TOUGHER PRIVACY BREACHES
TOUGHER PRIVACY
BREACHES ARE
NOT A SECRET.
PRIVACY INSURANCE
SHOULDN'T BE
EITHER.
BY: JOANNE WHELAN
COMMERCIAL ACCOUNT EXECUTIVE AT BENSON KEARLEY
S
tandards for customer privacy
in Canada just got tougher.
Effective November 1, 2018,
the Canadian government
implemented important changes
to the Personal Information Protection
and Electronic Documents Act (PIPEDA)
that tightly regulate personal privacy.
According to these new, tougher standards,
organizations that experience breaches
of confidential customer or employee
information—such as names, credit data,
or medical information—will need to
notify affected individuals and report
any breaches to the Office of the Privacy
Commissioner of Canada.
It’s a common mistake to assume that
the targets of cyber hackers are primarily
large companies, who maintain more
customer information and have much
deeper pockets than smaller ones. Now
that larger companies have become so well-
educated and well-protected against these
attacks, it’s much easier for hackers to go
after small- and medium-sized businesses,
which typically do not have the same
safeguards in place.
The statistics are alarming. According
to the Ponemon Institute’s 2016 State of
Small & Medium-Sized Businesses (SMB)
cybersecurity report, hackers had breached
half of all small businesses in the United
States during the previous year alone.
Sadly, the National Cyber Security Alliance
reports that about 60 percent of small
businesses that suffer a cybersecurity
attack go out of business within six
months. That’s why it’s imperative for
every company—more specifically, every
company with at least one computer—to
protect themselves with privacy (or
cybersecurity) liability insurance.
Privacy Insurance can go under different
names: Privacy Breach, Data Breach,
and Cyber Security, to name a few. It is
designed to help compensate employers
for the huge expenses and potential loss
of business that they can experience
following a data breach. While individual
privacy insurance policies vary widely,
comprehensive coverage includes items
such as crisis management to control
reputation, credit monitoring services
for customers whose accounts were
compromised, enhanced customer support
services, and business interruption losses.
Coverage might also include ransom
payments demanded by a hacker in return
for getting the business' systems fully
functional again.
There are many additional steps you
can take to protect your company,
beginning by creating a culture of
employee responsibility with respect to
handling private information. Other
suggestions include restricting access to
private information to key individuals,
training employees on best practices for
safeguarding information, and improving
firewalls and virus protections throughout
your systems.
Since privacy insurance is a relatively
new field and most businesses are
still not protected, be sure to deal
with an insurance brokerage that is
familiar with these types of policies
and can knowledgeably discuss your
risk management solutions. Your best
protection is to find a broker that has a
good understanding of your privacy breach
exposures and insurance. +
25