In your business, chances are you gain people’s personal data. Depending on the business this could be credit and debit card information during transactions with customers, ID or driver’s license numbers from drivers, account numbers for your supplies and business partners, and the Social Security numbers of your employees (along with their account information for direct deposit). All this information is your business’s responsibility to protect, otherwise you expose your clients and employees to identity theft and your own company to lawsuits.
Responsibility for Your Client’s Data
In the event of a data breach where this information is exposed, a certain loss of faith occurs for your company. Your image and reliability is damaged, and you will lose some of all these categories of people: customers, partners, and employees. Trust is a big part of any business, and a loss of that trust can destroy a company. In addition, this opens your company to liability, as Massachusetts has some of the most stringent data breach laws in the country.
Massachusetts’ Laws for Data Breaches
Massachusetts has some of the most comprehensive laws to date when it comes to companies having to protect their client’s data from cyber breaches. It applies to “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts,” with said personal information including Social Security numbers, ID and driver’s license numbers, and all financial account numbers, such as credit card, debit card, and account numbers.
Implemented in 2010, the law requires people to “develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards.” This includes a risk assessment, with the law containing detailed requirements for the information security program and computer security system. These requirements include:
Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly… Encryption of all personal information stored on laptops or other portable devices.
Also needed for the secure system is secure user authentication, secure access control, monitoring for unauthorized access, up-to-date firewall protection, up-to-date anti-viral and anti-malware programs, and proper training and education for staff.
Cyber Liability Coverage
Coverage for cyber liability is broad and can include several different categories, including:
- First-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks.
- Liability coverage indemnifying companies for losses to others caused. For example: by errors and omissions, failure to safeguard data, or defamation.
- Perks such as regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.
For a more comprehensive explanation for insurance, contact the H & K Insurance Agency. We’ve got years of experience in dealing with cyber breaches: preventing them and providing liability coverage against them. Learn more about cyber vulnerabilities and our specialty coverages at our website.