Understanding Your Cyber and Privacy Breach Risk
In 2003 California became the first state to enact a data breach notification law. Since that time just about every state in the Union, including Illinois, Kansas and Missouri have enacted similar laws. A data breach notification law requires a business to notify its customers in the case of a data security breach. A breach can occur if there is the possibility that “personal information” is disclosed to someone outside of the organization. A disclosure occurs in a number of situations. An example of a disclosure could be a hacker that breaks into your firm’s system, but it could also be something as simple as a lost or stolen laptop. The purpose of the laws are to place on the business a duty to protect its client’s personal information, and if there is a risk of dissemination, the business has a duty to notify its customer. The Missouri law defines personal information as follows:
- A social security number;
- A drivers license or any other unique number created by a government body;
- A financial account number or credit card number;
- A unique electronic identifier in combination with the code;
- Medical information; or
- Health Insurance information.
If you store any of this information your firm is at risk. A good way to protect your clients, as well as your form’s reputation is a Comprehensive Cyber policy such as the one offered by SafeLaw. SafeLaw is specifically designed for law firms and is designed to cover the following risks:
- Conduit Injury – a lawsuit resulting from a network security failure that caused additional damage to a client’s computer network
- Reputational Injury – a lawsuit resulting from an attorney’s participation in social media
- Disclosure Injury – a lawsuit resulting from the unauthorized access to or dissemination of client information
- Content Injury – a lawsuit alleging intellectual property or copyright infringement perhaps due to postings on the firm’s website or blog
- Privacy Notification Expenses – the costs associated with complying with relevant breach notification laws and with SafeLaw, this includes the cost of attorney fees and/or credit-monitoring services
- Crisis Management Expenses – the costs associated with bringing in outside experts to investigate the incident and fix the problem and with the better policies, like SafeLaw, this includes the cost of a public relations consultant
- Extortion Expenses – the costs associated with investigations or paying for the return of or gaining back access to data taken by a hacker or the costs to remove a block which prevents your use of your data.
- Funds Transfer Fraud Coverage – aka “Ransomware”. (Ransomware coverage may require additional premium.)