Tuesday, May 21, 2013

Is Data Breach Covered Under My Tech E&O Policy?

Is Data Breach Covered Under My Tech Errors and Omissions Policy?

So you are the proud owner of a brand new technology errors and omissions policy. You are so excited that most of your professional services are covered and that you can go into every new contract confidently knowing that if something goes wrong and your software or app glitches that you'll be covered.  Then you stop to ask yourself:
Data Breach can happen to any company.  Are you covered?

What if my customer's data gets hacked or stolen?

There are two answers for this question.  You need to know the difference, so you don't end up owing thousands of dollars for something you could have prevented.

Answer 1:

Yes, you are covered!

On most technology E and O forms, the data you work with in order to perform your professional service would be covered in case it was hacked, stolen, or destroyed.

For example, a software company that creates a database system for medical records may need access to the files in order to create the enterprise software.  While creating the software, the main software programmer's laptop is stolen along with access to 1000s of his client's medical records.  Because the programmer was performing a professional service, it would covered.

Answer 2:

No, you are NOT covered!

If you keep digital or paper records of customer's credit cards and company information and your company's computers get hacked and that information is stolen, there is no coverage under the technology E and O form.

I could write an entire post on data breach, but here are a few of your responsibilities:

  • You would be responsible in notifying every customer that could have lost data (PR Nightmare)
  • Offer to monitor credit for at least a year
  • Validating addresses
  • Hiring a data breach response company
  • If not done in 30-45 days there can be hefty fines and penalties
  • Here's a guide for data breaches from Experian: http://www.experian.com/assets/data-breach/brochures/response-guide.pdf 

The difference is that the information is not being stored as part of your professional service.

So, where can you get coverage for customers' sensitive information?

You need to buy a separate data breach policy or add data breach coverage to your general liability.  If you buy a combo general liability/tech E and O package policy, you most likely have the option to add this coverage.  One insurance company that does a great job of this is The Hartford (http://www.thehartford.com/business-insurance/technology-liability-insurance).

Usually, this coverage only costs an additional $400-$1,000 per year, but can save you a lot in the back end if there is ever a breach.

According to the cited Experian article above, 76% of companies who had experienced a breach of customer data believed the incident had a moderate or significant impact on the organization’s reputation.   

Make sure you can bounce back quickly and effectively if you ever have a breach.

Besides insurance, what are ways you safe guard your customers' sensitive data?