Posted March 10th, 2010 by Richard Bortnick
Odd as it may seem to those of us who live and breathe cyber, tech and privacy insurance, I have heard anecdotally of municipal authorities who profess that their cities and towns do not need to incur the expense of buying these products. “Why do we need them? We don’t operate on the internet,” they reportedly have said.
Well, my response is “why don’t you think you need them?” Do you maintain a bank account? Do you store personally identifiable information about private citizens, whether in your property records, police files, tax databases or otherwise? Are your employees able to access your municipality’s computer systems remotely? Is it really possible that every single piece of information you maintain is recorded on paper and nothing is stored on a mainframe, whether located on- or off-site? Come on. Its 2010. That’s virtually impossible, isn’t it? Haven’t you read my December 23, 2009 post “No One is Immune. Even Government Entities Need Cyber/Tech Insurance?”
Since that posting, additional municipalities have suffered cyber attacks and been the subject of cyber lawsuits.
Read the rest of this entry »
Posted in Banking, Electronic Communication, General Interest, Insurance, Internet, Liability Insurance, Litigation, News, Non-Profit Entities, Online Security, Privacy, Technology
Tags: Brokers, Cyber Breach, Cyberattacks, Insurance, New York, Privacy, Underwriting
Posted December 23rd, 2009 by Richard Bortnick
Cyber breaches occur on a daily basis. Or at least it seems like they do…but consider the breaches that we don’t hear about.
Companies’ fears that their brands could be adversely impacted by reports of cyber breaches mean that we rarely hear about them when they happen. What we do hear about are the very widespread, high profile breaches at large companies where there has been a failure protect a customer’s personal information.
What we often fail to consider is that any entity, commercial or non-profit, public or private, can fall victim to a cyber breach. Certainly, commercial businesses would be expected to insure against such risks. But what about governmental entities? Here’s one example.
The state of Oregon is investigating whether two state agencies violated the Oregon Consumer Identity Theft Protection Act. Each year thousands of Oregonians become victims of identity theft. According to the Federal Trade Commission, Oregon is ranked 13th in the nation for this crime. In response, both Oregon businesses and government have clear direction and expectations under the Act to ensure the safety of the personal identifying information they maintain. Personal information includes a consumer’s name in combination with a Social Security number, Oregon drivers license number or Oregon identification card, financial, credit or debit card number along with a security or access code or password that would allow someone access to a consumer’s financial account. Specific protections under the Act are detailed on the website of Oregon government’s Division of Finance and Corporate Securities (DFCS) , and include the following:
Read the rest of this entry »
Posted in Electronic Communication, General Interest, Insurance, Internet, Liability Insurance, News, Non-Profit Entities, Online Security, Privacy, Technology
Tags: Cyber Breach, Federal Trade Commission, Identity Theft, Oregon, Oregon Consumer Identity Theft Protection Act, personal information, Social Security Numbers
Posted December 14th, 2009 by Richard Bortnick
The roads traveled by non-profit entities have never been easy ones to negotiate. Indeed, the time, expense and, dare I say, risk of doing good deeds and raising capital has been fraught with potholes and impediments from the get-go. Now, that road has become even more treacherous for non-profits and their cyber/tech insurers alike.
1. An Overview of Massachusetts’ New Data Security Law
Effective March 1, 2010, a new data security breach law will become effective in the Commonwealth of Massachusetts. Described by some as the toughest data security law in the U.S., the law and corresponding regulations applies to all entities, including non-profits, that employ or serve Massachusetts residents and which store, own or license “personal information” about a Massachusetts resident. Here is the Press Release from the Office of Consumer Affairs and Business Regulation. Here is the Final Version of The Regulations.
2. What is Meant by “Personal Information”?
The term “personal information is defined in the law to mean a Massachusetts resident’s first and last name, or first initial and last name, together with:
- The resident’s driver’s license number or state identification card;
- Bank/financial account or credit/debit account number; or
- Social Security number.
In other words, personal information will, generally speaking, include anything uniquely identifiable about a Massachusetts resident.
Read the rest of this entry »
Posted in Insurance, Internet, Liability Insurance, News, Non-Profit Entities, Online Security, Privacy, Technology
Tags: cyber policies, data security, Masachusetts, non-profit, personal information, security protocol
