Safe Harbor exchange between EU and US data deemed invalid

The European Union’s highest court, the Court of Justice (CJEU), ruled on October 6, 2015 that the EU-US Safe Harbor Agreement is invalid, effective immediately. The agreement was a voluntary self-certification system that permitted over 4,000 eligible U.S. companies to receive the personal data of Europeans if they publicly agreed to treat the data according to the Safe Harbor Principles. After being deemed invalid, however, the agreement no longer provides a basis for transferring personal data from the EU to the U.S.

While data protection advocates praised the court’s decision, industry executives and trade groups claim that it left a lot of uncertainty for companies that rely on access to this data for lucrative businesses such as online advertising. Read more…

Marital affair website demonstrates new dimensions of personal data risk

Cyber risk for most organizations has a focus on the personal data of customers.  Primarily this means social security numbers, date of birth, address, credit card numbers and the like.  All of that is bad enough when lost in connection with a data breach, but companies must now also be aware of growing threats of cyber extortion schemes.

The recent announcement that Ashley Madison, the marital-affair-promoting website, has been hacked and subject to extortion takes these problems to a new level.  Disapproving hackers have told Ashley Madison to shut down the site or the extortionists will release customer data.  Reports say that despite Ashley Madison’s policy that private data can be scrubbed from the site for $19, the data is still available to hackers.  The motives of the hackers are still unclear, but what is unusual is that it is not a demand for money. Read more…

Improving a tested method to combat the California drought

According to the California Department of Water Resources, the state is in the midst of its fourth year of drought.  As a result, Governor Edmund G. Brown Jr. signed a $1 billion emergency drought package in March to accelerate emergency food aid, conservation awareness, infrastructure and flood protection funding, drinking water, species tracking, water system modeling, and water recycling.  The Governor also ordered the first mandatory statewide reductions on April 1 due to the lowest snowpack ever recorded, and no end in sight to the drought.  These courses of action were taken in addition to Governor Brown declaring a Drought State of Emergency on January 17, 2014, as well as a Proclamation of a Continued State if Emergency a few months later on April 25, 2014. Read more…

Report cites criminal attacks as primary cause of healthcare data breaches

In the fifth annual Ponemon Institute privacy and security report, cyber attacks were listed as the top cause of healthcare breaches. Officials studied privacy and security trends for healthcare covered entities and their business associates. Over the course of the five years Ponemon has been publishing its annual breach report, criminal activity has grown 125 percent. Officials at the institute discovered 69 percent of healthcare organizations uncovered the breach via an audit or assessment. Forty four percent were discovered by an employee, while another 30 percent were found after a patient complained.

Ponemon stated, “Historically, the main cause of the data breach was the negligence or incompetence or system glitches within the organization, not necessarily criminal activity. This year, criminal activity was the number one cause.” Forty-five percent of respondents in the report claimed criminal attacks were directly responsible for Read more…

Insurance industry leads the way for cyber best practices

It was reported earlier this month in the Wall Street Journal that many Corporate Information Security Officers (CISOs) are turning to the insurance sector for assistance and guidance when it comes to understanding cyber security.

Normally late to the party, insurance carriers tend to thoroughly examine years and years of loss experience in order for actuaries to set the rates for new areas of risk. But it is not the case when it comes to the rapidly developing area of cyber threats. Instead it is the insurance sector that many are turning to for guidance on how to deal with the uncertainty of cyber security. Read more…

Collaboration is the key when it comes to cybersecurity

The President, industry leaders, and lawmakers visited the tech-hub of Stanford University earlier this month for an official White House Summit on Cybersecurity and Consumer Protection. The discussions focused on increasing collaboration between the government and the private sector in order to prevent potentially crippling data breaches. The administration hopes that this will encourage Congress to pass cybersecurity legislation. Here are a few key takeaways from the summit:

1. Cybersecurity is an issue for all sectors of the economy.
   The Identity Theft Resource Center found that 85 million records were exposed last year both in the public and private sectors. Cyber attackers trumped terrorists as the #1 threat to national security last year while data breaches on companies such as Sony Pictures Entertainment, Target, Home Depot, and most recently, insurance giant Anthem Inc., resulted in costly losses.

Read more…

Anthem data breach latest scare for health insurers

The nation’s second largest health insurer, Anthem (which includes several major Blue Cross and Blue Shields brands), has reported a major data breach. Last Wednesday, security personnel discovered a hack in which cyber thieves accessed the names, birth dates, social security numbers, addresses and member IDs of up to 80 million current and former policy holders. Anthem’s President and CEO, Joseph R. Swedish, in a letter to its current and former members said that through its initial analysis of the breach “there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised.” Nevertheless, the impact of this breach is significant. Read more…

Disrupters: Flying in the face of regulations and risks

The shared economy continues to expand – from home rentals and personal drivers, to babysitting and cleaning jobs – this new breed of businesses are popping up all over, allowing customers to make simple online arrangements with service providers for a myriad of tasks. The premise behind the shared economy takes established business models and turns them on their head, and thanks to their unconventionality, these companies are “disrupting” major markets by luring consumers away from the more traditional forms of the same service. Entrepreneurs are launching their online companies via an app that can promise faster, cheaper and more accessible services, all while quietly avoiding many of the cumbersome insurance and regulatory laws that govern their traditional counterparts. Read more…

Startup liability: Marketplace economy companies face unique risks

Throughout the past year, I have helped place insurance programs for a number of “Peer- to-Peer” or “Marketplace Economy” companies – more appropriately called Technology Enabled Service Marketplace (TESM) companies. The insurance exposures that have accompanied this industry are vast, varied and complex, from Workers Compensation to Crime and Professional Liability. General Liability, however, remains the most common exposure for these companies, due to the numerous types of “jobs” they perform and specifically where those jobs are performed. Read more…

Target data breach: the cost increases as investigation continues

In the weeks following the Target data breach, we continue to learn of new exposures that may be falling on deaf ears. As a nation, we have become rather desensitized to the influx of data breaches. The number of large-scale security breaches has grown so steadily over the last several years that we are all starting to dismiss these events as “yet another breach”. But the Target case reminds us that risks change continuously, and that we  ignore emerging risks at our businesses’ peril.We need to stay attuned to the risks that this data breach presented and to make sure that we ask questions and vigilantly review risk management practices.

Recent reports indicate that the data breach impacted over 100 million records, involved over 40 million credit and debit card numbers, and personal data from over 70 million customers. It’s also Read more…