Risk & Business Magazine Benson Kearley IFG Magazine Winter 2018 - Page 25

TOUGHER PRIVACY BREACHES TOUGHER PRIVACY BREACHES ARE NOT A SECRET. PRIVACY INSURANCE SHOULDN'T BE EITHER. BY: JOANNE WHELAN COMMERCIAL ACCOUNT EXECUTIVE AT BENSON KEARLEY S tandards for customer privacy in Canada just got tougher. Effective November 1, 2018, the Canadian government implemented important changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) that tightly regulate personal privacy. According to these new, tougher standards, organizations that experience breaches of confidential customer or employee information—such as names, credit data, or medical information—will need to notify affected individuals and report any breaches to the Office of the Privacy Commissioner of Canada. It’s a common mistake to assume that the targets of cyber hackers are primarily large companies, who maintain more customer information and have much deeper pockets than smaller ones. Now that larger companies have become so well- educated and well-protected against these attacks, it’s much easier for hackers to go after small- and medium-sized businesses, which typically do not have the same safeguards in place. The statistics are alarming. According to the Ponemon Institute’s 2016 State of Small & Medium-Sized Businesses (SMB) cybersecurity report, hackers had breached half of all small businesses in the United States during the previous year alone. Sadly, the National Cyber Security Alliance reports that about 60 percent of small businesses that suffer a cybersecurity attack go out of business within six months. That’s why it’s imperative for every company—more specifically, every company with at least one computer—to protect themselves with privacy (or cybersecurity) liability insurance. Privacy Insurance can go under different names: Privacy Breach, Data Breach, and Cyber Security, to name a few. It is designed to help compensate employers for the huge expenses and potential loss of business that they can experience following a data breach. While individual privacy insurance policies vary widely, comprehensive coverage includes items such as crisis management to control reputation, credit monitoring services for customers whose accounts were compromised, enhanced customer support services, and business interruption losses. Coverage might also include ransom payments demanded by a hacker in return for getting the business' systems fully functional again. There are many additional steps you can take to protect your company, beginning by creating a culture of employee responsibility with respect to handling private information. Other suggestions include restricting access to private information to key individuals, training employees on best practices for safeguarding information, and improving firewalls and virus protections throughout your systems. Since privacy insurance is a relatively new field and most businesses are still not protected, be sure to deal with an insurance brokerage that is familiar with these types of policies and can knowledgeably discuss your risk management solutions. Your best protection is to find a broker that has a good understanding of your privacy breach exposures and insurance. + 25