August 27, 2024 • 17 mins
Unravel the complexities of the Texas Data Privacy and Security Act (TDPSA) with cyber and professional lines broker Josh White from CRC Group’s ExecPro practice group. Discover the essential components of this new legislation, understand its alignment with similar laws, and learn about the unique aspects that set Texas apart. Josh breaks down the immediate compliance requirements for businesses, shedding light on potential costs and challenges. Plus, get a firsthand look at the pivotal role insurance agents play in navigating these regulations, from understanding data collection processes to managing data repositories efficiently. Hear about the standout services CRC offers, including coverage analysis, benchmarking resources, and tools to compare cybersecurity exposures and limits.
Visit REDYIndex.com for critical pricing analysis and a snapshot of the marketplace.
Do you want to take your career to the next level? Join #TeamCRC to get access to best-in-class tools, data, exclusive programs, and more! Send your resume to resumes@crcgroup.com today!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Scott Gordon (00:00):
Texas is the latest state to pass data
privacy legislation.
The law is meant to protectconsumers' control over their
data.
However, it creates regulatoryrequirements and risks for any
business that operates in Texas.
Today, we're joined in thestudio by Josh White, a cyber
and professional lines brokerwith CRC Group's ExecPro
(00:22):
practice group.
We're going to talk with himabout how businesses can comply
with the new law and how you canhelp your clients minimize
their data breach risk.
Amanda Knight (00:32):
This is the Placing you First podcast from
CRC Group.
Scott Gordon (00:35):
This podcast features news and insights from
a vast knowledge base of over5,100 associates who write more
than $35 billion in premiumannually.
Amanda Knight (00:45):
Plus, we give you the latest information on
what's happening at CRC.
This, this, this is the Placing.
Josh White (00:50):
You First podcast and now the hosts of the podcast
Amanda Knight and.
Scott Gordon (00:55):
Scott Gordon.
Welcome to the podcast, Joshhey, thanks for having me.
Amanda Knight (01:00):
Well, we'll jump right in.
I know that you know peoplehear new law or law change or
you know regulatory change andlike their eyes glaze over and
they stop reading, or, you know,just kind of want the high
points right.
They don't want to have to diveinto the whole thing themselves
, but I know for a fact that youhave and that you know what
(01:22):
this is about.
So could you take a minute andjust give our listeners a brief
overview of the Texas DataPrivacy and Security Act and
maybe fill us in on how itcompares with similar laws they
may have heard of?
I know there's one inCalifornia.
Virginia's got a data privacylaw.
Are there any unique aspects tothe one in Texas that stand out
(01:42):
against those?
Josh White (01:43):
Yeah, thanks for having me on, amanda and Scott
so excited to jump in.
This just went into effect 7-1,so it's emulating the CCPA,
virginia's Privacy Act.
It's the 18th state to comeforward with the Privacy
Progressive Act and it'sessentially to protect Texas
consumers.
Now it doesn't apply tonecessarily Texas domicile
(02:04):
businesses, but rather protectsthe individuals in the state of
Texas from any kind ofnoncompliance with data
collection.
So the Texas Data Privacy andSecurity Act essentially follows
five main components.
It allows the consumer to talkto a business and request the
information that they'vecollected on an individual, that
it's accurate, that theindividual can actually request
(02:27):
a copy of that data that's beenobtained on the individual.
They can also opt out of anydata selling or profiling of the
individual.
Again, it just conducts theorganization that conducts
business in Texas or generatesproducts or services that are
consumed by Texas residents,that they process or engage in
the sale of data and that theydo not identify as a small
(02:50):
business based on the USA, theSBA or the Small Business
Administration Standards.
A little caveat to that we'veseen with the CCPA and Virginia
privacy laws.
There's been a number ofamendments in the last four
years that have expanded theactual legislation to
essentially apply to morebusinesses.
So although right now it's justfor non-small businesses and I
(03:12):
say that quote unquote it's agood best practice for every
organization out there, becausethis will continue to progress,
the legislation will continue toget stricter and stricter and
again it's just the bestpractice for really all
organizations out there.
Amanda Knight (03:26):
So I know this went into effect July 1.
We're now past that date.
Is there some sort of graceperiod for all of this?
I know it looks like they haveuntil January 1 of 25 to comply
with the global opt outprovision.
Is there any grace period forthe rest of it, or is it July 1,
(03:47):
?
Everybody get your ducks in arow.
Josh White (03:48):
July 1, everyone, get your ducks in a row.
Amanda Knight (03:50):
Okay, so the portal will be live on the
Attorney General's site.
Josh White (03:54):
You can actually go into the portal and already
submit a complaint.
Now, when that takes place, theorganization will have 30 days
notice to come into a compliance.
But the onus then falls back onthat organization to provide a
detailed report and receipts, ifyou will, of the tech stack and
the opt-out requirements by theTDPSA.
And again that responsibilityall falls back on that
(04:16):
organization, which can be quitecostly and, as you know, with
technology advancements, we seewith every organization to make
improvements it can take weeks,months, sometimes years to go
through that certain tech stackto get into compliance.
Scott Gordon (04:29):
So again, get ahead of it now.
So, based on that basicbreakdown, Josh, what are some
of the common challenges thatbusinesses might face when
they're complying with TDPSA?
How can insurance agents assisttheir clients in navigating
these challenges?
Josh White (04:45):
Great question again , scott, and we don't expect
every one of our insuranceagents and partners to be a full
expert on the Texas DataPrivacy Security Act.
However, a couple of easyquestions and a couple of ways
to easily navigate this withyour organizations is one is it
applicable to that business?
There's a couple opt-outs.
As well as not being anon-large business Anything like
(05:07):
financial institutions,not-for-profit organizations
there's a couple other nuances,like political subdivisions,
that aren't applicable here.
But for your clients that aresubject to this kind of
legislation, you can walk themthrough their data opt-out
process, ask them about therecords that they're collecting
and the data that they might beprocessing and, through that,
(05:27):
making sure that they have theappropriate disclaimers on their
sites, the contracts in placewith the third-party marketing
teams that they might be workingwith.
And then again, just having abetter understanding of the
repository of data Is itsegmented, is it backed up?
What does it look like from theinformation that they're
collecting and that they're incompliance?
Amanda Knight (05:44):
That makes sense.
You know pixels and biometricsand how sometimes even the
organizations using these datacollection tools don't fully
understand or realize the scopeof the data that they're
collecting or at least noteveryone in the organization
does and so it can leave somegaps, some risks in place that
(06:07):
maybe you're not fully aware of.
I assume that would relate hereto the TDPSA also.
Josh White (06:13):
Yeah, that's a great point, Amanda, and history
repeats itself, right?
A good example Sephora, a largebut privately held company.
They were in violation of theCCPA and underwent a $1.2
million violation, and whatwe're seeing from the TDPSA is
about $7,500 per violation.
So again, the organization willreceive a 30-day notice, but
(06:35):
that $7,500 ticket number isjust per violation.
Say, you're out of complianceover a thousand different
violations and you're definitelygoing to see some attorneys and
ambulance chasing law firmsgoing after some of these
organizations.
That could be quite costlyquite quickly.
Insurance agents can also helptheir clients by taking a
pre-breach approach, soassessing the data privacy
(06:57):
rights.
A lot of these cyber carriersthat CRC partners with are not
only transferring the risk ontoa cyber policy, but they're
offering pre-breach services.
This includes everything fromincident response, global
compliance.
Again, Texas Data PrivacySecurity Act isn't anything new.
It's following a similartemplate to your GDPRs of the
world and your CCPAs.
(07:17):
So there's a number ofresources that are widely
available for our clients.
Amanda Knight (07:22):
So, with those challenges in mind, and with the
fact that you just mentioned, alot of the cyber carriers we
partner with offer some reallyhelpful services to help
identify, remediate, do whateverwe need to do to try to be in
compliance.
So what should retail agentslook for when they're evaluating
(07:42):
cyber options in light of theTDPSA?
Are there specific coverageaspects that are really crucial
for businesses to consider?
Josh White (07:51):
Sure, and the insurance policy really is
two-pronged right.
You have your first-party costsand your third-party, and when
we talk regulatory fines andinvestigations, these
proceedings are going to fallunder that third-party bucket.
It's a claim made against theinsurer that they're liable for.
However, there's a number offirst-party costs typically
associated when a proceedingtakes place Everything from your
(08:13):
outside counsels, your legalbillables, forensic
investigation, any kind ofpost-breach remediation costs.
Those are all going to be coststhat the insured actually
incurs and what we'd bucket asfirst party.
So when evaluating cybersolutions, to make sure you have
comprehensive first and thirdparty, that the perils and the
triggers are there in the policyas well.
(08:33):
So your regulatory fines,essentially not excluding any
kind of unlawful collection dueto an act of error or omission.
We see a lot of our carriersoffering third party response
and able to get ahead of any ofthese violations.
So, for example, if you receivethat 30-day notice from the
Texas AG, you're able to notifyyour carrier and get the
(08:55):
appropriate remediation beforethose costly $7,500 tickets come
through right.
Amanda Knight (09:00):
I guess at this point we're not far enough out
from July 1 to have had anythingsubstantial hit the news yet.
Have you heard any?
I mean we've passed the 30-daymark for if you got a
notification early in July, buthave you heard of any unresolved
violations or substantial finejet?
I've been doing it.
Josh White (09:19):
This is just me being nosy, I know, and I've
been doing a deep dive on my end, utilizing all resources
possible.
I've been ringing a lot of myfolks at plan, not only the tech
side, right, because a lot ofthese folks are scrambling and
working with certaincybersecurity vendors to get
into compliance, but no word yetand maybe it just swept under
the rug.
But, I imagine, very similar tothe CCPA, things will start
(09:41):
shaking out and it's a greatpositive for Texas, being the
second largest economy.
It was about time to put somekind of privacy progressive act
in place to be aligned with therest of the marketplace and with
the rest of the United States.
So this is a total win for usTexas consumers.
Amanda Knight (09:57):
Also a question for me as a novice about cyber
slash data things.
If I'm a consumer in Texas,would I notice anything
different about the way Iinteract with a business or, I
guess, maybe online or on theirwebsites?
Will I notice disclaimers oropt-out buttons or things that I
(10:18):
should be looking for if I wantto address this myself as a
consumer?
Absolutely.
Josh White (10:24):
Absolutely so, similar to a lot of those
marketing emails that have beencoming through, with the
unsubscribe here noted in theit's at the very bottom of the
email.
You're going to start seeingthis on websites, so almost
consenting to those cookies.
You're also going to see whatinformation they're collecting
on you and if they do sell,profile or collect that data and
they're going to utilize toanother third party, they do
have to notify you preemptively.
(10:45):
So you should be seeing a lotmore notice.
There's very clear and distinctlanguage.
It's not a long blurb by anymeans, but it has to be included
on every page where there maybe a jot form or a stepper where
you might be inputtinginformation, and then you will
be consenting to that.
Now, always read the fine printright you will see a lot more
steps involved as you'reinputting information.
Another cool component and Ihad mentioned this a little bit
(11:08):
earlier is you can request whatinformation is tracked on you.
So I'm not a big social mediaguy, but I understand that, like
Facebook, for example, if youwere to go in and you request
what your profile looks like onthe backend and all the data
associated to you as anindividual, it would essentially
give you a whole rap sheetdating back to the inception of
your Facebook page, giving youall the pictures and profiles
(11:30):
and comments, so on and so forth, because that's technically on
their server and something thatthey collected about you.
So you can request that from anythird party.
Amanda Knight (11:41):
Wow, that's a lot .
I'm not sure I entirely want toknow, but if you want it, it's
there.
Well, I mean, all of this iscomplex, right?
I mean some of it sounds assimple as pushing the button or
clicking the link, for on theconsumer side, it sounds like
it's more complex, obviously, onthe retail agent and the
business side.
So talk a little bit about whatmakes CRC different, better and
(12:04):
special right, what makes usthe preferred partner for retail
agents.
Josh White (12:09):
We have built out a number of tools to get ahead of
this and we get calls every daysaying, like, what's the
differentiator?
Here we have some retail directoptions hey, can you just give
us a quick green light?
And when you take a deeper dive, there's a number of things
that we're doing.
We're doing coverage analysis.
So we have over 120 carriers onthe cyber side that we represent
(12:29):
.
Not only have we alreadypre-negotiated stronger terms
and conditions for our clients,but, past that, we're actually
able to stack rank the carriersdepending on the exposure.
So we'll do a hundred pointcomparison those first and
third-party coverages that wediscussed earlier, everything
from ransomware coverage tounlawful collection exclusions
we really get into the nuancesand we're able to provide that
(12:50):
to the client along with theproposals to allow them to make
an educated buying decision.
When it comes to cyber insurance, past that, we have a number of
resources that help withbenchmarking.
This is easily one of the besttools that separates us from the
rest of the marketplace.
We're able to essentiallybenchmark an individual company
against their industry peers.
(13:11):
So, for example, if you're a 50million in revenue, gross
revenue manufacturing firm with,say, 3,000 records, we have
tens of thousands of clients inour repository, in our portfolio
that we can stack rank yourcybersecurity exposure and the
appropriate limits to buy versusyour industry peers.
So we're able to give you acertain confidence level on what
(13:33):
a claim might look like, howcostly it might get, the
appropriate limits to buy andagain, coupling that with the
coverage side by side, you'remaking sure that you're
transferring the risk in all theappropriate places and have
adequate coverage.
Scott Gordon (13:47):
Well, Josh, you've never been on here before, so
we don't know whether you knowabout our little bonus round
here that we have at the end.
But we like to kick off ourshoes and do a little thing
called rapid fire, where we justask you things off the top of
your head and we have twodoozies for you today.
Amanda concocts these questionsoh goodness, pulls them from
her witch's cauldron ofknowledge it's my favorite part.
(14:09):
It's my favorite part, so uh,our first question for you is
what was your last impulse buy,and was it worth it?
Oh goodness goodness.
Josh White (14:18):
I pulled the trigger recently on a cooling mattress
topper and if it was worth it itabsolutely was.
It was pretty cool.
I guess it cools you dependingon where you are in your sleep
cycle, and then it wakes you upto a warm hug.
So it's been pretty neat andI've enjoyed it thus far.
Amanda Knight (14:33):
We might have to have Dawson does the?
Josh White (14:34):
link to that?
Amanda Knight (14:35):
That sounds great .
Scott Gordon (14:36):
We're not commissioned on this, so I won't
name drop, you know, and nowthey're collecting data on how
you like to sleep and whattemperature.
Amanda Knight (14:43):
This last one seemed appropriate, based on the
topic Scott, all cybery andsuch.
Scott Gordon (14:48):
Yeah, right.
So our second question for you,josh other than email or
texting, what app do you use themost on your phone?
Josh White (14:57):
Maybe Amazon.
No, I'm kidding, Coupling theimpulse buy.
No, I would say the way Idecompress it.
I really enjoy chess and I'mvery average at best, but I
enjoy Blitz games and 3-2 gamesof chess at the end of the night
to decompress.
So I would say that's probablynumber three, that's impressive.
Scott Gordon (15:18):
I used to play chess with friends was a game
that you could play with yourbuddies.
Is that still a thing, or dothey not have that anymore?
Josh White (15:26):
So you could play with your friends or against
somebody randomly globally.
Scott, I'll have to add you asa friend and I'll give you the
lay of the land.
Amanda Knight (15:34):
There you go.
Scott Gordon (15:35):
Oh, if you want a punching bag, yeah, add me as a
friend, because I suck at chess.
Amanda Knight (15:39):
My nine-year-old tried to teach me and then he
gave up.
So I think maybe I'm hopeless.
I'll just stick to checkers,it's fine, Josh.
Scott Gordon (15:48):
thanks for being on and joining us for the convo
here.
Josh White (15:51):
It was a blast guys, Thanks for having me on.
Amanda Knight (15:54):
If you're a listener, we're really glad you
were able to join us too.
Providing current insights intothe marketplace is just one
more way CRC Group is placingyou first.
Don't forget to subscribe andshare.
Texas is the latest state to pass data
privacy legislation.
The law is meant to protectconsumers' control over their
data.
However, it creates regulatoryrequirements and risks for any
business that operates in Texas.
Today, we're joined in thestudio by Josh White, a cyber
and professional lines brokerwith CRC Group's ExecPro
(00:22):
practice group.
We're going to talk with himabout how businesses can comply
with the new law and how you canhelp your clients minimize
their data breach risk.
Amanda Knight (00:32):
This is the Placing you First podcast from
CRC Group.
Scott Gordon (00:35):
This podcast features news and insights from
a vast knowledge base of over5,100 associates who write more
than $35 billion in premiumannually.
Amanda Knight (00:45):
Plus, we give you the latest information on
what's happening at CRC.
This, this, this is the Placing.
Josh White (00:50):
You First podcast and now the hosts of the podcast
Amanda Knight and.
Scott Gordon (00:55):
Scott Gordon.
Welcome to the podcast, Joshhey, thanks for having me.
Amanda Knight (01:00):
Well, we'll jump right in.
I know that you know peoplehear new law or law change or
you know regulatory change andlike their eyes glaze over and
they stop reading, or, you know,just kind of want the high
points right.
They don't want to have to diveinto the whole thing themselves
, but I know for a fact that youhave and that you know what
(01:22):
this is about.
So could you take a minute andjust give our listeners a brief
overview of the Texas DataPrivacy and Security Act and
maybe fill us in on how itcompares with similar laws they
may have heard of?
I know there's one inCalifornia.
Virginia's got a data privacylaw.
Are there any unique aspects tothe one in Texas that stand out
(01:42):
against those?
Josh White (01:43):
Yeah, thanks for having me on, amanda and Scott
so excited to jump in.
This just went into effect 7-1,so it's emulating the CCPA,
virginia's Privacy Act.
It's the 18th state to comeforward with the Privacy
Progressive Act and it'sessentially to protect Texas
consumers.
Now it doesn't apply tonecessarily Texas domicile
(02:04):
businesses, but rather protectsthe individuals in the state of
Texas from any kind ofnoncompliance with data
collection.
So the Texas Data Privacy andSecurity Act essentially follows
five main components.
It allows the consumer to talkto a business and request the
information that they'vecollected on an individual, that
it's accurate, that theindividual can actually request
(02:27):
a copy of that data that's beenobtained on the individual.
They can also opt out of anydata selling or profiling of the
individual.
Again, it just conducts theorganization that conducts
business in Texas or generatesproducts or services that are
consumed by Texas residents,that they process or engage in
the sale of data and that theydo not identify as a small
(02:50):
business based on the USA, theSBA or the Small Business
Administration Standards.
A little caveat to that we'veseen with the CCPA and Virginia
privacy laws.
There's been a number ofamendments in the last four
years that have expanded theactual legislation to
essentially apply to morebusinesses.
So although right now it's justfor non-small businesses and I
(03:12):
say that quote unquote it's agood best practice for every
organization out there, becausethis will continue to progress,
the legislation will continue toget stricter and stricter and
again it's just the bestpractice for really all
organizations out there.
Amanda Knight (03:26):
So I know this went into effect July 1.
We're now past that date.
Is there some sort of graceperiod for all of this?
I know it looks like they haveuntil January 1 of 25 to comply
with the global opt outprovision.
Is there any grace period forthe rest of it, or is it July 1,
(03:47):
?
Everybody get your ducks in arow.
Josh White (03:48):
July 1, everyone, get your ducks in a row.
Amanda Knight (03:50):
Okay, so the portal will be live on the
Attorney General's site.
Josh White (03:54):
You can actually go into the portal and already
submit a complaint.
Now, when that takes place, theorganization will have 30 days
notice to come into a compliance.
But the onus then falls back onthat organization to provide a
detailed report and receipts, ifyou will, of the tech stack and
the opt-out requirements by theTDPSA.
And again that responsibilityall falls back on that
(04:16):
organization, which can be quitecostly and, as you know, with
technology advancements, we seewith every organization to make
improvements it can take weeks,months, sometimes years to go
through that certain tech stackto get into compliance.
Scott Gordon (04:29):
So again, get ahead of it now.
So, based on that basicbreakdown, Josh, what are some
of the common challenges thatbusinesses might face when
they're complying with TDPSA?
How can insurance agents assisttheir clients in navigating
these challenges?
Josh White (04:45):
Great question again , scott, and we don't expect
every one of our insuranceagents and partners to be a full
expert on the Texas DataPrivacy Security Act.
However, a couple of easyquestions and a couple of ways
to easily navigate this withyour organizations is one is it
applicable to that business?
There's a couple opt-outs.
As well as not being anon-large business Anything like
(05:07):
financial institutions,not-for-profit organizations
there's a couple other nuances,like political subdivisions,
that aren't applicable here.
But for your clients that aresubject to this kind of
legislation, you can walk themthrough their data opt-out
process, ask them about therecords that they're collecting
and the data that they might beprocessing and, through that,
(05:27):
making sure that they have theappropriate disclaimers on their
sites, the contracts in placewith the third-party marketing
teams that they might be workingwith.
And then again, just having abetter understanding of the
repository of data Is itsegmented, is it backed up?
What does it look like from theinformation that they're
collecting and that they're incompliance?
Amanda Knight (05:44):
That makes sense.
You know pixels and biometricsand how sometimes even the
organizations using these datacollection tools don't fully
understand or realize the scopeof the data that they're
collecting or at least noteveryone in the organization
does and so it can leave somegaps, some risks in place that
(06:07):
maybe you're not fully aware of.
I assume that would relate hereto the TDPSA also.
Josh White (06:13):
Yeah, that's a great point, Amanda, and history
repeats itself, right?
A good example Sephora, a largebut privately held company.
They were in violation of theCCPA and underwent a $1.2
million violation, and whatwe're seeing from the TDPSA is
about $7,500 per violation.
So again, the organization willreceive a 30-day notice, but
(06:35):
that $7,500 ticket number isjust per violation.
Say, you're out of complianceover a thousand different
violations and you're definitelygoing to see some attorneys and
ambulance chasing law firmsgoing after some of these
organizations.
That could be quite costlyquite quickly.
Insurance agents can also helptheir clients by taking a
pre-breach approach, soassessing the data privacy
(06:57):
rights.
A lot of these cyber carriersthat CRC partners with are not
only transferring the risk ontoa cyber policy, but they're
offering pre-breach services.
This includes everything fromincident response, global
compliance.
Again, Texas Data PrivacySecurity Act isn't anything new.
It's following a similartemplate to your GDPRs of the
world and your CCPAs.
(07:17):
So there's a number ofresources that are widely
available for our clients.
Amanda Knight (07:22):
So, with those challenges in mind, and with the
fact that you just mentioned, alot of the cyber carriers we
partner with offer some reallyhelpful services to help
identify, remediate, do whateverwe need to do to try to be in
compliance.
So what should retail agentslook for when they're evaluating
(07:42):
cyber options in light of theTDPSA?
Are there specific coverageaspects that are really crucial
for businesses to consider?
Josh White (07:51):
Sure, and the insurance policy really is
two-pronged right.
You have your first-party costsand your third-party, and when
we talk regulatory fines andinvestigations, these
proceedings are going to fallunder that third-party bucket.
It's a claim made against theinsurer that they're liable for.
However, there's a number offirst-party costs typically
associated when a proceedingtakes place Everything from your
(08:13):
outside counsels, your legalbillables, forensic
investigation, any kind ofpost-breach remediation costs.
Those are all going to be coststhat the insured actually
incurs and what we'd bucket asfirst party.
So when evaluating cybersolutions, to make sure you have
comprehensive first and thirdparty, that the perils and the
triggers are there in the policyas well.
(08:33):
So your regulatory fines,essentially not excluding any
kind of unlawful collection dueto an act of error or omission.
We see a lot of our carriersoffering third party response
and able to get ahead of any ofthese violations.
So, for example, if you receivethat 30-day notice from the
Texas AG, you're able to notifyyour carrier and get the
(08:55):
appropriate remediation beforethose costly $7,500 tickets come
through right.
Amanda Knight (09:00):
I guess at this point we're not far enough out
from July 1 to have had anythingsubstantial hit the news yet.
Have you heard any?
I mean we've passed the 30-daymark for if you got a
notification early in July, buthave you heard of any unresolved
violations or substantial finejet?
I've been doing it.
Josh White (09:19):
This is just me being nosy, I know, and I've
been doing a deep dive on my end, utilizing all resources
possible.
I've been ringing a lot of myfolks at plan, not only the tech
side, right, because a lot ofthese folks are scrambling and
working with certaincybersecurity vendors to get
into compliance, but no word yetand maybe it just swept under
the rug.
But, I imagine, very similar tothe CCPA, things will start
(09:41):
shaking out and it's a greatpositive for Texas, being the
second largest economy.
It was about time to put somekind of privacy progressive act
in place to be aligned with therest of the marketplace and with
the rest of the United States.
So this is a total win for usTexas consumers.
Amanda Knight (09:57):
Also a question for me as a novice about cyber
slash data things.
If I'm a consumer in Texas,would I notice anything
different about the way Iinteract with a business or, I
guess, maybe online or on theirwebsites?
Will I notice disclaimers oropt-out buttons or things that I
(10:18):
should be looking for if I wantto address this myself as a
consumer?
Absolutely.
Josh White (10:24):
Absolutely so, similar to a lot of those
marketing emails that have beencoming through, with the
unsubscribe here noted in theit's at the very bottom of the
email.
You're going to start seeingthis on websites, so almost
consenting to those cookies.
You're also going to see whatinformation they're collecting
on you and if they do sell,profile or collect that data and
they're going to utilize toanother third party, they do
have to notify you preemptively.
(10:45):
So you should be seeing a lotmore notice.
There's very clear and distinctlanguage.
It's not a long blurb by anymeans, but it has to be included
on every page where there maybe a jot form or a stepper where
you might be inputtinginformation, and then you will
be consenting to that.
Now, always read the fine printright you will see a lot more
steps involved as you'reinputting information.
Another cool component and Ihad mentioned this a little bit
(11:08):
earlier is you can request whatinformation is tracked on you.
So I'm not a big social mediaguy, but I understand that, like
Facebook, for example, if youwere to go in and you request
what your profile looks like onthe backend and all the data
associated to you as anindividual, it would essentially
give you a whole rap sheetdating back to the inception of
your Facebook page, giving youall the pictures and profiles
(11:30):
and comments, so on and so forth, because that's technically on
their server and something thatthey collected about you.
So you can request that from anythird party.
Amanda Knight (11:41):
Wow, that's a lot .
I'm not sure I entirely want toknow, but if you want it, it's
there.
Well, I mean, all of this iscomplex, right?
I mean some of it sounds assimple as pushing the button or
clicking the link, for on theconsumer side, it sounds like
it's more complex, obviously, onthe retail agent and the
business side.
So talk a little bit about whatmakes CRC different, better and
(12:04):
special right, what makes usthe preferred partner for retail
agents.
Josh White (12:09):
We have built out a number of tools to get ahead of
this and we get calls every daysaying, like, what's the
differentiator?
Here we have some retail directoptions hey, can you just give
us a quick green light?
And when you take a deeper dive, there's a number of things
that we're doing.
We're doing coverage analysis.
So we have over 120 carriers onthe cyber side that we represent
(12:29):
.
Not only have we alreadypre-negotiated stronger terms
and conditions for our clients,but, past that, we're actually
able to stack rank the carriersdepending on the exposure.
So we'll do a hundred pointcomparison those first and
third-party coverages that wediscussed earlier, everything
from ransomware coverage tounlawful collection exclusions
we really get into the nuancesand we're able to provide that
(12:50):
to the client along with theproposals to allow them to make
an educated buying decision.
When it comes to cyber insurance, past that, we have a number of
resources that help withbenchmarking.
This is easily one of the besttools that separates us from the
rest of the marketplace.
We're able to essentiallybenchmark an individual company
against their industry peers.
(13:11):
So, for example, if you're a 50million in revenue, gross
revenue manufacturing firm with,say, 3,000 records, we have
tens of thousands of clients inour repository, in our portfolio
that we can stack rank yourcybersecurity exposure and the
appropriate limits to buy versusyour industry peers.
So we're able to give you acertain confidence level on what
(13:33):
a claim might look like, howcostly it might get, the
appropriate limits to buy andagain, coupling that with the
coverage side by side, you'remaking sure that you're
transferring the risk in all theappropriate places and have
adequate coverage.
Scott Gordon (13:47):
Well, Josh, you've never been on here before, so
we don't know whether you knowabout our little bonus round
here that we have at the end.
But we like to kick off ourshoes and do a little thing
called rapid fire, where we justask you things off the top of
your head and we have twodoozies for you today.
Amanda concocts these questionsoh goodness, pulls them from
her witch's cauldron ofknowledge it's my favorite part.
(14:09):
It's my favorite part, so uh,our first question for you is
what was your last impulse buy,and was it worth it?
Oh goodness goodness.
Josh White (14:18):
I pulled the trigger recently on a cooling mattress
topper and if it was worth it itabsolutely was.
It was pretty cool.
I guess it cools you dependingon where you are in your sleep
cycle, and then it wakes you upto a warm hug.
So it's been pretty neat andI've enjoyed it thus far.
Amanda Knight (14:33):
We might have to have Dawson does the?
Josh White (14:34):
link to that?
Amanda Knight (14:35):
That sounds great .
Scott Gordon (14:36):
We're not commissioned on this, so I won't
name drop, you know, and nowthey're collecting data on how
you like to sleep and whattemperature.
Amanda Knight (14:43):
This last one seemed appropriate, based on the
topic Scott, all cybery andsuch.
Scott Gordon (14:48):
Yeah, right.
So our second question for you,josh other than email or
texting, what app do you use themost on your phone?
Josh White (14:57):
Maybe Amazon.
No, I'm kidding, Coupling theimpulse buy.
No, I would say the way Idecompress it.
I really enjoy chess and I'mvery average at best, but I
enjoy Blitz games and 3-2 gamesof chess at the end of the night
to decompress.
So I would say that's probablynumber three, that's impressive.
Scott Gordon (15:18):
I used to play chess with friends was a game
that you could play with yourbuddies.
Is that still a thing, or dothey not have that anymore?
Josh White (15:26):
So you could play with your friends or against
somebody randomly globally.
Scott, I'll have to add you asa friend and I'll give you the
lay of the land.
Amanda Knight (15:34):
There you go.
Scott Gordon (15:35):
Oh, if you want a punching bag, yeah, add me as a
friend, because I suck at chess.
Amanda Knight (15:39):
My nine-year-old tried to teach me and then he
gave up.
So I think maybe I'm hopeless.
I'll just stick to checkers,it's fine, Josh.
Scott Gordon (15:48):
thanks for being on and joining us for the convo
here.
Josh White (15:51):
It was a blast guys, Thanks for having me on.
Amanda Knight (15:54):
If you're a listener, we're really glad you
were able to join us too.
Providing current insights intothe marketplace is just one
more way CRC Group is placingyou first.
Don't forget to subscribe andshare.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Special Summer Offer: Exclusively on Apple Podcasts, try our Dateline Premium subscription completely free for one month! With Dateline Premium, you get every episode ad-free plus exclusive bonus content.