Cyber liability: It can cost you dearly

Chances are, your company – no matter how small – may fall under new state regulations aimed to protect computer privacy. The financial implications of violating the regulations could be severe. Learn about your potential liability – and consider cyber liability insurance to protect yourself.

THE FACTS
Beginning March 1, 2010, businesses will need to pay more attention to data privacy regulations. A higher legal standard will go into effect in an effort to protect the personal information of Massachusetts residents.

201 C.M.R. 17.00 sets out in detail the standards to be met by persons or businesses that own, license, store or maintain personal information about a Massachusetts consumer or employee. The standards apply to paper as well as to electronic records.

WHAT YOU NEED TO DO
You must implement and develop a written, comprehensive security program and establish a security system covering businesses’ computers, servers and portable devices.

Section 17.03 of the standards requires covered entities to “develop, implement, maintain and monitor a comprehensive written information security program applicable to any records containing” protected information. A program must contain “administrative, technical, and physical safeguards to ensure the security and confidentiality” of the records. Such safeguards must be consistent with the requirements established by any state or federal standards by which a given organization may be regulated.

THE INSURANCE IMPLICATIONS
Imagine that one of your employees working on accounting issues loses a company laptop or portable flash drive, and you suffer a security breach. Or, a human resources employee accidentally leaves personnel files open, and social security numbers are stolen from those files. The fines and penalties under the new regulations could cripple or potentially close your business. That is, if you don’t have cyber liability insurance.

Cyber liability insurance, introduced 12 years ago, protected against security breaches of Web-based information. Under new regulations, the liability extends to non-electronic information. Now cyber liability insurance can cover security breaches that include:

■ Privacy (electronic and non-electronic)
■ Infringement of intellectual property such as copyright, trademarks, patents, design and trade secrets
■ Virus transmission
■ Breaches from your business to a customer, vendor or employee including unauthorized access, theft or data destruction and hacker attacks
■ Violations of state and federal privacy regulations, such as Health Insurance Portability and Accountability Act, 1966

Under CMR 17, cyber liability has become an operational necessity for not only for businesses that warehouse data but all businesses large and small. Shockingly, the majority of insurance policies preclude or exclude cyber liability. If your business is not adequately covered by March 1, 2010, and a breach occurs, the consequences could be catastrophic. ■



This article is presented by Secure Networks and Dowling & O’Neil Insurance Agency, which will be hosting a highly informative seminar on the topic in late September. Check capeplymouthbusiness.com for more details on the program featuring Kevin MacArthur of Secure Networks and Rob Miller of Dowling & O’Neil.


Published in Cape & Plymouth Business September 2009