162; AB 152;...

Years of Discussions Yield Far-Reaching Packaging Deal

A workable compromise on a circular economy policy for California was reached in the final days before the Legislature left for summer recess and resulted in the billion-dollar plastics tax ballot initiative being pulled...

Authors Share Small Business Success Tips from Self-Made Bosses

In Episode 153 of The Workplace podcast, CalChamber President and CEO Jennifer Barrera and authors Jackie Reses and Lauren Weinberg discuss entrepreneurship and share tips for starting and managing a successful small business. Small businesses...