This week on the blog, we've discussed the difficulties IT professionals have with data security laws: they don't know which data security laws (if any) they need to follow and they don't know how strictly authorities will enforce them. (For more on that, check out our post, “CDD Complaint Suggests We're in the ‘Wild West’ Stage of Digital Privacy.”)
What makes things worse? The data breach laws are often vague and can change depending on where your business is located. Most states have their own laws, which means that depending on where you (or your clients) operate, you could have to follow different protocol when reporting a breach. And now there's another wrinkle.
The Federal Trade Commission has begun to step in after data breaches by sending its personnel to supervise the breached company's IT department, according to a Wall Street Journal report.
Imagine working with the FTC looking over your shoulder. That's exactly what's happening to 40 companies that have been victims of a data breach.
There’s no doubt one of the reasons that the FTC has been taking on this authority is that there's no federal law regulating data security and breaches. But here's the thing. Such a law would be impossible. Here's why…
Why Data Breach Laws Are a Problem for IT Companies
When it comes to data security laws, you see the same problem over and over: laws can't mandate a protocol that will guarantee an IT security professional took proper steps to protect their clients. IT just doesn't work like that. Any law passed by Congress would be obsolete before the ink dried. In reality, IT consultants need to be able to…
- Adapt. Constantly adopt new technology and upgrade tools.
- Predict. Find the best strategies to defend against the latest attacks.
- React. Take the necessary steps to contain the breach.
Laws simply can't keep up with the work you do.
Practically speaking, this means that you're always going to be exposed to more IT liability. You won't be able to fulfill a few simple legal obligations and be protected from data breaches, identity theft, and lawsuits. That'll never happen. The burden will always be on you to be ahead of the hackers.
What FTC Oversight Could Mean for Your Client's Reputation
Imagine this: your client was hacked and now staff from the FTC is monitoring your client's IT. How do you think your client's customers are going to feel about a company that is on data security probation? It's not going to be pretty.
After a company has been hacked, there's a stigma. In our post, "Survey: Consumers Find Data Breaches Only Slightly Better than Oil Spills," we reported on the damage that a data breach does to a company's reputation. It's devastating.
Surveyed consumers found breaches to be the third worst thing for a client's reputation. Only poor customer service and an environmental disaster were worse.
A data breach will look even worse if it means that government regulators have to watch over your client's tech staff to make sure they're doing their job.
Unfortunately, IT consultants like you can be sued for damages to a client's reputation as well as other direct and indirect costs of a data breach. How do you protect your business?
Insurance for IT Lawsuits: Professional Liability Insurance
Professional Liability Insurance (also called E&O) covers lawsuits over…
- Data breaches.
- Damages to a client's sales / reputation because of a data breach.
- Missed deadlines.
- Failed IT solutions.
Imagine this scenario: a client's data is hacked. Per state law, they have to report the breach to the attorney general. Your local newspaper picks up the story, and pretty soon, the client has to give interviews about the breach and what they're doing to repair it and secure their customer's data.
A breach like this could do tens of thousands of dollars in damages to the client's reputation. Because there are no laws that protect your liability, the client files a costly lawsuit against your business.
If you have Professional Liability Insurance, your policy can cover the cost of the lawsuit (lawyer fees, court expenses, etc.) and the damages the judge rules you owe the client.
To learn more about protecting your data breach liability, contact a TechInsurance agent at 800-668-7020, or submit an online insurance application for free quotes.