Insights / Are fines and penalties relating to breach of data privacy regulations insurable? – Review from the UK and Hong Kong perspectives
/ Cyber Security
Breach of data privacy protection regulation, with the new European Union’s General Data Protection Regulation (“GDPR”) coming into effect, can result in draconian fines and penalties.
In January 2019, Google was fined 50 million Euros for improper disclosure to users as to how data is collected across its services, including its search engine, Google Maps and YouTube, to present personalized advertisements. This penalty is by far the largest penalty to date since the implementation of the new GDPR. British Airways faces a possible fine of £500 million over the data breach of leaking the customer details, including bank card numbers, expiry dates and cvv codes in a cyber-attack.
Despite conventional thinking of prohibiting insurances against the fines and penalties based on public policy argument, there is certainly demand for expansion of related data breach insurances. By comparing UK and other EU jurisdictions as well as Hong Kong, the trend for data breach related insurances are on the rise.