GDPR and CCPA Insurance Coverage Issues: Addressing New Risk Exposures

Recording of a 90-minute CLE webinar with Q&A

Conducted on Wednesday, September 11, 2019

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will address the insurance coverage issues raised by the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The panel will provide practical guidance for insurance counsel on the new rights, obligations, and remedies under CCPA and GDPR and innovative ways insurance can be used to best protect client interests.


The CCPA, which will take effect on Jan. 1, 2020, is arguably the most comprehensive privacy law in the United States. While inspired by the GDPR, the CCPA differs in several significant respects. Companies that fail to comply with these new privacy regimes may face regulatory enforcement actions, steep fines, consumer litigation, and loss of customer goodwill.

Many companies are scrambling to bring their internal practices into compliance and to obtain insurance coverage for the new statutory exposures. Unfortunately, many of the cyber policies currently on the market may not provide adequate coverage for the new legal risks. A few insurers have begun to innovate by putting new products on the market, but significant questions remain about whether insurers will cover new litigation claims under CCPA and whether fines under GDPR are insurable.

Listen as our authoritative panel offers practical guidance on these issues for both policyholders and insurer counsel. They will address how to determine if a company is subject to the new privacy laws and the consequences for failure to comply. They will also discuss the protections offered by insurance and how policies can be modified to enhance those protections.



  1. Overview
  2. GDPR
  3. CCPA
  4. Key insurance issues
    1. Adequacy of cyber insurance policies
    2. New insurance products in U.S. and Europe
    3. Are GDPR risks insurable
  5. Strategies and practical guidance
    1. Compliance strategies
    2. Enhancing insurance coverage
  6. Conclusion


The panel will review these and other high priority issues:

  • What are the key features of the GDPR and CCPA?
  • What liabilities can companies face for noncompliance?
  • How has the insurance industry responded to the new regulatory regimes?
  • How does one determine whether a company is subject to GDPR or CCPA?
  • What types of insurance policies are needed to cover the new statutory exposures?
  • What steps should companies and their counsel take immediately to assess the adequacy of their existing insurance programs?
  • Are other states likely to follow California’s lead by adopting statutes similar to CCPA?
  • What are the most significant coverage issues that the insurance industry has left unresolved?


DeNatale, Richard
Richard (Rich) DeNatale

Jones Day

Mr. DeNatale has more than 20 years of experience advising corporate policyholders on insurance claims and coverage...  |  Read More

Everett, Jennifer
Jennifer C. Everett

Jones Day

Ms. Everett's practice focuses on cybersecurity, data privacy, and employment. She advises multinational clients on...  |  Read More

Karlinsky, Fred
Fred E. Karlinsky

Greenberg Traurig

Mr. Karlinsky is Co-Chair of the firm’s Insurance Regulatory and Transactions Practice Group. He has more than 25...  |  Read More

Soni, Aarti
Aarti Soni

Senior Vice President
Marsh & McLennan

Ms. Soni is the Cyber Coverage Leader for Marsh’s Cyber Center of Excellence (part of the FINPRO Practice). She...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video