Data breach notification laws are state laws that define certain reporting requirements after a data breach regarding (1) applicability (i.e. what types of entities are subject to the law and any applicable “threshold” of the affected state of residents that determines whether notice is required or not), (2) notice requirements for parties to be notified that a breach has occurred, (3) notice time requirements, and (4) specific penalties that may be incurred for non-compliance . As of this writing, 48 of the 50 states have their own slightly different data breach notification laws.
Insurance is a contractual relationship that arises when one party (the insurer), for a fee (premium), agrees to compensate the other party (the insured) for losses caused to a certain subject (risk) caused by certain unforeseen circumstances (hazards or dangers). The term ‘guarantee’, commonly used in England, is considered synonymous with ‘insurance’.
The 10/10 Rule is a matter of analyzing and demonstrating the transfer of risk as a precondition for the use of reinsurance accounting, which was codified in the early 1990s with the adoption of Financial Accounting Standard (FAS) 113 (and its statutory counterpart, SSAP 62). FAS 113 itself was a response to alleged abuses and set the standard for testing whether something should be called an insurance contract. FAS 113 required that the transfer of risk be demonstrated by comparing the present value of the cash flows associated with the contract and, in particular, by exceeding certain thresholds of “significance” of risk. The thresholds, often referred to as the 9a and 9b tests, are: 9a. The reinsurer assumes significant insurance risk under the reinsured parts of the underlying insurance contracts. 9b. It is possible that the reinsurer could suffer a significant loss from the transaction. While neither “significant” nor “reasonably possible” was defined in this context, standard rules of thumb quickly emerged in the implementation of FAS 113. The most commonly cited is the “10/10 Rule”. This rule states that a contract reaches a threshold if there is at least a 10 percent chance that it will suffer a loss of 10 percent or more in present value (expressed as a percentage of the contract premium ceded).