Insurance Companies We Work With
HomeProfessional ServicesComplianceData Breach & Privacy
Data & Privacy

Data breach and privacy rules, and where cyber fits.

Every state has a data-breach notification law, and privacy rules are expanding, but who must notify, what counts as personal information, and the timing all vary. These are legal obligations, not insurance, but they connect directly to cyber coverage.

Get a quote Compare your coverage

Ready for terms? Get a quote. Want to find the gaps first? Compare your coverage.

All states have data-breach notification laws, and consumer-privacy laws are growing, with significant variation in who must comply, what data is covered, and notice timing. For professional firms holding client data, these obligations are not insurance, but they tie directly to cyber coverage and incident response.

Breach notification varies by state

Every state has a breach-notification law, but the details differ: who must notify, what counts as personal information, what constitutes a breach, and the timing and method of notice. A firm operating across states, or holding data on clients in multiple states, can face several frameworks at once. These are legal obligations to verify, not insurance determinations.

Where cyber coverage fits

Cyber insurance connects directly to these obligations: it can fund breach response, notification, and the incident counsel who advises on the specific legal requirements. Cyber does not replace legal compliance, but it is what pays for and supports the response. For any firm holding client data, that link is why cyber and privacy are discussed together.

Verify with counsel

Privacy and breach obligations should be verified with privacy counsel and the relevant state authorities, and a cyber carrier's incident response is built to bring in that expertise when something happens. Treat any summary here as general guidance. This is general information, not legal, tax, licensing, or compliance advice, and not a determination that you are compliant or that a requirement is met. These issues vary by profession, state, and contract and change over time. Verify with the appropriate licensing board, regulator, state agency, carrier, and legal counsel.

Frequently asked

Common questions.

Do data-breach laws apply to my firm?
Every state has a breach-notification law, and they apply based on the data you hold and where affected people are. Who must notify and the timing vary by state. Verify with counsel.
Does cyber insurance handle breach notification?
Cyber can fund breach response, notification, and incident counsel who advise on the legal requirements. It supports compliance but does not replace legal obligations. Verify specifics with counsel.
What counts as a reportable breach?
It varies by state, including what data is covered and what constitutes a breach. This should be verified with privacy counsel and the relevant state authority, not assumed.
Compare your coverage

Make sure your coverage matches the requirement

Licensing, employment, and privacy rules often point to insurance questions. We make sure your coverage lines up with what you are required to carry and prove.

Compare your coverage Get a quote
We connect licensing and contract rules to coverage
We line up employment and cyber exposure with policies
We flag where a rule points to missing coverage
You get a clear read, no obligation
Related resources

Keep going.

Compliance

Compliance Center

All professional-services compliance topics.

Coverage

Professional Liability (E&O)

The core advisory coverage.

Tool

Professional Services Coverage Review

See where your program stands.
Independent, advisory-first

Line your coverage up with what you must prove.

Tell us your requirement and we will make sure your insurance matches.

Get a quote Compare your coverage