Understanding Your Cyber and Privacy Breach Risk

In 2003 California became the first state to enact a data breach notification law. Since that time just about every state in the Union, including Illinois, Kansas and Missouri have enacted similar laws. A data breach notification law requires a business to notify its customers in the case of a data security breach. A breach can occur if there is the possibility that “personal information” is disclosed to someone outside of the organization. A disclosure occurs in a number of situations. An example of a disclosure could be a hacker that breaks into your firm’s system, but it could also be something as simple as a lost or stolen laptop. The purpose of the laws are to place on the business a duty to protect its client’s personal information, and if there is a risk of dissemination, the business has a duty to notify its customer. The Missouri law defines personal information as follows:

  1. A social security number;
  2. A drivers license or any other unique number created by a government body;
  3. A financial account number or credit card number;
  4. A unique electronic identifier in combination with the code;
  5. Medical information; or
  6. Health Insurance information.


If you store any of this information your firm is at risk. A good way to protect your clients, as well as your form’s reputation is a Comprehensive Cyber policy such as the one offered by SafeLaw. SafeLaw is specifically designed for law firms and is designed to cover the following risks:

  1. Conduit Injury – a lawsuit resulting from a network security failure that caused additional damage to a client’s computer network
  2. Reputational Injury – a lawsuit resulting from an attorney’s participation in social media
  3. Disclosure Injury – a lawsuit resulting from the unauthorized access to or dissemination of client information
  4. Content Injury – a lawsuit alleging intellectual property or copyright infringement perhaps due to postings on the firm’s website or blog
  5. Privacy Notification Expenses – the costs associated with complying with relevant breach notification laws and with SafeLaw, this includes the cost of attorney fees and/or credit-monitoring services
  6. Crisis Management Expenses – the costs associated with bringing in outside experts to investigate the incident and fix the problem and with the better policies, like SafeLaw, this includes the cost of a public relations consultant
  7. Extortion Expenses – the costs associated with investigations or paying for the return of or gaining back access to data taken by a hacker or the costs to remove a block which prevents your use of your data.
  8. Funds Transfer Fraud Coverage – aka “Ransomware”. (Ransomware coverage may require additional premium.)