Quantcast
Channel: Tech Insurance Small Business Center - Cyber SecurityTech Insurance Small Business Center0.0000000.000000
Viewing all articles
Browse latest Browse all 518

http://www.techinsurance.com/blog/cyber-risk/the-lack-of-a-federal-data-breach-law-could-be-an-eo-headache-for-tech-pros/How the Lack of a Federal Data Breach Law Could Be an E&O Headache for IT Professionals

$
0
0

guy with a headache

The National Law Review reports that two states – Connecticut and Rhode Island – have updated their data breach laws to require a more stringent breach response. Both include changes to specify a set time period to notify affected parties:

In the last 12 months, we've seen a number of states amp up these laws, which typically set requirements for how companies respond to data breaches. And yet there's still no federal data breach law. (For more information on the government's progress, see "Congress Looks at Data Breach Notification Legislation.")

Businesses nowadays have customers in any number of states. If a company experiences a data breach, it may have to follow laws for each state where its affected customers reside. Keeping track of these small differences may lead to unnecessary hassle and headache.

With 47 states currently setting their own varying data breach laws, your data breach plan will need to account for a variety of legal requirements (see our state-by-state summary of data breach laws).

47 Different State Laws – The Good and the Bad with Data Breach Laws

The good news about state data breach laws is that they are usually more similar than they are different. Often state data breach laws have requirements for:

  • Breach notification (usual within 45 to 90 days).
  • Informing consumer protection agency if the breach is large (e.g., more than 1,000 records).

While state laws are often similar, there are some significant differences. Take the recent changes in Connecticut. It became the first state to require businesses to offer credit monitoring to data breach victims. This requirement is only if the breach involved Social Security numbers.

Here's where you could have a problem. Say you work with clients who have CT-based customers. You're in charge of their security audits, but didn't realize that CT updated its law. If you didn't offer credit monitoring and fulfill state-required obligations, you could increase your client's risk of lawsuit.

With dozens of different laws, it's easy to make a mistake. Botched data breach responses can lead to more lawsuits, costly legal fees, and regulatory fines for IT contractors.

Read "How Florida's New Data Breach Law Could Cost Tech Businesses" for more examples of how changing laws affect IT professionals.

5 Ways to Avoid E&O Lawsuits over Slipshod Data Breach Responses

IT consultants can walk smack into an errors and omissions lawsuit if they don't know relevant data breach laws. Here are five ways to address your liability and shield yourself from the cost of an E&O lawsuit:

  1. Update data breach response plans to account for law changes.
  2. Ensure your clients understand that breaches lead to legal obligations like contacting customers (and these will cost your clients money).
  3. Talk with your clients about financial readiness for a breach and whether they have Cyber Liability Insurance to cover breach response costs. See "Why Your Clients Need Cyber Liability Insurance (And How to Explain that to Them)."
  4. Invest in Errors and Omissions Insurance, which may cover the cost of a lawsuit if a client sues you after a data breach.
  5. Follow our blog to stay on top of changes to data breach laws.

This simple fact is important: breaches are expensive. Between following laws, offering credit monitoring, and finding and fixing a security hole, your client's costs may be exorbitant. A small piece of IT that costs little to install could end up costing you hundreds of thousands of dollars in breach liabilities and E&O lawsuits.

IT consultants need to be prepared for these costs. They can do just that – by staying on top of data breach law changes, following best practices, and investing in IT insurance.

 
Share on Facebook
 

Protect what you've built: FREE QUOTES


Viewing all articles
Browse latest Browse all 518

Trending Articles