Dark Day Planning: Insuring Against Data LossBy Matt Hines | Posted 2006-12-15 Email Print
As the financial penalties and risks associated with potential data incidents continue to mount, enterprises are seeking out insurance policies that will help them when something goes wrong.
The list of data breaches involving sensitive personal information maintained by the Privacy Rights Clearinghouse achieved a significant milestone Dec. 13, as the nonprofit group saw the total number of records exposed in such events crest the 100 million mark.
Since the PRC first began tracking data losses in February 2005, when consumer data aggregator ChoicePoint reported that fraudsters had gained access to 163,000 consumer records, most states have passed legislation forcing companies to inform individuals when their information may have been lost. The laws also essentially compel companies to admit their mistakes publicly.
Threatened by financial losses related to data leakage events, which now include potential payouts to consumers and regulators as well as revenues lost because of damage done to their corporate reputations, enterprises are turning to their insurance brokers seeking new levels of protection.
"The impact of those breach notification laws is just starting to permeate through business because of all the press given to the events and the growing expectation for companies not only to notify customers but also [to] pay for services such as credit monitoring," said Nancy Callahan, vice president of the Identity Theft and Fraud Division of insurance giant American International Group, in New York.
"The costs for informing and supporting affected consumers can be expensive, and there's also the additional cost of regulatory investigations and civil lawsuits."
As a result of the widening impact of data losses, AIG has seen its business of providing insurance for potential corporate security failures shift increasingly toward protection for privacy-related risks. Another growing driver for new forms of insurance is the many government data compliance regulations that threaten stiff penalties for companies that cannot effectively defend their information, such as the Sarbanes-Oxley Act, according to Callahan.
Read the full story on eWEEK.com: Dark Day Planning: Insuring Against Data Loss