There are 27 letters and 10 numbers that most of the world relies on to conduct business. These numbers and letters called data are kept mostly in computers in digital form. Today we are incredibly dependent on data in our everyday lives.
When data is lost, it creates havoc for both businesses and the public. There are many ways data can be lost — hackers, disgruntled employees, untrained employees, unsecured systems and lost computers, just to name a few. More than 10,000 laptop computers are stolen or lost each week in airports throughout the United States.
Data breaches and cyber crime are growing rapidly. Many companies are becoming aware of the rapidly growing exposure to litigation. Everyone has talked about the data breach occurrence of TJ Maxx and Marshalls two years ago. The number of customer files compromised exceeded 45 million. Under federal law they are required to notify each customer. Notification costs can be as high as $150 per customer. This immediate and unbudgeted expense is enough to sink most companies.
Another case two years ago was Bank of New York Mellon. The company lost a box of computer data tapes storing personal information including names, Social Security numbers, and possibly bank account numbers. The estimated number of people affected by the data breach exceeded 12 million. Recently while presenting a data breach seminar, a personal friend who was attending gave me a copy of the letter he received from this bank. I use it as a teaching aid in my seminars.
This case was closer to home. In June 2007, Jax Federal Credit Union in Jacksonville was transmitting Social Security numbers and account numbers of clients to their printing company. The information was transferring and picked up by Google from the printer’s Web site. Total number of customers affected — 7,766.
All of these companies face large notification costs, legal liability damages, large defense cost, and regulatory action expense. They also face the cost of restoring their image and reputation. And finally, federal law requires the companies provide identity theft recovery services for victims such as credit monitoring for a specific period of time.
Speaking of private medical information, the Health Insurance Portability and Accountability Act rules apply only to information disclosed by doctors, hospitals, pharmacies and health plans. It also is interesting to note that federal law does not give private individuals the right to sue for HIPAA violations. However, some states do.
Other types of insurance not covered by HIPAA rules are workers’ compensation, disability insurance, auto medical payments insurance, and coverage for on-site medical clinics.
The protection of private medical information remains a legal obligation for those companies who use, keep and store the data. These companies face the same issues as mentioned above.
The types of businesses that have a need for this type coverage are financial institutions, businesses with human resource departments, doctor’s office, legal offices, schools, hospitals, retail stores excepting credit cards, professional employment organizations.
Most company insurance packages exclude coverage for cyber network breaches. This coverage is unique and should be purchased as a separate policy. The most effective solution for today’s epidemic of cyber breaches is a comprehensive data breach liability policy.
Robert “Bob” Fowinkle, president of Moore, Fowinkle, & Shroer Agency in Bradenton, can be reached at (941) 755-2628 or www.mofoscho.com.