PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

Similar documents
Data Breach and Senior Living Communities May 29, 2015

ACE Advantage PRIVACY & NETWORK SECURITY

Understanding Professional Liability Insurance

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Cyber Liability. What School Districts Need to Know

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION

Brief. The BakerHostetler Data Security Incident Response Report 2015

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

BEAZLEY BREACH RESPONSE INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES SHORT FORM APPLICATION

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

Reporting of HIPAA Privacy/Security Breaches. The Breach Notification Rule

Network Security & Privacy Landscape

Cyber Insurance Presentation

Cyber Liability & Data Breach Insurance Claims

Cyber Liability & Data Breach Insurance Claims

Discussion on Network Security & Privacy Liability Exposures and Insurance

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.

Cyber-Crime Protection

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Understanding the Business Risk

6. Does Applicant encrypt all sensitive and Personally Identifiable Information? Yes No If yes, give details:

Wellesley College Written Information Security Program

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

cyber invasions cyber risk insurance AFP Exchange

Cybersecurity Workshop

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

DEALERSHIP IDENTITY THEFT RED FLAGS AND NOTICES OF ADDRESS DISCREPANCY POLICY

Anatomy of a Hotel Breach

Joe A. Ramirez Catherine Crane

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Beazley presentation master

What would you do if your agency had a data breach?

Personal Information Protection Act Information Sheet 11

Tax Fraud and Identity Theft Frequently Asked Questions [Updated February 10, 2015] 4. WHAT CAN I DO TO PROTECT MYSELF FROM TAX FRAUD IN THE FUTURE?

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

plantemoran.com What School Personnel Administrators Need to know

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Privacy Breach Protocol

CSR Breach Reporting Service Frequently Asked Questions

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY

COMPLIANCE ALERT 10-12

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Information Security & Data Breach Report June 2012 Update

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

HIPAA and Privacy Policy Training

ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia (404) (404)

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Why Is Compliance with PCI DSS Important?

PCI Compliance Overview

Cyber and CGL Insurance Coverage for Data Breach Claims

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Sales Rep Frequently Asked Questions

Common Data Breach Threats Facing Financial Institutions

Transcription:

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry, ACE encourages policyholders to recognize that different types of breaches can impact all industries. Education Unauthorized Access to Network A student gained unauthorized access to a university s servers, which contained personal information of approximately 150,000 current students, faculty and alumni. The university retained legal counsel to assist in the breach response process and hired a forensics firm to determine the nature and scope of the breach. After considering its regulatory obligations, the university notified the impacted individuals and the appropriate regulators regarding the incident. The matter has not resulted in a third party claim or regulatory proceeding. $375,000 for forensics, legal fees, notification, and call center services Employee Misplaced Laptop An employee of a college misplaced her laptop, which contained the personal information of approximately 5,000 students. The college retained legal counsel, notified the impacted individuals, and offered credit monitoring services. The appropriate state regulators were also notified in accordance with applicable law. $75,000 in legal fees, notification, credit monitoring, and call center services Misplaced Hard Drives A school misplaced three hard drives containing the health information of approximately 4,000 students. The exposed information included names, dates of birth, social security numbers, medical and behavioral health services, treatment plans, and medications. The school retained counsel, notified the impacted students, and offered credit monitoring services. Approximately $35,000 in notification, credit monitoring, and legal fees Technology Unauthorized Access to Network A large technology company detected an unauthorized intrusion into its servers, which contained employee names, passwords and confidential documents. The company contained the breach and immediately hired a forensic investigation firm to determine the scope of the breach. The company also retained a law firm and a crisis management firm to assist in notifying its clients regarding the breach. $550,000 for forensics, legal fees, and crisis management costs Employee s Laptop Stolen A laptop was stolen from an employee s car. The insured, a technology company, notified the impacted individuals and offered credit monitoring services. $75,000 for notification, credit monitoring services, and legal fees to determine the insured s regulatory obligations Healthcare External Vendor Misplaced Laptops A large healthcare provider contracted with a national vendor to assist with an office relocation. During the course of the relocation, the provider discovered a discrepancy of several laptops that contained protected health information belonging to its members. The provider retained legal counsel to analyze its regulatory obligations as well as vendors to conduct forensics, to notify impacted individuals, and to offer credit monitoring services. Subsequently, the provider was the subject of a regulatory inquiry and was named as a defendant in a class action lawsuit. $7,000,000 for forensics, legal fees, notification, call center services, and credit monitoring $2,000,000 for legal fees related to the class action suit and responses to regulatory inquiries 2

Healthcare (cont d) Employee Lost Flash Drive An employee of an $800 million healthcare provider lost a flash drive containing the protected health information of approximately 600 individuals. The provider notified the affected individuals and provided credit monitoring services. Various state regulators were also notified in accordance with applicable law. $110,000 for notification, call center services, credit monitoring, and legal fees to determine the insured s regulatory obligations Employee Misplaced Flash Drive An employee of a healthcare provider inadvertently misplaced a flash drive that contained protected health information of approximately 300 patients. The provider retained counsel and notified the impacted individuals. $45,000 in legal fees and notification costs Hospital Bills Misplaced An employee of an insured in the healthcare industry reported that a box containing printouts of patient hospital bills and professional fee medical claim forms was missing from her office. The insured determined there was a possible risk of harm for approximately 20 patients, as their names, addresses, phone numbers, social security numbers, dates of birth, and diagnoses were printed on the claim forms. $7,500 for notification and credit monitoring expenses Former Employee Shared Client Information A former employee of the insured, a $500 million hospital system, stole confidential paper files from the former employer containing the personal information of approximately 750 patients. The insured notified the affected patients and reported the matter to the appropriate state regulators. Retail Website Breached Users of a $250 million online retailer s website began experiencing fraudulent credit card charges. The retailer s IT group contacted its web hosting company, which conducted a review of the data stored on the servers. Subsequently, a virus was found and removed. The breach resulted in a compromise of close to 1 million records and the fraudulent use of 50 credit cards. The retailer also incurred fines and penalties for not being Payment Card Industry (PCI) compliant. $750,000 for notification, call center services, and legal fees to determine the insured s regulatory obligations $500,000 in assessments for lack of PCI compliance Employee s Laptop Stolen An employee of a retailer left a laptop in his car, which was stolen. The laptop contained personal information of the retailer s employees. The retailer retained legal counsel and notified its employees of the incident. $15,000 for legal fees and notification costs Credit Card Information Stolen by Employee A $100 million retail company s employee improperly obtained the credit card information of a client and fraudulently used the information to make illegal purchases. The employee was caught and prosecuted. The client s attorney demanded that the insured provide credit monitoring services and compensate the client for her damages. $75,000 for the settlement amount and legal fees $50,000 for legal fees and notification costs $10,000 for legal fees to respond to regulatory inquiries 3

Services Private Information Disclosed Due to Printing Error A $50 million business services company conducted a mailing project for a customer and inadvertently mailed out approximately 60,000 envelopes bearing account numbers on the outside of the envelopes. $320,000 for notification and credit monitoring services Laptops Stolen from Office Five laptops were stolen from the office of a professional services company. The laptops contained personal information of approximately 35,000 customers, including names and social security numbers. The insured incurred notification and credit monitoring costs. $200,000 for notification, credit monitoring services, and legal fees Database Access Inadvertently Shared with Third Party A professional services company s online program, which contained client profiles that included credit card information and other personal information, allowed its clients to manage their accounts within the program. An employee inadvertently provided access to the entire system to a third party. An investigation suggested that approximately 20 client profiles were accessed by the third party during the relevant time period. The company retained a national vendor to investigate the security incident and to notify any affected individuals. $45,000 for forensics, notification costs, and legal fees Other Industries Personal Information Posted Online A local municipality inadvertently posted tax licensing applications on its website, resulting in the improper release of personal information. The insured conducted forensics, retained the services of both legal counsel and a public relations firm, and is in the process of notifying the impacted individuals and offering credit monitoring services. $150,000 to date for legal fees, notification, credit monitoring, and Public Relations services Laptop Stolen from Employee An employee of a travel services firm left a laptop in his car, which was then stolen. The laptop contained personal information. The insured engaged an attorney and a vendor to notify the affected individuals and to offer credit monitoring services. $20,000 in notification, credit monitoring, and legal fees Personal Information Posted Online Due to a software error, a non-profit organization s website, which allowed the payments of registration fees, disclosed the personal information of 25 members. The organization immediately shut down its website, retained legal counsel, notified the impacted individuals, and offered credit monitoring services. $10,000 for notification, credit monitoring, and legal fees 4

CONTACT US ACE Group 436 Walnut Street Philadelphia, PA 19106 ProfessionalRiskEOProducts@acegroup.com www.acegroup.com/us The claim scenarios described here are hypothetical and are offered solely to illustrate the types of situations that may result in claims. These scenarios are not based on actual claims and should not be compared to an actual claim. The precise coverage afforded by any insurer is subject to the terms and conditions of the policies as issued. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law. Insurance is provided by ACE American Insurance Company, Philadelphia, Pennsylvania, or, in some states, other insurers within the ACE Group. The product information above is a summary only. The insurance policy actually issued contains the terms and conditions of the contract. All products may not be available in all states. Surplus lines insurance sold only through licensed surplus lines producers. Additional information can be found at www.acegroup.com/us. 2013 ACE 617397 11/13 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information