Tuesday, November 27, 2012

Data Breaches In the News -- Managing the Risk

Judy Selby, a partner at Baker Hostetler, argues in Law Technology News: "Why Risk Data Breaches? Insurance against data breaches in a new era of data insecurity." --
  • "Data breaches can occur in a variety of ways, some by accident, some motivated by profit or political belief, and some simply for the sport of it. A breach can result from a malicious attack designed to destroy or disable a network or to steal private, competitive or proprietary information; from a disgruntled employee out for revenge; from the negligence of a vendor handling data; or from a laptop or thumb drive being left accidentally in a cab or airport."
  • "As all entities, particularly health care providers, law firms, financial institutions, and retailers, continue to gather and store more and more personal and protected information every year, the risk of a data breach grows in turn... Data breaches can have serious financial effects, including business interruption losses, regulatory and credit card company fines, legal defense costs, and civil damages. Further complicating the situation are federal and state laws imposing fines for and/or mandating public disclosure of data breaches to the affected parties and law enforcement. The Health Information Technology for Economic and Clinical Health Act (HITECH), the Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley, among other federal laws, can be implicated by a breach."
  • "Reputational damage resulting from a data breach can be devastating as well. Recent studies report that significant numbers of customers said they will terminate their relationships with companies after being notified of a data breach."
  • "Given this environment and the exponential growth of electronically stored information, the necessity of implementing, monitoring and updating systems and practices to safeguard sensitive data cannot be overstated."
  • "Recently, however, insurance companies have begun to offer policies specifically designed to provide coverage for data breaches, cyberattacks and similar incidents, so-called cyberinsurance...Coverage under cyberpolicies can extend to violations of privacy laws, including (where permitted under law) payment of fines."

No comments:

Post a Comment