Why Privacy Laws Matter To Commercial Landlords

Size: px
Start display at page:

Download "Why Privacy Laws Matter To Commercial Landlords"

Transcription

1 Why Privacy Laws Matter To Commercial Landlords Christopher L. Travis Gill Elrod Ragon Owen & Sherman, P. A. Little Rock, AK L ast year, thieves breached Sony Play- Station data servers and stole personal information of millions of customers, including their names, addresses, security questions and credit card information. That type of theft, resulting financial loss and (for now) inevitable lawsuits about insurance coverage may seem far away to a commercial landlord. Landlords, however, could be affected by those risks as well because almost every commercial tenant uses some form of Internet access, even if only for its point-of-sale (POS) system. If a tenant suffers a data breach and has resulting liabilities that are not insured against, the tenant could face debilitating losses and default on its lease. In a more recent and brick-and-mortarrelated scenario, in December the U.S. District Court in New Hampshire unsealed an indictment of four Romanians, in which the United States alleged the hackers accessed around 200 POS systems throughout the United States, focusing mainly on 150 Subway franchisees, and used the stolen data to incur about $3 million in fraudulent charges. The franchisees had neglected to maintain best practices to secure their POS systems, which allowed the thieves to steal the data over the Internet. Those franchisees may face some huge losses, and many could consequently default on their leases, unless those losses are insured against. This article points out some emerging legal issues that should concern commercial landlords and suggests some lease covenants and insurance requirements that could, if honored, operate either to prevent data loss or at least ensure that the losses are insured against. If businesses begin thinking about privacy issues in a proactive way, many privacy problems could be avoided, and those that cannot be avoided may at least be insured against. Ignoring the issue, however, is not a viable option. The Scope of Privacy Laws Privacy and data security laws exist at the federal and state level. There are at least 12 different federal laws that fall into the privacy category, and for some businesses, international privacy laws may even apply. The federal government has not yet adopted a general data breach notification statute, although several bills have been introduced in recent years. The states, therefore, have undertaken to protect consumers privacy through a patchwork of statutes covering privacy or data protection statutes. This hodgepodge legal scheme means landlords and tenants must ensure that they comply with the law of their home state and the

2 law of the state where the physical location exists. Ongoing compliance and post-breach notifications, needless to say, require a complex analysis. Privacy and data protection is an area of the law that is so new that no one really knows the scope and reach of all the privacy laws, and lawsuits are springing up everywhere. The most common lawsuits involve a breach of a duty of data protection that a company owed to its customer. As individuals, we need to safeguard our private information. As business owners, however, landlords need to understand that these laws exist, and that they may affect their own and their tenants business in unexpected ways. To help illustrate the data security mindset, the following are a few examples illustrating the potential impact of privacy laws: Privacy Issues: Potential Scenarios Data security risk does not exist only in cyberspace. Though many headline-grabbing incidents refer to data breaches by online hackers, businesses operating in real space are not immune from data and privacy breaches. For instance, with a retail tenant using a POS system, criminals can obtain customers debit card numbers and PINs from the retailer in one city and make fake debit cards, which they later use at bank ATMs in another city. Here are some things to think about in that situation: Did the retailer owe its customers a duty to make sure the criminals could not commit that crime? If so, did the retailer fulfill that duty? Does the retailer have insurance for that liability? What happens if one of those customers (or even the bank that had to issue new debit cards) sues the business from which his or her information was stolen? Did the retailer have a written policy about how its employees are supposed to operate the credit card machines? Here s another scenario to consider: A business, as many often do, maintains a frequent customer database. The customers information is stored in an Excel spreadsheet or in an Access database in the business s computers and includes, among other information, the customers name, home address, purchasing preferences (or frequency), and credit card information. What if an employee decides to copy that information before he/she quits and give it to a competitor, or worse, sell it to a criminal? Or, even less nefarious, what if a well-meaning employee copies the database to a flash drive but loses the flash drive while taking it to a print shop or forgets what is on the flash drive after making the needed copies? What if the print shop loses the flash drive? Does the business owe its customers a duty to protect against those events? Does the business have to tell its customers that it lost their personal information? What is the business s reputational risk/cost in doing that? Does the business have a written employee policy regarding employees handling customers data? Another example: A franchisor requires its franchisee to enter customer data and upload that data to the franchisor s computers. The franchise agreement places the burden of the security of that data on the franchisee. Does the franchisee have insurance against that loss? What happens if the franchisee, like the Subway franchisees attacked by the Romanians, does not have the appropriate insurance coverage? That loss (or even just the cost of defending the resulting lawsuit) could easily cause a business closure or bankruptcy and consequent breach of a lease. 2

3 One final example to consider is one that does not even involve a computer: A company has been in business for 30 years, and has accumulated numerous boxes of employment records related to former employees (along with a lot of other data). Those old records are stored offsite in a local selfstorage facility. What happens if someone breaks into that storage facility? What duty does the company owe to its former employees whose records may have been stolen? Does the storage facility owe the company a duty to protect those records? Should the storage company have to indemnify the company? Does the storage company have insurance coverage for that risk? Did the company investigate the storage company s insurance coverage before storing the information there? Did the law require the company to retain those records? If not, should the company have a different policy regarding document retention and destruction? These are just a few possible scenarios. The list could go on and on. Privacy Rights.org is a Web site that lists reported data breaches since (www.privacy rights.org/data-breach). The list is quite long and includes dozens of astonishing events from across the country. Perhaps unsurprisingly, most of the events occurred in larger metropolitan areas. But with ability to attack POS systems and other Internet-dependent operations remotely, breaches are spreading to ever more rural areas. For every instance on PrivacyRight.org s reported list, there are many more that have gone either unreported or, worse, undiscovered. Once you begin thinking about privacy and data security, the potential weak points become easier to spot. Many people believe this is the next big area in consumer litigation, which would mean it could also be the next big thing in causing financial losses to tenants. So What Should a Commercial Landlord Do? Privacy and data security laws are here, and the litigation avalanche is just beginning. A landlord should address its own business potential exposure, while also taking steps to ensure that its tenants operate in compliance with the various data-protection and data-security laws. A landlord should also maintain appropriate insurance coverage(s) against potential data-breach losses, which policies, of course, where possible, should name the landlord as an additional insured or loss payee. A Landlord Should Consider Its Own Risk Landlords as business owners (as opposed to a landlord worrying about a tenant s business practices) need to consider these issues and, at a minimum, adopt written policies governing their data-collection and datatransfer practices. Employees need to be trained. Vendors (software and otherwise) need to be questioned. Every business needs to consider these issues and address them in writing. With any business that suffers a data breach and must notify affected employees or customers, one difficult issue regarding security-breach notification is deciding which state s law applies (in addition to the state in which the brick-and-mortar business sits). For instance, if a brick-and-mortar business in Arkansas suffers a data security breach, the company must comply with Arkansas s law as well as with the breachnotification law of the state in which the business s customers reside. 3

4 There are currently 46 different state statutes governing security-breach notification. So if a customer from New York visited a company once, and there is a breach of the computer system that may have exposed that customer s information, the company needs to check and comply with New York s databreach notification statute and comply with the law of the state where the breach occurred. According to the Ponemon Institute s 2010 Annual Study: U.S. Cost of a Data Breach, the average breach-notification cost in 2010 was $268 per data record. This high cost was due in large part to the forensic cost associated with determining which customers were affected, so that the business could determine how to comply with all applicable laws: the local state s law, the customer s home state s law and federal law. Several bills are currently being worked out in the U.S. Congress to attempt to create a single, federal data-security breach notification system. There is great debate among the participants in the industry on the proper method of remedying this patchwork of state laws. For now, a business could have to comply with its home state s laws, federal laws, and as many as 45 other states laws if it suffers a data breach. If there are, for example, 1,500 customers potentially exposed, using the 2010 $268-per-data-record average cost, notifying those customers could cost as much as $402,000. That is just the cost to notify the customer; it does not include any potential exposure to litigation resulting from the breach, or the damage to a company s reputation. Most general liability insurance policies do not cover that expense or those losses. Landlords Should Require Tenants to Follow Best-Data Practices: Obtain Cyber-Insurance In drafting a lease with a commercial tenant, a landlord should require a tenant to covenant and agree to operate its business in full compliance with all applicable federal and state laws regarding data security and privacy. Although the laws applicable to a given tenant may vary from tenant to tenant, care should be taken to consider each tenant s business model to ascertain which laws might apply. If there is a breach related to a POS system, the question of liability for a tenant often begins with whether the tenant s POS system adhered to the standards promulgated by the PCI Security Standards Council. The council is a non-profit organization founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa (www.pci securitystandards.org). Every business that uses a POS system should familiarize itself with these standards and take steps to ensure its POS system complies. Language similar to the following could be added to a tenant s covenant regarding the manner in which the tenant agrees to operate its business: Tenant, at its sole cost and expense, shall take all steps and actions necessary to ensure Tenant s operations comply with (a) the PCI Data Security Standard, as amended from time to time by the PCI Security Standards Council (www.pci secu ritystandards.org), (b) all federal laws, rules, orders and regulations, including, but not limited to the following, as amended: the Fair Credit Reporting Act of 1970, the Electronic Communications Privacy Act of 1986, the Video Privacy 4

5 Protection Act of 1988, the Personal Responsibility and Work Opportunity Reconciliation Act of 1996, and the Identity Theft and Assumption Deterrence Act of 1998 and (c) all state laws, rules, orders, regulations and local ordinances and rules, including, without limitation, the following, as amended: [the situs state s data protection statute] and all other states laws regarding consumer privacy, consumer data protection and security, as applicable. Because cyber insurance is now available, a landlord should include those insurance-coverage requirements in a tenant s mandated insurance coverage. These policies vary from state to state and by underwriter, but generally speaking the policies insure against first-party liability and sometimes against third-party liability. A landlord should consult its insurance agent or broker to determine what policies are available in the landlord s state(s) of operation. As with any insurance policy, cyber insurance is fact specific, and care should be taken to ensure that the correct policies and riders are required to provide the maximum amount of protection for the tenant and its landlord, given the tenant s business model. Conclusion These issues are not going away, and the cost of compliance after the fact can be devastating. The good news is that a little work on the front end and some thoughtful consideration to the way a business handles customers personal information could prevent an issue from ever arising. As the examples above attempt to illustrate, privacy and data protection laws implicate many different areas of every business, not just the computer network. Once companies begin thinking about these issues, they will probably start to see privacy issues everywhere. Ultimately, we need to view the world in which our businesses operate through the lens of data protection and privacy. A company can address the issues and protect its customers and employees privacy (and thereby the company s bottom line) only if it is able first to recognize the issues. CHRISTOPHER L. TRAVIS is a shareholder and director with Gill Elrod Ragon Owen & Sherman, P.A. in Little Rock, AK. He represents developers, landlords and tenants in all aspects of real estate development, and his practice includes advising clients on privacy matters and data security and protection. Mr. Travis may be reached at (501) or 5

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

PCI DSS COMPLIANCE DATA

PCI DSS COMPLIANCE DATA PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards

More information

Langara College PCI Awareness Training

Langara College PCI Awareness Training Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments

Security Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,

More information

Cybersecurity Workshop

Cybersecurity Workshop Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

PCI Compliance Overview

PCI Compliance Overview PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insuring Innovation. CyberFirst Coverage for Technology Companies Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard Abhinav Goyal, B.E.(Computer Science) MBA Finance Final Trimester Welingkar Institute of Management ISACA Bangalore chapter 13 th February 2010 Credit Card

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

PCI Compliance: How to ensure customer cardholder data is handled with care

PCI Compliance: How to ensure customer cardholder data is handled with care PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Cyber Risks Connect With Directors and Officers

Cyber Risks Connect With Directors and Officers Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the

More information

Electronic Funds Transfer Agreement and Disclosures

Electronic Funds Transfer Agreement and Disclosures Electronic Funds Transfer Agreement and Disclosures ELECTRONIC FUNDS TRANSFER AGREEMENT AND DISCLOSURES Agreement 1. Issuance of Card or Personal Identification Number. In this Agreement and Disclosures

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

CYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014

CYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014 CYBER LIABILITY Network Security and Privacy Bring on tomorrow May 15, 2014 1 AGENDA I. Identify Exposures II. Identify how a breach can occur III. The Coverage (Third Party Liability + First Party Losses)

More information

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment

More information

WHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES

WHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION IDT911 1 DEFINITIONS 1. Cyber Programs - Focuses on services and systems related to technology and their use in business. Risks addressed include

More information

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

State of the Cyber Insurance Market

State of the Cyber Insurance Market State of the Cyber Insurance Market Ten Lessons Learned From Major Retailer Breaches August 2014 Lockton Companies There has been extensive adverse publicity surrounding what has become EMILY FREEMAN Lockton

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.

9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability. Miscellaneous Current Topics in Healthcare Professional Liability Josh Zirin, FCAS, MAAA Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly to the letter and spirit of the

More information

Franchise Data Compromise Trends and Cardholder. December, 2010

Franchise Data Compromise Trends and Cardholder. December, 2010 Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee

More information

Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy

Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By

More information

Account Information Security. Merchant Guide

Account Information Security. Merchant Guide Account Information Security Merchant Guide At Visa, protecting our cardholders is at the core of everything we do. One of the many reasons people trust our brand is that we make buying and selling safer

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

CAMBRIDGE PROPERTY & CASUALTY SPECIAL REPORT

CAMBRIDGE PROPERTY & CASUALTY SPECIAL REPORT CAMBRIDGE PROPERTY & CASUALTY SPECIAL REPORT INSURANCE COVERAGES FOR TECHNOLOGY COMPANIES This Special Report was written by Daniel P. Hale, J.D., CPCU, ARM, CRM, LIC, AIC, AIS, API. Mr. Hale is Vice President

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

IDENTITY THEFT FRAUD

IDENTITY THEFT FRAUD FRAUD ALERT! SYNTHETIC IDENTITY THEFT FRAUD & n How to Protect Yourself n Data Breaches and You n Free Credit Reports SYNTHETIC IDENTITY THEFT and FRAUD It is hardly news that identity thieves and cybercriminals

More information

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF

Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF Cyber Insurance and Your Data Ted Claypoole, Partner, Womble Carlyle and Jack Freund, PhD, InfoSec Mgr, TIAA-CREF October 9, 2013 1 Cyber Insurance Why? United States Department of Commerce: Cyber Insurance

More information

Policy for Protecting Customer Data

Policy for Protecting Customer Data Policy for Protecting Customer Data Store Name Store Owner/Manager Protecting our customer and employee information is very important to our store image and on-going business. We believe all of our employees

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants Whitepaper The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus- Senior Security Architect, Vendor Safe 2011 7324 Southwest Freeway, Suite 1700, Houston, TX 77074

More information

ELECTRONIC FUND TRANSFERS AGREEMENT AND DISCLOSURE

ELECTRONIC FUND TRANSFERS AGREEMENT AND DISCLOSURE ELECTRONIC FUND TRANSFERS AGREEMENT AND DISCLOSURE This Electronic Fund Transfers Agreement and Disclosure is the contract which covers your and our rights and responsibilities concerning the electronic

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.

More information

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015

Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 Section 3.9 PCI DSS Information Security Policy Issued: June 2016 Replaces: January 2015 I. PURPOSE The purpose of this policy is to establish guidelines for processing charges on Payment Cards to protect

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett

PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett PCI (Payment Card Industry) Compliance For Healthcare Offices By Ron Barnett Dr. Svenson thought he was doing both his patients and his practice a big favor when he started setting up monthly payment arrangements

More information

Frequently Asked Questions

Frequently Asked Questions PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Jefferson Glassie, FASAE Whiteford, Taylor & Preston Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements

More information

PAI Secure Program Guide

PAI Secure Program Guide PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you

More information

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008 Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities

More information

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by:

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security

More information

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Saint Louis University Merchant Card Processing Policy & Procedures

Saint Louis University Merchant Card Processing Policy & Procedures Saint Louis University Merchant Card Processing Policy & Procedures Overview: Policies and procedures for processing credit card transactions and properly storing credit card data physically and electronically.

More information

NZI LIABILITY CYBER. Are you protected?

NZI LIABILITY CYBER. Are you protected? NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is

More information

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation

Your Single Source. for credit, debit and pre-paid services. Fraud Risk and Mitigation Your Single Source for credit, debit and pre-paid services Fraud Risk and Mitigation Agenda Types of Fraud Fraud Identification Notifications Next Steps 11/8/2013 2 Types of Fraud Lost and Stolen Cards

More information

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity

White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

Information Technology

Information Technology Credit Card Handling Security Standards Overview Information Technology This document is intended to provide guidance to merchants (colleges, departments, organizations or individuals) regarding the processing

More information

Cyber and Data Security. Proposal form

Cyber and Data Security. Proposal form Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which

More information

PCI Compliance: Protection Against Data Breaches

PCI Compliance: Protection Against Data Breaches Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

What are the main liability policies you should consider for your commercial business?

What are the main liability policies you should consider for your commercial business? A PUBLICATION BY: GODFREY MORROW GODFREY INSURANCE MORROW AND INSURANCE FINANCIAL AND SERVICES FINANCIAL LTD. SERVICES LTD. 2012 What are the main liability policies you should consider for your commercial

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

More information

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies

More information

Five PCI Security Deficiencies of Retail Merchants and Restaurants

Five PCI Security Deficiencies of Retail Merchants and Restaurants Whitepaper January 2010 Five PCI Security Deficiencies of Retail Merchants and Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations by Brad Cyprus, SSCP - Senior Security Architect,

More information

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES The Electronic Fund Transfers we are capable of handling are indicated below, some of which may not apply to your account. Direct Deposits you

More information

Cyberinsurance: Insuring for Data Breach Risk

Cyberinsurance: Insuring for Data Breach Risk View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL

More information

Your Customers Want Secure Access

Your Customers Want Secure Access FIVE REASONS WHY Cybersecurity IS VITAL to Your retail Businesses Your Customers Want Secure Access Customer loyalty is paramount to the success of your retail business. How loyal will those customers

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

AN INFORMATION GOVERNANCE BEST

AN INFORMATION GOVERNANCE BEST SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN

More information

SECURITY FREEZE ACT S.B. 174: ANALYSIS AS ENACTED

SECURITY FREEZE ACT S.B. 174: ANALYSIS AS ENACTED SECURITY FREEZE ACT S.B. 174: ANALYSIS AS ENACTED Senate Bill 174 (as enacted) PUBLIC ACT 229 of 2013 Sponsor: Senator John Proos Senate Committee: Banking and Financial Institutions House Committee: Financial

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants WHITE PAPER Five PCI Security Deficiencies of Restaurants Five PCI Security Deficiencies of Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus - Chief

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services

CREDIT CARD MERCHANT POLICY. All campuses served by Louisiana State University (LSU) Office of Accounting Services Louisiana State University Finance and Administrative Services Operating Procedure FASOP: AS-22 CREDIT CARD MERCHANT POLICY Scope: All campuses served by Louisiana State University (LSU) Office of Accounting

More information

An investigation of the Issues and Solutions to Cyberspace Identity Theft and Crimes

An investigation of the Issues and Solutions to Cyberspace Identity Theft and Crimes Volume 1 Issue, Jan 13 @1 IJSK & K.J.A. All rights reserved ISSN 3-193 An investigation of the Issues and Solutions to Cyberspace Identity Theft and Crimes Amos Olagunju 1, Solomon Demmessie Computer Science

More information

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior

More information

Data Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association

Data Security, Fraud Prevention, and Cost Control. Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association Data Security, Fraud Prevention, and Cost Control Mike Dorland, CPP Regional Marketing Representative Michigan Retailers Association Michigan Retailers Association Incorporated in 1940 Represent retail

More information

ELECTRONIC FUNDS TRANSFER AGREEMENT AND DISCLOSURE

ELECTRONIC FUNDS TRANSFER AGREEMENT AND DISCLOSURE ATM / MasterMoney / CHIPS Langley Link / Bill Pay / Electronic Services ELECTRONIC FUNDS TRANSFER AGREEMENT AND DISCLOSURE This Electronic Funds Transfer Agreement is the contract which covers your and

More information

Medical Information Breaches: Are Your Records Safe?

Medical Information Breaches: Are Your Records Safe? Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential

More information