June 2010: Data Security

By June 17, 2010July 18th, 2011Business Insurance, Business Monthly Email
  • Are the credit card numbers, bank account numbers, or trade secrets of your clients secured?
  • Are the birth dates, license numbers, or bank account numbers of your employees protected?
  • Are you confident that your network system and paper processing procedures prevent personal information from being obtained by unauthorized individuals?
  • Have you taken the necessary steps to ensure your compliance with the new data security regulations which were required by March 1, 2010?

If you are unable to answer yes to all the above, does your business have the financial resources to pay the expenses related to a data security breach?

While data security continues to be an evolving issue, failing to protect data can have a huge financial impact on your company. A recent study has estimated the average cost of a data security breach is $204 per record including costs to notify all affected parties, provide credit protection for each party, initiate a public relations response, fines, and penalties. As costly as these expenses may be, the most devastating is the potential loss of your customers’ trust and your company’s reputation.

Protecting Your Data

Any company that owns or licenses personal information is now required to develop, implement, and maintain a comprehensive Written Information Security Program (WISP).

The scope and complexity of the document will vary depending on your resources and the type of personal information you are storing, but it must include Administrative, Technical, and Physical safeguards to protect the confidentiality of this information.

The purpose of the WISP is to:

  • Ensure the security and confidentiality of personal information;
  • Protect against any anticipated threats or hazards to the security or integrity of such information;
  • Protect against unauthorized access to or use of such information in a manner that creates a substantial risk of identity theft or fraud.

To begin the process, please refer to this Small Business Guide to Formulating a WISP.

Data Breach Claims Result from:

  • Improper disposal of paper or electronic equipment
  • Improper Data Storage
  • Computer Hacking
  • Employee Theft of Data
  • Lost, stolen or missing laptop computers
  • Lost, stolen, or missing cell phones
  • Lost or stolen backup tapes or drives
  • Firewall breach
  • Third Party Vendors

Understanding the Massachusetts Regulation

Effective March 1, 2010, Massachusetts enacted this regulation to protect its residents from identity theft.

Who is subject to the regulation: The regulation applies to those who own, license, store or maintain personal information about a resident of Massachusetts for the purpose of commerce or employment. Personal information is defined as first and last name, or first initial and last name, in conjunction with a social security number, driver’s license number, or state-issued id card number, or any financial account number or credit or debit card number.

Penalties for Non-Compliance: Violators may be subject to a $5,000 civil penalty for each violation. Therefore, in the case a security breach of 10,000 records that contain personal information of Massachusetts residents, it is possible that the business could be assessed up to $50 million in civil penalties.

The Commonwealth of Massachusetts has published several documents to assist employers in creating a compliant data security system, including:

Frequently Asked Questions regarding the regulation
Compliance Checklist to assess your security system
Read the Complete Regulation

How We Can Help You

As data security breach costs continue to rise, businesses today are faced with an increasing financial burden and reputational risk that is not covered under your standard business insurance policy.

Security and Privacy Liability or Privacy Breach Insurance offers coverage for both the expenses and legal liabilities arising from a failure of a computer security or a wrongful release of private information including:

  • Notification costs
  • Credit monitoring expenses
  • Defense costs and damage
  • Information Asset – damage to software or data
  • Business Interruption – loss of income and extra expenses
  • Cyber-Extortion – monies paid to terminate a threat of a computer attack
  • Crisis Management – costs to retain public relations assistance in the event of a covered crisis

Protect your employee’s and client’s personal information as well as your company’s financial assets by purchasing this valuable insurance protection.

Don’t delay – contact us today at riskmanagement@tooleinsurance.com to begin the process.