Data Breaches and Government Investigations – Important Information for All Entities that Handle Sensitive Information, Including the Availability of Insurance Coverage.
By: Michael J. Faul, Jr. and Adam K. Gallagher
Computers have become commonplace for many businesses in different industries. Computers are used for various reasons, including the storage of clients’ personal or financial information. With such valuable information, these companies have become the target of data breaches that can lead to identify theft and other problems for consumers.
Given the number of data breaches that have occurred in the public and private sectors, organizations are under legal obligations to secure their clients’ personal information and to have a plan in place should their information become compromised.
The time for an entity to check their insurance policies is now, as corrective action before a claim is far superior to corrective action after a claim. Many D&O, E&O, and some cybersecurity policies may provide coverage in the event of a government investigation; many other policies don’t. Cyber risks are ever looming and the costs of a security breach can be massive and often crippling. Modern technology brings evolving risks, some that may be one step ahead of up to date technology.
Therefore, it is important that a business have an attorney review its insurance policies to identify the various coverages that the business has, in order to identify all latent defects in a business’s insurance portfolio, including gaps in coverage and duplicate coverages. An insurance coverage attorney can work with a business and help to protect the business’s vital interests. Many commercial entities and individuals have multiple lines of insurance that need to be reviewed to ensure that said entity or individual is properly covered and to avoid duplicate coverages and excessive premiums.
If a company fails to fulfill its obligations on data protection, the company can be held liable for any damage inflicted on the public due to the lack of protection.
Given the importance of this information, the federal and many state governments have passed multiple laws designed to protect this data by placing the onus on the companies to protect that information. Among the more prominent laws on this matter include:
- Gramm-Leach-Bliley Act: The law requires that financial institutes safeguard their customers’ nonpublic personal information (NPL).
- The Health Insurance Portability and Accountability Act (HIPPA): This federal law establishes national standards for the protection of a patient’s medical information and prevents it from being disclosed without the patient’s permission.
- Fair Credit Reporting Act (FCRA): This law focuses on credit reporting agencies that collect personal information on individuals, including credit and medical history, as well as financial information. The law requires that they safeguard that information.
- Electronic Communications Privacy Act (ECPA): With the use of more wireless communication, the laws had to adjust. The ECPA provides protection to wire, oral, and electronic communications during their transmission and when they are stored in a computer. The law specifically deals with email, telephone conversations, and data stored electronically.
- Children’s Online Privacy Protection Act: This focuses on the protection of information on those who operate websites that are geared for children who are 13 years old and younger.
- Federal Trade Commission Act: Created the FTC, which supervises all communications and regulation the protection of data and information.
Along with these laws, there are other localized laws that also address the protection of data. While the nuances of these differ, they all require a company to inform its customers if it has suffered a data breach. Failing to notify in a timely manner can lead to further legal problems for the company. Government intervention is inevitable and likely costly at this point.
The depth and breadth of these regulations on the state and federal level also grants the state and federal governments’ enforcement power. A business can maintain insurance coverage against these types of government investigations. There are several types of insurance that will cover the costs and expenses of defending against a government investigation, this can be critical for a business of any size to survive a dispute with a governmental entity with unlimited resources.
A New Jersey medical provider has recently survived a New Jersey government investigation
For example, a New Jersey fertility clinic experienced data breaches to their medical records in 2016 and 2017, where over 11,000 patients’ protected information was compromised. This subsequently triggered enforcement action by the New Jersey Attorney General’s office alleging the clinic failed to: 1) perform risk assessments of its electronic medical records, 2) have a mechanism to encrypt electronic medical records, 3) review and modify security procedures to protect electronic medical records, 4) put proper procedures in for password creation and periodic changing, and 5) have a process to verify person or entity seeking access to electronic medical records.
Any other business owner that handles sensitive information could also be subject to these types of investigations.
It is important to have an attorney analyze coverage before a claim is made or coverage is bound, to assist in maximizing a business’s risk mitigation plan.
Herold Law, P.A., has skilled attorneys who have helped corporate entities realize significant cost savings off premium bases exceeding $500,000 that far outweigh the legal costs associated with an insurance policy review. A policy review should also be performed on renewal policies, and is even more of a priority now, as many commercial insureds are facing premium increases of a minimum of 30-40%. During a policy review, we also work with multiple risk management specialists in minimizing risk and avoiding excessive premiums, gaps in coverage, and in selecting experienced brokers and reputable insurance carriers.
Michael J. Faul, Jr., Esq., and Adam K. Gallagher, Esq., have a combined decades of experience with insurance coverage matters representing policyholders and insurance carriers. Michael and Adam have an understanding of the intricacies that is crucial to choosing the right insurance coverage for the right price.
When this much is on the line, it is essential to have members of your insurance team who are watching out for you and not an insurance company’s bottom line or a broker looking for a commission.
When your data has been compromised, you can feel vulnerable and exposed. Our Warren business lawyers at Herold Law can act against the entity that failed to protect your information. Call us at 908-647-1022 or contact us online today to schedule an initial consultation. Located in Warren, New Jersey, we serve clients throughout the area, including Plainfield.