CCPA Could Frustrate Tripartite Relationship Between Insured, Insurer, and Legal Service Provider

December 17, 2019
Cyber Alert

Risk Management Question

How will proposed regulations implementing the California Consumer Privacy Act (CCPA) impact the tripartite relationship between an insurer, its insured, and the law firm retained by an insurer to represent its insured?

The Issue

The CCPA, which goes into effect on January 1, 2020, grants California consumers several of the same type of privacy rights found in the European Union's General Data Privacy Regulation (GDPR), including the right to access, delete, and object to the sale of their personal information. However, the proposed regulations that implement the CCPA raise a number of concerns regarding the ability of legal service providers to effectively execute and defend legal claims within the tripartite relationship context.

Hinshaw submitted a letter to the California Attorney General outlining these concerns, which are summarized below:

Risk Management Solution

If you are an insured law firm or business, the CCPA may unintentionally impair your legal counsel’s ability to defend you against claims by using personal information protected under the law. We look forward to the Attorney General's guidance in resolving these issues.

More information about these issues is described in a press release on the Hinshaw website